Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 6.4.6 Administration Guide
    6.4.6
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    TACACS

    TACACS

    This chapter contains information on using Terminal Access Controller Access-Control System (TACACS+) authentication with your FortiSwitch unit.

    This chapter covers the following topics:

    Administrative accounts

    Administrative, or admin, accounts allow access to various aspects of the FortiSwitch configuration. The level of access is determined by the admin profile that is assigned to the admin account.

    See Configuring administrator tasks for the steps to create an admin profile.

    Configuring a TACACS admin account

    TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other network computing devices using one or more centralized servers. If you have configured TACACS+ support and an administrator is required to authenticate using a TACACS+ server, the FortiSwitch unit contacts the TACACS+ server for authentication.

    Using the GUI:
    1. Go to System > Admin > Administrators and select Add Administrator.
    2. Give the administrator account an appropriate name.
    3. Select Remote for the administrator type.
    4. Select a user group for remote users.
    5. Enable Wildcard.
    6. Select an administrator profile.
    7. Select Add.
    Using the CLI:

    config system admin

    edit tacuser

    set remote-auth enable

    set wildcard enable

    set remote-group <group>

    set accprofile <profile>

    end

    end

    User accounts

    User accounts identify a network user and determine what parts of the network the user is allowed to access.

    Configuring a user account

    config user tacacs+

    edit <tacserver>

    set authen-type {ascii | auto | chap | ms_chap | pap}

    set authorization enable

    set key <authorization_key>

    set server <server>

    end

    end

    Configuring a user group

    config user group

    edit <tacgroup>

    set member <tacserver>

    config match

    edit 1

    set server-name <server>

    set group-name <group>

    end

    end

    end

    end

    Example configuration

    The following is an example configuration of a TACACS+ user account, with the CLI syntax shown to create it:

    1. Configuring a TACACS user account for login authentication:

      config user tacacs+

      edit tacserver

      set authen-type ascii

      set authorization enable

      set key temporary

      set server tacacs_server

      end

    2. Configuring a TACACS+user group:

      config user group

      edit tacgroup

      set member tacserver

      config match

      edit 1

      set server-name tacserver

      set group-name tacgroup

      end

      end

      end

      end

    3. Configuring a TACACS+ system admin user account:

      config system admin

      edit tacuser

      set remote-auth enable

      set wildcard enable

      set remote-group tacgroup

      set accprofile noaccess

      end

      end

    Previous
    Next

    TACACS

    TACACS

    This chapter contains information on using Terminal Access Controller Access-Control System (TACACS+) authentication with your FortiSwitch unit.

    This chapter covers the following topics:

    Administrative accounts

    Administrative, or admin, accounts allow access to various aspects of the FortiSwitch configuration. The level of access is determined by the admin profile that is assigned to the admin account.

    See Configuring administrator tasks for the steps to create an admin profile.

    Configuring a TACACS admin account

    TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other network computing devices using one or more centralized servers. If you have configured TACACS+ support and an administrator is required to authenticate using a TACACS+ server, the FortiSwitch unit contacts the TACACS+ server for authentication.

    Using the GUI:
    1. Go to System > Admin > Administrators and select Add Administrator.
    2. Give the administrator account an appropriate name.
    3. Select Remote for the administrator type.
    4. Select a user group for remote users.
    5. Enable Wildcard.
    6. Select an administrator profile.
    7. Select Add.
    Using the CLI:

    config system admin

    edit tacuser

    set remote-auth enable

    set wildcard enable

    set remote-group <group>

    set accprofile <profile>

    end

    end

    User accounts

    User accounts identify a network user and determine what parts of the network the user is allowed to access.

    Configuring a user account

    config user tacacs+

    edit <tacserver>

    set authen-type {ascii | auto | chap | ms_chap | pap}

    set authorization enable

    set key <authorization_key>

    set server <server>

    end

    end

    Configuring a user group

    config user group

    edit <tacgroup>

    set member <tacserver>

    config match

    edit 1

    set server-name <server>

    set group-name <group>

    end

    end

    end

    end

    Example configuration

    The following is an example configuration of a TACACS+ user account, with the CLI syntax shown to create it:

    1. Configuring a TACACS user account for login authentication:

      config user tacacs+

      edit tacserver

      set authen-type ascii

      set authorization enable

      set key temporary

      set server tacacs_server

      end

    2. Configuring a TACACS+user group:

      config user group

      edit tacgroup

      set member tacserver

      config match

      edit 1

      set server-name tacserver

      set group-name tacgroup

      end

      end

      end

      end

    3. Configuring a TACACS+ system admin user account:

      config system admin

      edit tacuser

      set remote-auth enable

      set wildcard enable

      set remote-group tacgroup

      set accprofile noaccess

      end

      end

    Previous
    Next