Fortinet black logo

Administration Guide

TACACS+ server

Copy Link
Copy Doc ID 962fb21b-9bd3-11eb-b70b-00505692583a:296919
Download PDF

TACACS+ server

TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices using one or more centralized servers. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies the user access to the network.

TACACS+ offers fully encrypted packet bodies and supports both IP and AppleTalk protocols. TACACS+ uses TCP port 49, which is seen as more reliable than RADIUS’s UDP protocol.

To configure TACACS+ authentication using the GUI:
  1. Go to System > Authentication > TACACS and select Add Server.


  2. Enter the following information and select Add.

Field

Description

Name

Enter a name to identify the TACACS server on the FortiSwitch unit.

Server Address

Enter the domain name (such as fgt.example.com) or the IP address of the TACACS server.

Server Key

Enter the server key for the TACACS server.

Authentication Type

Select the authentication type to use for the TACACS+ server. Auto tries PAP, MSCHAP, and CHAP (in that order).

To configure the FortiSwitch unit for TACACS+ authentication, see TACACS.

TACACS+ server

TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices using one or more centralized servers. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies the user access to the network.

TACACS+ offers fully encrypted packet bodies and supports both IP and AppleTalk protocols. TACACS+ uses TCP port 49, which is seen as more reliable than RADIUS’s UDP protocol.

To configure TACACS+ authentication using the GUI:
  1. Go to System > Authentication > TACACS and select Add Server.


  2. Enter the following information and select Add.

Field

Description

Name

Enter a name to identify the TACACS server on the FortiSwitch unit.

Server Address

Enter the domain name (such as fgt.example.com) or the IP address of the TACACS server.

Server Key

Enter the server key for the TACACS server.

Authentication Type

Select the authentication type to use for the TACACS+ server. Auto tries PAP, MSCHAP, and CHAP (in that order).

To configure the FortiSwitch unit for TACACS+ authentication, see TACACS.