User TACACS+
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 661
http://docs.fortinet.com/ • Feedback
TACACS+
In recent years, remote network access has shifted from terminal access to LAN access.
Users connect to their corporate network (using notebooks or home PCs) with computers
that use complete network connections and have the same level of access to the
corporate network resources as if they were physically in the office. These connections
are made through a remote access server. As remote access technology has evolved, the
need for network access security has become increasingly important.
Terminal Access Controller Access-Control System (TACACS+) is a remote
authentication protocol that provides access control for routers, network access servers,
and other networked computing devices via one or more centralized servers. TACACS+
allows a client to accept a user name and password and send a query to a TACACS+
authentication server. The server host determines whether to accept or deny the request
and sends a response back that allows or denies network access to the user. The default
TCP port for a TACACS+ server is 49.
To view the list of TACACS+ servers, go to User > Remote > TACACS+.
Figure 409: Example TACACS+ server list
Configuring TACACS+ servers
There are several different authentication protocols that TACACS+ can use during the
authentication process:
• ASCII
Machine-independent technique that uses representations of English characters.
Requires user to type a user name and password that are sent in clear text
(unencrypted) and matched with an entry in the user database stored in ASCII format.
• PAP (password authentication protocol)
Used to authenticate PPP connections. Transmits passwords and other user
information in clear text.
• CHAP (challenge-handshake authentication protocol)
Provides the same functionality as PAP, but more secure as it does not send the
password and other user information over the network to the security server.
Create New Add a new TACACS+ server. The maximum number is 10.
Server The server domain name or IP address of the TACACS+ server.
Authentication Type The supported authentication method. TACACS+ authentication methods
include: Auto, ASCII, PAP, CHAP, and MSCHAP.
Delete icon Delete this TACACS+ server.
Edit icon Edit this TACACS+ server.
To Next Page
Loading...
Need help?
General
