Description |
This article describes how to configure FortiSwitch with TACACS+ with a FortiSwitch as a standalone. |
Scope | FortiSwitch. |
Solution |
TACACS+ is a solution to use device management, this protocol can provide user authentication, and the intention is to secure the network devices with a centralized system, TACACS+ uses TCP port 49. In this example, a FortiSwitch will be configured on Standalone mode, the TACACS+ Server is a KVM Forti Authenticator hosted on Ubuntu Server machine.
FortiSwitch # config user tacacs+ end
FortiSwitch (group) # edit TACACS_Group set group-type firewall
FortiSwitch # config system admin edit "userswitch"
Now let's configure our KVM Forti Authenticator as TACAC+ Server, it is considered that Switch and TACACS+ are under the same segment:
Select the Username format:
Select the Authentication factor:
Finish the configuration policy Update and exit:
Let's test the configuration, go to the FortiSwitch, and check that it is logged as an admin account:
FortiSwitch # diagnose test authserver tacacs+ FAC-TACACS rgreen3 fortinet
Let´s log out from the admin account and use the rgreen3 user instead:
Under FortiAuthenticator TACACS+ Server, the user is authenticated correctly:
10.10.70.4 pap login for 'rgreen3~10.10.70.4' (realm: radiusRealm) (realm: radiusRealm) succeeded |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.