Home » HP Manuals » Servers » HP Virtual Connect Flex-10/10D Module Enterprise Edition for BLc7000 » Manual Viewer

HP Virtual Connect Flex-10/10D Module Enterprise Edition for BLc7000 HP Virtua - Page 77

Required TACACS+ server settings, Setting up a TACACS+ server, group = ALL_STAFF

View all HP Virtual Connect Flex-10/10D Module Enterprise Edition for BLc7000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 77 highlights

Required TACACS+ server settings The following TACACS+ server settings must be configured on VC to enable TACACS+-based authentication: • Enable or disable flag • TACACS+ server IP address • TCP port number-the default (well-known) value for TACACS+ authentication is 49. • Shared secret key-this is a plain text key that must be configured both on VC and on the server. Both keys should match. The length of the secret key can vary from 1 to 128 characters. • Timeout-the time in seconds by which a server response must be received, before any retry for a new request is made. The valid range of values is from 1 to 65535 seconds. • Logging enabled or disabled flag-used to enable or disable TACACS+ command logging. Setting up a TACACS+ server The following procedure provides an example of setting up a TACACS+ server on an external host running Linux. 1. Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery ftp site (ftp://ftp.shrubbery.net/pub/tac_plus). 2. Add the shared-secret key for VC, a list of users, their passwords and member groups (can be recursive), the VCM roles to be authorized for each user or group, in the server configuration file /etc/tac_plus.conf. For example: # set the secret key for client host = 10.10.10.113 { key = tac!@123

Section	Page
HP Virtual Connect for c-Class BladeSystem Versions 3.70/3.75 User Guide	1
Abstract	1
Notice	2
Contents	3
Introduction	7
What's new	7
Virtual Connect documentation	8
Virtual Connect overview	9
HP Virtual Connect Manager	11
Configuring browser support	11
Accessing HP Virtual Connect Manager	12
Command Line Interface overview	13
Logging on to the HP Virtual Connect Manager GUI	13
VCM wizards	14
HP Virtual Connect Home	15
About HP Virtual Connect Manager	16
Navigating the HP Virtual Connect Manager GUI	16
Navigation overview	16
Tree view	16
Menu items	17
Activity indicator	18
Virtual Connect domains	20
Understanding Virtual Connect domains	20
Managing domains	21
Domain Settings (Configuration) screen	22
Deleting a domain	22
Domain Settings (IP Address) screen	23
Domain Settings (Enclosures) screen	24
Adding and importing a remote enclosure	26
Removing a remote enclosure	28
Domain Settings (Backup/Restore) screen	29
Domain Settings (Storage Management Credentials) screen	30
Adding or editing a credential	31
Managing SNMP	32
SNMP overview	32
SNMP traps	34
VC Module MIB traps	35
Trap categories and required administrative privileges	36
Trap severities	37
SNMP Configuration (VC-Enet)	37
Adding an SNMP trap destination	39
Adding SNMP access	40
SNMP Configuration (VC-FC)	41
SMI-S overview	42
Viewing the system log	43
System Log (System Log) screen	43
System Log entry format	44
System Log (Configuration) screen	46
Managing SSL configuration	47
SSL Certificate Administration (Certificate Info) screen	47
SSL Certificate Administration (Certificate Signing Request) screen	49
SSL Certificate Administration (Certificate Upload) screen	52
SSH Key Administration screen	53
Web SSL Configuration screen	54
HP BladeSystem c-Class enclosures	56
Enclosure serial numbers	56
Using multiple enclosures	56
Multiple enclosure guidelines	57
Enclosures View screen	58
Enclosures view (multiple enclosures)	59
Virtual Connect users and roles	60
Understanding VC administrative roles	60
Managing users	61
Local Users screen	62
Add new user	64
Configuring LDAP, RADIUS, and TACACS+	65
Minimum requirements	65
LDAP Server Settings (LDAP Server) screen	65
Test LDAP authentication	66
LDAP Server Settings (LDAP Groups) screen	68
Add LDAP Group	69
LDAP Server Settings (LDAP Certificate) screen	70
RADIUS Settings (RADIUS Server) screen	70
Required RADIUS server settings	72
Setting up a RADIUS server	72
Test RADIUS authentication	73
RADIUS Settings (RADIUS Groups) screen	74
Add or Edit RADIUS Group	75
TACACS+ Settings screen	75
Required TACACS+ server settings	77
Setting up a TACACS+ server	77
Test TACACS+ authentication	78
Role Authentication Order screen	78
Virtual Connect networks	80
Understanding networks and shared uplink sets	80
Shared uplink sets and VLAN tagging	80
Smart Link	81
Private Networks	81
VLAN Tunneling Support	81
Managing networks	82
Network Access Groups screen	83
Define Network Access Group screen	85
Edit Network Access Group screen	85
Ethernet Settings (Port Monitoring) screen	86
Select Monitored Ports screen	89
Ethernet Settings (Advanced Settings) screen	90
Server VLAN tagging support	91
VLAN Capacity	92
Multiple Networks Link Speed Settings	92
MAC Cache Failover	93
IGMP Snooping	93
Network loop protection	94
Configuring Throughput Statistics	95
Define Ethernet Network screen	95
Defining a network	98
Advanced Network Settings	99
Edit Ethernet Network screen	100
Ethernet Networks (External Connections) screen	102
Ethernet Networks (Server Connections) screen	103
Managing shared uplink sets	105
Define Shared Uplink Set screen	105
Defining a shared uplink set	108
Edit Shared Uplink Set screen	109
Shared Uplink Sets (External Connections) screen	111
Copy Shared Uplink Set screen	113
Shared Uplink Sets (Associated Networks) screen	114
Virtual Connect fabrics	116
Understanding FC fabrics	116
FabricAttach VC SAN fabrics	116
DirectAttach VC SAN fabrics	119
Mixed FabricAttach and DirectAttach VC SAN fabrics	122
Bay groups	123
Double-dense mode	124
Managing fabrics	124
Define SAN Fabric screen	125
Login re-distribution	127
Edit SAN Fabric screen	129
SAN Fabrics (External Connections) screen	131
SAN Fabrics (Server Connections) screen	132
Fibre Channel Settings (Misc.) screen	133
Virtual Connect server profiles	135
Understanding server profiles	135
Multi-blade servers	137
Flex-10 overview	138
Flex-10 configuration	139
FlexFabric overview	140
PXE settings	141
iSCSI offload and boot	143
iSCSI and FCoE port assignments	144
Bandwidth assignment	146
Managing MAC, WWN, and server virtual ID settings	147
Ethernet Settings (MAC Addresses) screen	147
MAC address settings	148
Fibre Channel Settings (WWN Settings) screen	149
Serial Number Settings screen	150
Advanced Profile Settings	151
WWN settings	151
Managing server profiles	152
Define Server Profile screen	152
Creating FCoE HBA connections for a BL890c i4	160
Creating iSCSI connections	161
Flex-10 iSCSI connections	162
iSCSI Boot Assistant	165
DHCP option 43	166
Define Server Profile screen (multiple enclosures)	168
Multiple network connections for a server port	168
Defining server VLAN mappings	170
Fibre Channel boot parameters	172
Server Profiles screen	173
Print Server Profile list	174
Edit Server Profile screen	174
Assigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade	180
Unassigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade and deleting the SAN fabric	187
General requirements for adding FC or FCoE connections	191
Virtual Connect and Insight Control Server Deployment	194
Virtual Connect modules	196
Firmware updates	196
Stacking Links screen	197
Throughput Statistics screen	198
Enclosure Information screen	200
Removing an enclosure	201
Enclosure Status screen	202
Interconnect Bays Status and Summary screen	203
Causes for INCOMPATIBLE status	204
Ethernet Bay Summary (General Information) screen	205
Ethernet Bay Summary (Uplink Port Information) screen	206
Ethernet Bay Summary (Server Port Information) screen	208
Ethernet Bay Summary (MAC Address Table) screen	209
Ethernet Bay Summary (IGMP Multicast Groups) screen	210
Ethernet Bay Summary (Name Server) screen	211
Ethernet Port Detailed Statistics screen	211
FC Port Detailed Statistics screen	220
FC Bay Summary screen	222
Interconnect Bay Overall Status icon definitions	224
Interconnect Bay OA Reported Status icon definitions	224
Interconnect Bay VC Status icon definitions	225
Interconnect Bay OA Communication Status icon definitions	225
Server Bays Summary screen	226
Double-dense server bay option	226
Server Bay Overall Status icon definitions	229
Server Bay OA Reported Status icon definitions	229
Server Bay VC Status icon definitions	230
Server Bay OA Communication Status icon definitions	230
Server Bay Status screen	231
Server Bay Status screen - multi-blade servers	233
Port status conditions	235
Interconnect module removal and replacement	237
Virtual Connect modules	237
Upgrading to an HP Virtual Connect 8Gb 24-Port FC Module	238
Upgrading to an HP Virtual Connect 8Gb 20-Port FC Module	238
Upgrading or removing an HP Virtual Connect Flex-10 module or HP Virtual Connect FlexFabric module	239
Upgrading to an HP Virtual Connect FlexFabric module from a VC-FC module	241
Onboard Administrator modules	241
Maintenance and troubleshooting	242
Domain Status summary	242
Status icon definitions	242
Domain Status screen	243
Export support information	244
Reset Virtual Connect Manager	245
Recovering remote enclosures	245
Server profile troubleshooting	245
Server blade power on and power off guidelines	246
Appendix: Using Virtual Connect with nPartitions	248
Understanding nPartitions	248
Assigning a VC profile to an nPar	249
Mapping profile connections	249
Reconfiguring nPars	249
Acronyms and abbreviations	251
Glossary	255
Documentation feedback	257

Match case Limit results 1 per page

Virtual Connect users and roles

Required TACACS+ server settings

The following TACACS+ server settings must be configured on VC to enable TACACS+-based

authentication:

•

Enable or disable flag

•

TACACS+ server IP address

•

TCP port number—the default (well-known) value for TACACS+ authentication is 49.

•

Shared secret key—this is a plain text key that must be configured both on VC and on the server. Both

keys should match. The length of the secret key can vary from 1 to 128 characters.

•

Timeout—the time in seconds by which a server response must be received, before any retry for a new

request is made. The valid range of values is from 1 to 65535 seconds.

•

Logging enabled or disabled flag—used to enable or disable TACACS+ command logging.

Setting up a TACACS+ server

The following procedure provides an example of setting up a TACACS+ server on an external host running

Linux.

Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery

ftp site (

ftp://ftp.shrubbery.net/pub/tac_plus

Add the shared-secret key for VC, a list of users, their passwords and member groups (can be

recursive), the VCM roles to be authorized for each user or group, in the server configuration file

/etc/tac_plus.conf

. For example:

# set the secret key for client

host = 10.10.10.113 {

key = tac!@123 <------- Secret-key for 10.10.10.113

}

# users accounts

user = tacuser {

member = testgroup <------- Member of group "testgroup"

}

# groups

group = testgroup {

member = ALL_STAFF

service = hp-vc-mgmt {

<------- Service for

role-authorization

autocmd = network <------- Authorize privilege "network"

autocmd = domain <------- Authorize privilege "domain"

}

group = ALL_STAFF {

}