HP Virtual Connect for c-Class BladeSystem Version 4.01 User Guide
Table Of Contents
- HP Virtual Connect for c-Class BladeSystem Version 4.01 User Guide
- Abstract
- Notice
- Contents
- Introduction
- HP Virtual Connect Manager
- Virtual Connect domains
- Understanding Virtual Connect domains
- Managing domains
- Managing SNMP
- Viewing the system log
- Managing SSL configuration
- HP BladeSystem c-Class enclosures
- Virtual Connect users and roles
- Understanding VC administrative roles
- Managing users
- Local Users screen
- Configuring LDAP, RADIUS, and TACACS+
- Minimum requirements
- LDAP Server Settings (LDAP Server) screen
- LDAP Server Settings (LDAP Groups) screen
- LDAP Server Settings (LDAP Certificate) screen
- RADIUS Settings (RADIUS Server) screen
- RADIUS Settings (RADIUS Groups) screen
- TACACS+ Settings screen
- Role Management (Role Authentication Order) screen
- Role Management (Role Operations) screen
- Virtual Connect networks
- Understanding networks and shared uplink sets
- Managing networks
- Network Access Groups screen
- Define Network Access Group screen
- Ethernet Settings (Port Monitoring) screen
- Ethernet Settings (Advanced Settings) screen
- Quality of Service
- IGMP Settings (IGMP Configuration) screen
- IGMP Settings (Multicast Filter Set) screen
- Define Ethernet Network screen
- Ethernet Networks (External Connections) screen
- Ethernet Networks (Server Connections) screen
- Managing shared uplink sets
- Virtual Connect fabrics
- Virtual Connect server profiles
- Understanding server profiles
- Managing MAC, WWN, and server virtual ID settings
- Managing server profiles
- Define Server Profile screen
- Creating FCoE HBA connections for a BL890c i4
- Limited Ethernet connections when using HP Virtual Connect Flex-10/10D modules
- Creating iSCSI connections
- Flex-10 iSCSI connections
- Define Server Profile screen (multiple enclosures)
- Multiple network connections for a server port
- Defining server VLAN mappings
- Fibre Channel boot parameters
- Server Profiles screen
- Edit Server Profile screen
- Assigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade
- Unassigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade and deleting the SAN fabric
- General requirements for adding FC or FCoE connections
- Define Server Profile screen
- Virtual Connect and Insight Control Server Deployment
- Virtual Connect modules
- Firmware updates
- Stacking Links screen
- Throughput Statistics screen
- Enclosure Information screen
- Enclosure Status screen
- Interconnect Bays Status and Summary screen
- Causes for INCOMPATIBLE status
- Ethernet Bay Summary (General Information) screen
- Ethernet Bay Summary (Uplink Port Information) screen
- Ethernet Bay Summary (Server Port Information) screen
- Ethernet Bay Summary (MAC Address Table) screen
- Ethernet Bay Summary (IGMP Multicast Groups) screen
- Ethernet Bay Summary (Name Server) screen
- Ethernet Port Detailed Statistics screen
- FC Port Detailed Statistics screen
- FC Bay Summary screen
- Interconnect Bay Overall Status icon definitions
- Interconnect Bay OA Reported Status icon definitions
- Interconnect Bay VC Status icon definitions
- Interconnect Bay OA Communication Status icon definitions
- Server Bays Summary screen
- Server Bay Status screen
- Port status conditions
- Interconnect module removal and replacement
- Virtual Connect modules
- Upgrading to an HP Virtual Connect 8Gb 24-Port FC Module
- Upgrading to an HP Virtual Connect 8Gb 20-Port FC Module
- Upgrading or removing an HP Virtual Connect Flex-10, HP Virtual Connect FlexFabric, or HP Virtual Connect Flex-10/10D module
- Upgrading to an HP Virtual Connect FlexFabric module from a VC-FC module
- Onboard Administrator modules
- Maintenance and troubleshooting
- Appendix: Using Virtual Connect with nPartitions
- Support and other resources
- Acronyms and abbreviations
- Documentation feedback
- Index
Virtual Connect users and roles 75
Field Description
Add/Remove Secondary
Server
Select to add or remove a secondary RADIUS server.
To add a secondary server, select the Add/Remove Secondary Server checkbox to display the Secondary
Server Parameters, complete the fields as described in the table above, and then click Apply. The secondary
server is queried only if the primary server is down or the request to the primary server times out.
To remove a secondary server, clear the Add/Remove Secondary Server checkbox, and then click Apply.
Required RADIUS server settings
The following RADIUS server settings must be configured on VC to enable RADIUS-based authentication:
• Enable or disable flag
• Server Address
• Server SSL port—the default (well-known) value for RADIUS authentication is 1812.
• Server Timeout—the time in seconds by which a server response needs to be received before any retry
for a new request is made. The valid range of values is from 1 to 65535 seconds.
• Server Key—this is a plaintext key that must be configured both on VC and on the server. Both keys
should match. The length of the secret key can vary from 1 to 128 characters.
IMPORTANT: If the same username is used in multiple groups, the HP-VC-Groups attribute must
be the last attribute that is defined.
Setting up a RADIUS server
The following procedure provides an example of setting up a RADIUS server on an external host running
Linux:
1. Download and install the latest version of the open-source FreeRadius server from the FreeRadius
website (http://freeradius.org/download.html).
2. Add the user entry to the file freeradius-server-2.1.9/raddb/users:
<username> Cleartext-Password := "<password>"
Service-Type = Login-User,
HP-VC-groups = <groupname>
o "Cleartext-Password" is used to define the password.
o "Service-Type" must be always set to "Login-User".
o "HP-VC-Groups" is a HP-specific attribute used to define the group(s) that a user belongs to.
Be sure that the username does not conflict with any of the local user accounts configured on the RADIUS
server host. Otherwise, the RADIUS server will use UNIX-based authentication to look up the local
/etc/passwd file. The server will not look up freeradius-server-2.1.9/raddb/users.
3. Add the client entry to the file freeradius-server-2.1.9/raddb/clients.conf:
client <hostname/IP> {
ipaddr = <IP address>
secret = <plain-text secret>
require_message_authenticator = no