HP Virtual Connect for c-Class BladeSystem Version 4.01 User Guide
Table Of Contents
- HP Virtual Connect for c-Class BladeSystem Version 4.01 User Guide
- Abstract
- Notice
- Contents
- Introduction
- HP Virtual Connect Manager
- Virtual Connect domains
- Understanding Virtual Connect domains
- Managing domains
- Managing SNMP
- Viewing the system log
- Managing SSL configuration
- HP BladeSystem c-Class enclosures
- Virtual Connect users and roles
- Understanding VC administrative roles
- Managing users
- Local Users screen
- Configuring LDAP, RADIUS, and TACACS+
- Minimum requirements
- LDAP Server Settings (LDAP Server) screen
- LDAP Server Settings (LDAP Groups) screen
- LDAP Server Settings (LDAP Certificate) screen
- RADIUS Settings (RADIUS Server) screen
- RADIUS Settings (RADIUS Groups) screen
- TACACS+ Settings screen
- Role Management (Role Authentication Order) screen
- Role Management (Role Operations) screen
- Virtual Connect networks
- Understanding networks and shared uplink sets
- Managing networks
- Network Access Groups screen
- Define Network Access Group screen
- Ethernet Settings (Port Monitoring) screen
- Ethernet Settings (Advanced Settings) screen
- Quality of Service
- IGMP Settings (IGMP Configuration) screen
- IGMP Settings (Multicast Filter Set) screen
- Define Ethernet Network screen
- Ethernet Networks (External Connections) screen
- Ethernet Networks (Server Connections) screen
- Managing shared uplink sets
- Virtual Connect fabrics
- Virtual Connect server profiles
- Understanding server profiles
- Managing MAC, WWN, and server virtual ID settings
- Managing server profiles
- Define Server Profile screen
- Creating FCoE HBA connections for a BL890c i4
- Limited Ethernet connections when using HP Virtual Connect Flex-10/10D modules
- Creating iSCSI connections
- Flex-10 iSCSI connections
- Define Server Profile screen (multiple enclosures)
- Multiple network connections for a server port
- Defining server VLAN mappings
- Fibre Channel boot parameters
- Server Profiles screen
- Edit Server Profile screen
- Assigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade
- Unassigning a server profile with FCoE connections to an HP ProLiant BL680c G7 Server Blade and deleting the SAN fabric
- General requirements for adding FC or FCoE connections
- Define Server Profile screen
- Virtual Connect and Insight Control Server Deployment
- Virtual Connect modules
- Firmware updates
- Stacking Links screen
- Throughput Statistics screen
- Enclosure Information screen
- Enclosure Status screen
- Interconnect Bays Status and Summary screen
- Causes for INCOMPATIBLE status
- Ethernet Bay Summary (General Information) screen
- Ethernet Bay Summary (Uplink Port Information) screen
- Ethernet Bay Summary (Server Port Information) screen
- Ethernet Bay Summary (MAC Address Table) screen
- Ethernet Bay Summary (IGMP Multicast Groups) screen
- Ethernet Bay Summary (Name Server) screen
- Ethernet Port Detailed Statistics screen
- FC Port Detailed Statistics screen
- FC Bay Summary screen
- Interconnect Bay Overall Status icon definitions
- Interconnect Bay OA Reported Status icon definitions
- Interconnect Bay VC Status icon definitions
- Interconnect Bay OA Communication Status icon definitions
- Server Bays Summary screen
- Server Bay Status screen
- Port status conditions
- Interconnect module removal and replacement
- Virtual Connect modules
- Upgrading to an HP Virtual Connect 8Gb 24-Port FC Module
- Upgrading to an HP Virtual Connect 8Gb 20-Port FC Module
- Upgrading or removing an HP Virtual Connect Flex-10, HP Virtual Connect FlexFabric, or HP Virtual Connect Flex-10/10D module
- Upgrading to an HP Virtual Connect FlexFabric module from a VC-FC module
- Onboard Administrator modules
- Maintenance and troubleshooting
- Appendix: Using Virtual Connect with nPartitions
- Support and other resources
- Acronyms and abbreviations
- Documentation feedback
- Index
Virtual Connect users and roles 80
To remove a secondary server, select the Add/Remove Secondary Server checkbox to display the Secondary
Server Parameters, clear the fields, and then click Apply.
Required TACACS+ server settings
The following TACACS+ server settings must be configured on VC to enable TACACS+-based
authentication:
• Enable or disable flag
• TACACS+ server IP address
• Server SSL port number—the default (well-known) value for TACACS+ authentication is 49.
• Shared secret server key—this is a plain text key that must be configured both on VC and on the server.
Both keys should match. The length of the secret key can vary from 1 to 128 characters.
• Timeout—the time in seconds by which a server response must be received, before any retry for a new
request is made. The valid range of values is from 1 to 65535 seconds.
Setting up a TACACS+ server
The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.
1. Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery
ftp site (ftp://ftp.shrubbery.net/pub/tac_plus).
2. Add the shared-secret key for VC, a list of users, their passwords and member groups (can be
recursive), the VCM roles to be authorized for each user or group, in the server configuration file
/etc/tac_plus.conf. For example:
# set the secret key for client
host = 10.10.10.113 {
key = tac!@123 <------- Secret-key for 10.10.10.113
}
# users accounts
user = tacuser {
login = cleartext "password"
member = testgroup <------- Member of group "testgroup"
}
# groups
group = testgroup {
member = ALL_STAFF
service = hp-vc-mgmt { <------- Service for
role-authorization
autocmd = network <------- Authorize privilege "network"
autocmd = domain <------- Authorize privilege "domain"
}
}