Manualshelf

User guide

ManualsBrandsServer ManualsConsumer electronicsQOS 8-Bay
71727374757677787980
Virtual Connect users and roles 80
Required TACACS+ server settings
The following TACACS+ server settings must be configured on VC to enable TACACS+-based
authentication:
Enable or disable flag
TACACS+ server IP address
Server SSL port numberthe default (well-known) value for TACACS+ authentication is 49.
Shared secret server keythis is a plain text key that must be configured both on VC and on the server.
Both keys should match. The length of the secret key can vary from 1 to 128 characters.
Timeoutthe time in seconds by which a server response must be received, before any retry for a new
request is made. The valid range of values is from 1 to 65535 seconds.
Setting up an IPv4-only TACACS+ server
The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.
1. Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery
ftp site (ftp://ftp.shrubbery.net/pub/tac_plus).
2. Add the shared-secret key for VC, a list of users, their passwords and member groups (can be
recursive), and the VCM roles to be authorized for each user or group in the server configuration file
/etc/tac_plus.conf. For example:
# set the secret key for client
host = 10.10.10.113 {
key = tac!@123 <------- Secret-key for 10.10.10.113
}
# users accounts
user = tacuser {
login = cleartext "password"
member = testgroup <------- Member of group "testgroup"
}
# groups
group = testgroup1 {
member = ALL_STAFF
service = hp-vc-mgmt { <------- Service for
role-authorization
autocmd = network <------- Authorize privilege "network"
autocmd = domain <------- Authorize privilege "domain"
}
}
group = testgroup2 {
member = ALL_STAFF
service = hp-vc-mgmt {