Required tacacs+ server settings, Setting up an ipv4-only tacacs+ server – HP Virtual Connect 8Gb 20-port Fibre Channel Module for c-Class BladeSystem User Manual

Page 80

Virtual Connect users and roles 80

Field

Description

Server Timeout

The time in seconds that VCM should wait before timing out the request. If the request

to the primary server times out and a secondary server is configured, VCM attempts the

request on the secondary server. If the secondary server times out, the request fails. The

valid range of values is from 1 to 600 seconds. The default timeout is 10 seconds.

Server Key

A string to be used for encrypting user details. This is a shared secret text string that

must match between VCM and the TACACS+ server. The secret-key is a plain text string

of 1 to 128 characters.

Add/Remove
Secondary Server

Select to add or remove a secondary TACACS+ server.

To add a secondary server, select the Add/Remove Secondary Server check box to display the Secondary
Server Parameters, complete the fields as described in the table above, and then click Apply. The secondary

server is queried only if the primary server is down or the request to the primary server times out.
To remove a secondary server, select the Add/Remove Secondary Server check box to display the

Secondary Server Parameters, clear the fields, and then click Apply.

Required TACACS+ server settings

The following TACACS+ server settings must be configured on VC to enable TACACS+-based

authentication:

•

Enable or disable flag

•

TACACS+ server IP address

•

Server SSL port number—the default (well-known) value for TACACS+ authentication is 49.

•

Shared secret server key—this is a plain text key that must be configured both on VC and on the server.
Both keys should match. The length of the secret key can vary from 1 to 128 characters.

•

Timeout—the time in seconds by which a server response must be received, before any retry for a new
request is made. The valid range of values is from 1 to 65535 seconds.

Setting up an IPv4-only TACACS+ server

The following procedure provides an example of setting up a TACACS+ server on an external host running
Linux.

Download and install the latest version of the open-source Cisco TACACS+ server from the shrubbery
ftp site (

ftp://ftp.shrubbery.net/pub/tac_plus

Add the shared-secret key for VC, a list of users, their passwords and member groups (can be
recursive), and the VCM roles to be authorized for each user or group in the server configuration file
/etc/tac_plus.conf. For example:

# set the secret key for client
host = 10.10.10.113 {
key = tac!@123 <------- Secret-key for 10.10.10.113
}

# users accounts
user = tacuser {
login = cleartext "password"

This manual is related to the following products:

Virtual Connect FlexFabric 10Gb24-port Module for c-Class BladeSystem Virtual Connect Flex-10 10Gb Ethernet Module for c-Class BladeSystem Virtual Connect 4Gb Fibre Channel Module for c-Class BladeSystem Virtual Connect FlexFabric-20.40 F8 Module for c-Class BladeSystem Virtual Connect Flex-10.10D Module for c-Class BladeSystem Virtual Connect 8Gb 24-port Fibre Channel Module for c-Class BladeSystem