ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • system service-processor ssh remove-allowed-addresses

    Remove IP addresses from the list that is allowed to access the Service Processor

    Availability: This command is available to cluster administrators at the admin privilege level.

    Description

    The system service-processor ssh remove-allowed-addresses command blocks the specified IP address from accessing the Service Processor. If all IP addresses are removed from the access list, then the Service Processor is not accessible from any IP address.

    Parameters

    -allowed-addresses <IP Address/Mask>,…​ - Public IP Addresses

    Use this parameter to specify one or more IP addresses with corresponding netmasks. The value should be specified in the format of address/netmask, for example, 10.98.150.10/24, fd20:8b1e:b255:c09b::/64. Use commas to separate multiple address/netmask pairs.

    Examples

    The following example prevents the specified IP addresses from accessing the Service Processor. It also displays the list of public IP addresses that are allowed to access the Service Processor.

    cluster1::> system service-processor ssh show
      Allowed Addresses: 192.168.1.202/24, 192.168.10.201/24
    
    cluster1::> system service-processor ssh remove-allowed-addresses -allowed-addresses 192.168.1.202/24, 192.168.10.201/24
    
    Warning: If all IP addresses are removed from the allowed address list, all IP
             addresses will be denied access. To restore the "allow all" default,
             use the "system service-processor ssh add-allowed-addresses
             -allowed-addresses 0.0.0.0/0, ::/0" command. Do you want to continue?
              {y|n}: y
    
    cluster1::> system service-processor ssh show
       Allowed Addresses: -
    
    cluster1::>
    Top of Page