ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver iscsi security create

    Create an iSCSI authentication configuration for an initiator

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command configures the security method for an iSCSI initiator on a Vserver. The outbound CHAP password and user name are optional. If you want mutual authentication, you need to configure both inbound and outbound CHAP passwords and user names.

    You cannot use the same password for inbound and outbound settings.

    Parameters

    -vserver <Vserver Name> - Vserver

    Specifies the Vserver.

    -i, -initiator-name <text> - Initiator Name

    Specifies the initiator that you want to create a security method for. You can use either an iqn such as iqn.1995-08.com.example:string or eui such as eui.0123456789abcdef for the initiator.

    -s, -auth-type {CHAP|deny|none} - Authentication Type

    Specifies the authentication type:

    • CHAP - Authenticates using a CHAP user name and password.

    • none - The initiator can access the Vserver without authentication.

    • deny - The initiator cannot access the Vserver.

    [-n, -user-name <text>] - Inbound CHAP User Name

    Specifies the inbound CHAP user name. CHAP user names can be one to 128 bytes. A null user name is not allowed. If provided, you will be prompted to provide the corresponding inbound CHAP password.

    [-m, -outbound-user-name <text>] - Outbound CHAP User Name

    Specifies the outbound CHAP user name. CHAP user names can be one to 128 bytes. If provided, you will be prompted to enter the corresponding outbound CHAP password.

    [-initiator-address-ranges {<ipaddr>|<ipaddr>-<ipaddr>}] - Initiator IP Address Ranges

    Specifies one or more initiator source IP address ranges. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

    An example of a valid IPv4 address range is: '192.168.1.100-192.168.1.150'.

    An example of a valid IPv6 address range is: '2001:db8::1000:1-2001:db8::1000:50'.

    Examples

    cluster1::> vserver iscsi security create -initiator
    eui.0123456789abcdef -auth-type CHAP -user-name bob -outbound-user-name bob2
    
    Password: {enter password}
    
    Outbound Password: {enter password}

    Creates authentication method chap for initiator eui.0123456789abcdef with inbound and outbound usernames and passwords.

    cluster1::> vserver iscsi security create -vserver vs_1
    -initiator-name iqn.1995-08.com.example:e3f87c7cf2e4 -auth-type none
    -initiator-address-ranges 192.168.1.1-192.168.1.255

    Creates authentication method for initiator iqn.1993-08.com.example:01:e3f87c7cf2e4 with IP address validation only.

    Top of Page