ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • vserver iscsi security show

    Show the current iSCSI authentication configuration

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command displays the default authentication and all initiator-specific authentication information. Data ONTAP authentication overrides all other service authentication methods.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-address-masks ]

    Display the list of IP Address ranges in CIDR notation that each initiator is allowed to originate from. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

    | [-address-ranges ]

    Display the list of IP Address ranges that each initiator is allowed to originate from. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-vserver <Vserver Name>] - Vserver

    Use this parameter to display authentication information that matches the Vserver name that you specify.

    [-i, -initiator-name <text>] - Initiator Name

    Use this parameter to display authentication information that matches the initiator that you specify.

    [-s, -auth-type {CHAP|deny|none}] - Authentication Type

    Use this parameter to display authentication information that matches the authentication type that you specify.

    [-n, -user-name <text>] - Inbound CHAP User Name

    Use this parameter to display authentication information that matches the inbound CHAP user name that you specify.

    [-m, -outbound-user-name <text>] - Outbound CHAP User Name

    Use this parameter to display authentication information that matches the outbound CHAP user name that you specify.

    [-auth-chap-policy <local>] - Authentication CHAP Policy

    Use this parameter to display authentication information that matches the authentication CHAP policy that you specify.

    [-initiator-address-ranges {<ipaddr>|<ipaddr>-<ipaddr>}] - Initiator IP Address Ranges

    Use this parameter to display authentication information that matches the initiator address range that you specify. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

    An example of a valid IPv4 address range is: '192.168.1.100-192.168.1.150'.

    An example of a valid IPv6 address range is: '2001:db8::1000:1-2001:db8::1000:50'.

    [-initiator-address-masks <IP Address/Mask>,…​] - Initiator IP Address Masks

    Use this parameter to display authentication information that matches the initiator address masks that you specify. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

    An example of a valid IPv4 address range in CIDR notation is: 192.168.1.3/32.

    An example of a valid IPv6 address range in CIDR notation is: 2001:db8::1000:1/128.

    Examples

    cluster1::> vserver iscsi security show -vserver vs1
                                      Auth   Auth CHAP Inbound CHAP  Outbound CHAP
    Vserver    Initiator Name         Type   Policy    User Name     User Name
    ---------- ---------------------- ------ --------- ------------- -------------
    vs1       default                none   -         -             -
              iqn.2010-12.com.example:abcdefg
                                      CHAP   local     bob           bob2
    2 entries were displayed.

    Displays the authentication information for Vserver vs1.

    cluster1::> vserver iscsi security show -address-ranges -vserver vs1
    
    Vserver    Initiator Name         Initiator Address Ranges
    ---------- ---------------------- --------------------------------------------
    vs1        iqn.2010-12.com.example:abcdefg
               iqn.2010-12.com.example:hijklmn
                                      192.168.1.100-192.168.1.150
                                      2001:db8::1000:1-2001:db8::1000:50
    
    2 entries were displayed.

    Displays the initiator and their valid address ranges for Vserver vs1.

    cluster1::> vserver iscsi security show -address-masks -vserver vs1
    
    Vserver    Initiator Name         Initiator Address Ranges
    ---------- ---------------------- --------------------------------------------
    vs1        iqn.2010-12.com.example:abcdefg
         iqn.2010-12.com.example:hijklmn
              192.168.1.100/30
              192.168.1.104/29
              192.168.1.112/28
              192.168.1.128/28
              192.168.1.144/30
              192.168.1.148/31
              192.168.1.150/32
              2001:db8::1000:1/128
              2001:db8::1000:2/127
              2001:db8::1000:4/126
              2001:db8::1000:8/125
              2001:db8::1000:10/124
              2001:db8::1000:20/123
              2001:db8::1000:40/124
              2001:db8::1000:50/128
    2 entries were displayed.

    Displays the initiator and their valid address ranges for Vserver vs1.

    Top of Page