Changing the Default Identity, Acl set, Acc, Pos | SANRAD V-Switch

If you are working in

aV-Switch cluster, the default access rights must be

disabled on both V- Switches.

In the event of a failover, if the default access rights are not modified on both V- Switches, all volumes attached to the target will be read-write accessible to all iSCSI initiators.

Changing the Default Identity

When a target is created, a default access control identity is automatically assigned to its position 0. The default identity allows all hosts read-write access to the target and its underlying volume(s).

If you want to specify other access rights, you must change the general read-write access. Use the CLI command acl set to modify a target’s access rights and identity position.

If you add or modify identities on a target after its volumes have been exposed, the access rights will take effect only at the next login for each iSCSI initiator. Therefore, it is recommended to modify the default access rights for a target first before creating new identities to insure that it will not inadvertently be exposed to all iSCSI initiators in the beginning.

acl set

You need to define four parameters to modify an identity:

SWITCH	PARAMETER	DEFINITION	STATUS	EXAMPLE

-ta	TARGET	ALIAS OF TARGET	MANDATORY	finance
		TO CONNECT WITH
		ACL IDNETITY
-id	IDENTITY	ACL IDENTITY	MANDATORY	DEF_ALL
-acc	ACCESS	ACCESS RIGHTS TO	OPTIONAL	na
		TARGET:
		DEFAULT=RW
		RW =READ-WRITE
		RO = READ-ONLY
		NA =NOT
		ACCESSIBLE
-pos	POSITION	IDENTITY RANK IN	OPTIONAL	0
		ACCESS RIGHT
		EVALUATION SCAN
		DEFAULT=NEXT
		HIGHEST AVAILABLE
		NUMBER

Example

The default access rights for the target finance are changed to not accessible meaning a non-specific host is not allowed access to the target finance.

acl set –ta finance –id def_all –acc na

Chapter 7: Volume Exposure and Security

119

Image 125

SANRAD V-Switch manual Changing the Default Identity, Acc, Pos, Acl set -ta finance -id defall -acc na

Contents

Sanrad V-Switch International Headquarters Limited Warranty FCC-15 User Information Regulatory Information Safety Notices User Notes Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information Safety Notices User Notes Table of Contents Switch Configuration Volume Exposure & Security Routine Volume Maintenance 195 Volume Configuration Sample Configurations 285 This Chapter Switch Switch Overview Order of Operations Switch Network Topology Chapter Title Description Manual Organization Volume create transparent CLI Command Line InterfaceVol Transparent1 Esc Tab Technical Assistance Installing the V-Switch Front Panel Chassis Back Panel System Indicator LEDs Switch 2000 LEDs Scsi Rack Mounting Surface Mounting Attach the Rear L-BRACKET Scsi Storage Port Connection Type Storage Port Connections Switch 2000 FC Storage Ports Network Port Cable Connections Network Port Connections Console Port Connection Powering Up Switch 2000 Power Supplies User Notes LCD Switch 3000 Front Panel Installing the V-Switch Switch 3000 LEDs This step works best with two people Switch 3000 Storage Ports Switch 3000 Storage Port LEDs 1000BASE-SXSHORT-WAVE Laser for Switch 3000 Network Ports Management Port Connection Switch 3000 Management Port Compact Flash CF Slot LCD Scalability Port Scalability Port Switch 3000 Power Supplies Switch Configuration Switch Configuration Introduction to Managing the V-Switch Switch Management Options Switch Status OK Configuring the V-Switch 3000 Management Parameters via LCD Configuring the Management Console Telnet Initializing the V-Switch Init -n VSwitch -ip VSwitchInit 212.199.43.46 Changing Management Parameters VSwitch1Changing General Management Parameters Device set Ext4838 LocRld Telnet Rcom Adding an Snmp Manager Changing the Telnet Communications Port Adding User Login Profiles Page Viewing Scsi Storage Ports and Bus IDs Configuring the Storage PortsSetting a Scsi Storage Port Bus ID Viewing the FC Port Information Configuring an FC Storage PortPscsi set busid -if pscsi3 -id Fc interface show Alias Fc set -if fc2 -sp 1 -pt nl -cm prl Viewing the V-Switch World Wide Node Name2000201058001046 Function Gateway Ip config set Configuring the Network PortsIp config set -ip 212.199.43.56 -if eth1 -act 212.199.43.56 Removing an IP Address Checking the IP ConfigurationsIp config show Ip config remove -ip Ip config remove ISCSI Discovery Session Discovering iSCSI TargetsISNS Ip isns add Configuring iSCSI Portals Removing iSCSI Portals Viewing iSCSI PortalsIscsi portal create -ip Iscsi portal remove Only one of these paths can be configured for V-Switch Configuring IP Routing Adding an IP Route Setting a Default Gateway Removing an IP Route Checking IP RoutesViewing IP Routes 10.12.40.0 255.255.255.0 Eth3 Ip route remove User Notes Switch Cluster Configuration Switch Cluster Configuration Introduction to V-Switch Clusters Switch Cluster Configuration Re-routing Storage Access with Off-line V-Switch Setting the V-Switch ID Configuring a V-Switch ClusterAdding a Neighbor Device set -id Neighbor add -nb VSwitch2 -ip VSwitch2Neighbor add 212.199.43.75 Cluster with Neighbor IP Addresses Maintaining Cluster Communications Working with Scsi Storage DevicesPscsi set busid if pscsi3 -id Cluster show Last Keep Alive Cluster failover enable Further V-Switch Cluster ConfigurationsCluster failover disable Enabling and Disabling Failover Neighbor details Viewing V-Switch Neighbor DetailsNeighbor show Managing a Cluster VSwitch2 212.199.43.75Neighbor set Neighbor remove Fint Cluster setKai Sint LUN Carving Volume Configuration Physical Storage used in Examples Introduction to Volume Configuration Storage show Identifying Available Storage DevicesAlias Entity Name Storage blink activate Storage blink abort Storage blink activate -s Stor1 -tStorage set Stor1 Disk2JBOD5 Saveforsnap shots Seagate Storage details Trans1 Creating a Transparent VolumeVolume create transparent -vol Trans1 -d Disk1 Trans1 Transpar 1024 512 Volume showAlias Vol Type Subdisk create Creating a Subdisk LUN Carving18000000 Subdisk1 Subdisk details Subdisk create -d Disk1 -sl 18000000 -sa 0 -sd Subdisk1 Subdisk create -d Disk1 -sl Sa 18000000 -sd Subdisk2 DiskStart Address Simple1 Creating a Simple VolumeVolume create simple Volume show Alias Volume create simple -vol Simple1 -sd Subdisk1State 17999999 512 Internal Volume create concatenated Creating a Concatenated VolumeVol Nbc Concat1 Concatenated Volume Volume create stripe Creating a Striped VolumeStripe1 Sus Simple4 Simple8 Simple10 Simple2 Striped Volume Volume create mirror Creating a Mirrored VolumeMirrored1 100 Volume Configuration 101 Replicating Data in a Mirrored Volume Volume mirror sync -src Simple3 -dst Simple5 Volume mirror syncSrc Simple3 Creating a RAID 10 and RAID 0+1 Volume Configuration 103 104 Volume create mirror -vol Mirror2 -ch Simple1 -ch Simple7Volume create mirror -vol Mirror3 -ch Simple3 -ch Simple9 Volume Configuration 105 Second Mirrored Volume of RAID 106 Striped Volume of RAID Volume Exposure and Security 107 Volume Exposure & Security 108 Introduction to Volume Exposure & Security Identities Volume Exposure and Security 109 110 Identity B’s iSCSI Initiators An identity can be used with more than one target Volume Exposure and Security 111 112 Access Rights per Identity-Target Pair Volume Exposure and Security 113 Authentication 114 Switch Creating an iSCSI Target 116 Iscsi target show Acl show Volume Exposure and Security 117Iscsi target details Not accessible Target Position Identity Access FinanceRead-write Musicbox Musicdept Read-write Acl set Changing the Default IdentityAcc Pos Creating an Identity Creating an Identity Volume Exposure and Security 121 Acl identity add name Adding Initiators to an IdentityIqn.1991-05 Microsoft Adding an Initiator Volume Exposure and Security 123 124 Adding a Second Initiator Assigning Identity Credentials 126 Assigning Credentials Adding Another Set of Credentials Volume Exposure and Security 127 128 Acl identity details Ip radius add Volume Exposure and Security 129212.199.43.2 DataTurnsMeOn Allow 130 AddressPort 212.199.43.21812 212.199.56.1341812 Volume Exposure and Security 131Ip radius show 132 Connecting an Identity and TargetAcl add Acl add -ta finance -id accounting -acc rw -pos Volume Exposure and Security 133 Exposing an iSCSI Target and LUN Volume exposeNew Vol1 Volume Exposure and Security 135 Volume expose -vol Vol1 -ta finance -lun 136 Lu show Advanced Volume Operations 137 Advanced Volume Operations Data Replication Off-line versus On-line Introduction to Advanced Volume ConfigurationsMirror versus Snapshot Actual Capacity versus Potential Capacity Volume copy create Copying a Volume Off-line CopyAdvanced Volume Operations 139 Src Dst 140 Synchronizing a Volume Adding a Child to a Mirror On-line Copy Advanced Volume Operations 141 Vol No sync Volume mirror addMirror5 Simple10 No parameter required 142 Advanced Volume Operations 143 Volume mirror add -vol Mir4 -ch Sim6 144 Creating a Snapshot Advanced Volume Operations 145 St Write to Source and Update to 1st Snapshot 146 Volume create snapshotVol Src Advanced Volume Operations 147 Update to 1st Snapshot & 1st Write to Source 148 Advanced Volume Operations 149 Viewing Snapshot VolumesVolume snapshot show Breaking a Mirror Volume snapshot list -vol Mirror7Mirror7 Snapshot Date & Time Utilization Snp1Mir1 12/12/02 20% Removing a Child from a Mirror Advanced Volume Operations 151 Volume mirror break -vol Mir1 -ch Sim5 Volume mirror breakMirror5 Simple10 152 Advanced Volume Operations 153 Resizing a Volume 154 Creating a Cube Advanced Volume Operations 155 Further Resizing on the Same Volume Volume resize -vol Sim2 -a XSim2 -with Sim3 Volume resizeVol With Ch2 Volume retract Retracting a VolumeAdvanced Volume Operations 157 Mir5 158 Expanding a Volume Volume expand -vol XSim2 Volume expandAdvanced Volume Operations 159 XSim2 160 Expanding XSim2 Advanced Volume Operations 161 Routine Volume Maintenance 161 Routine Volume Maintenance Removing a Volume VolumesRenaming a Volume Routine Volume Maintenance 163 Volume remove -vol Stripe1 Volume remove -all Removing all Volumes in a HierarchyVolume remove -all -vol Stripe1 All Volume replace Replacing a VolumeRoutine Volume Maintenance 165 Vol Nvol 166 Synchronizing a VolumeMirror2 Mirror8 Changing iSCSI Target Parameters Targets and ExposureRemoving an LU Removing an iSNS Server Removing an iSCSI TargetRemoving a Radius Server 169 Snmp Manager 170 General Configuration Parameters Telnet Routine V-Switch Maintenance 171Telnet Port 172 Removing an Snmp Manager Setting an Snmp ManagerSnmp Manager User Profiles ISNS ServerAdding an iSNS Server 174 Removing a User Profile Adding a User ProfileChanging a User Profile Saving Uploading a V-Switch Database File SwitchResetting a V-Switch Routine V-Switch Maintenance 177 Downloading a V-Switch Configuration FileNetwork Interfaces Ft download Adding an Interface IP Address Changing an Interface AliasInterface set Storage1 Ip config remove-ip Ip config set -if eth1 -ipRoutine V-Switch Maintenance 179 Removing an Interface IP Address 180 IP Routing Disks and Subdisks Routine V-Switch Maintenance 181Discovering Storage Devices 30.30.20.20 Eth2 Exposeas Renaming a Storage DeviceTransparent Storage set -s Stor1 -na RAID1 -info Exposeas transparent Removing a Subdisk Removing a Storage DeviceRenaming a Subdisk Removing a Neighbor ClustersModifying Neighbor Parameters Kai Routine V-Switch Maintenance 185Modifying a Cluster 186 Switch 3000 Power Supply Ft update Upgrading the V-Switch SoftwareSanrad/update Ft update -ip 212.199.43.46 -fd sanrad/update/v20 System set Switch 3000 Compact FlashRep System set -rep yes System copy Routine V-Switch Maintenance 189From Cflash Type 190 Safe ModeAutomatic Safe Mode Routine V-Switch Maintenance 191 Level 2 Reboot with Default Factory Database Exporting a Corrupted Database Manual Safe Mode Routine V-Switch Maintenance 193 Level O Normal Mode 194 Command Line Interface 195 Command Line Interface 196 Command Line Interface 197 Switch Configuration Init -n VSwitch1 -ip Admin showAdmin show Init Admin remove Admin addAdmin password User Name Info ResetDevice set 200 Device set -telnet Command Line Interface 201Fc interface show 21/04/2002 Interface show Fc node showFc set speed Pscsi show Interface detailsInterface set Snmp manager show Pscsi set busidSnmp manager add AliasBusID Pscsi3 Pscsi4 Snmp manager set Command Line Interface 205Snmp manager remove 212.199.43.96 150 Ip config set Ip config showIp config remove 206 Ip route add Command Line Interface 207Ip route show 10.10.20.20 255.255.255.0 30.30.20.20 Ip isns show Ip route removeIp isns add 10.12.40.40 255.255.255.0 20.22.11.11 Ip isns remove Command Line Interface 209Neighbor add Neighbor set Cluster show Neighbor detailsNeighbor remove Cluster failover disable Cluster failover enableLast Keep Alive Dead Ints FailoverEnabled StateRunning Cluster set Ft download Ft showFt upload software System boot Ft export problem212.199.43.70 Backupdata System set 214 System copySystem show Command Line Interface 215 Volume Configuration Storage blink activate Storage discoveryStorage blink abort Storage show Storage alias Storage disk showStorage disk set Storage set Storage detailsStor7 Disk7 Replacedisk2 218 Storage remove Command Line Interface 219Subdisk create Subdisk show Subdisk alias Subdisk detailsSubdisk show Subdisks details Subdisk remove Volume showSubdisk set Volume details Volume create simple Volume aliasVolume hierarchy Volume create mirror Volume create transparentVolume create concatenated Mirror2 Volume set Volume create striped Volume replace Volume removeVolume remove -all Volume mirror sync Volume mirror showVolume mirror dummysync Command Line Interface 227 Volume copy show Volume copy createVolume copy abort Volume copy abort Volume mirror break Volume mirror addVolume resize Vol Dst No sync Volume expand Volume retractVolume create snapshot 230 Volume snapshot list Volume snapshot showCommand Line Interface 231 Mirro2 232 Volume Exposure Iscsi portal show Command Line Interface 233Iscsi portal create Iscsi portal remove Iscsi target alias Iscsi target createIscsi target set Billing.san rad Device Device Acl show Iscsi target authenticationIscsi target remove Acl add Acl details Acl identity show Acl setAcl rem Acl identity create Acl identity detailsAcl identity delete MedSchool All registered students Acl identity add chap Acl identity add nameAcl identity remove name Acl identity remove srp Acl identity remove chapAcl identity add srp Acl down Acl identity setAcl up Ip radius add Ip radius showIp radius set Key Ip radius remove Volume expose -newVolume expose Lu details Lu showMusic.sanrad Iscsi Lu remove Command Line Interface 245Lu details Expose Lu remove 246 Sample Configurations 247 Sample Configurations 248 Sample Introduction Sample Configurations 249 Installing and Using the V-Switch 250 System Overview Sample Configurations 251 Init -n VSwitch1 252 Iscsi portal create -ip 172.17.200.174 -pProtocol Address Type Port IPv4 172.17.200.174 3260 Create Iscsi Target and LUN Sample Configurations 253 254 Microsoft iSCSI Initiator Sample Configurations 255 New disk should be configured as a basic disk only 256 Replacing a Mirrored Volume Replacing a Failed Disk Sample Configurations 257 Volume create simple -vol Simple5 -d Stor5 Stor5 500708206059f880 Enabled EntireVolume replace -vol Simple4 -nvol Simple5 258 Volume remove all -vol Simple4 Volume mirror synch -src Simple3 -dst Simple5Sample Configurations 259 Storage remove -s Stor4 260 Replicating Data Off-line Attach and View Storage Devices Sample Configurations 261 Synch None Source Destination Oper Admin Progress StatusSynch DataRep 262 Sample Configurations 263 Configuring the V-Switch with a Single IP Routing Path LAN a 264 Insert IP 0.0 0 0.0 0 0.0 0 Sample Configurations 265 266 Iscsi portal create -ip 212.199.43.56 -p Sample Configurations 267 268 Sample Configurations 269 270 Sample Configurations 271 Configuring a Cluster 272 Cluster Topology Sample Configurations 273 274 Sample Configurations 275 276 Init -n VSwitch2Neighbor add -nb VSwitch1 -ip Iscsi portal create -ip 212.199.43.75 -p Sample Configurations 277 278 Sample Configurations 279 280 Sample Configurations 281 282 Sample Configurations 283 284 Nd Microsoft iSCSI Initiator Configuration for Host Station Index 285 Index 286 Chap Index 287 Dummy synchronize 288 Interval Index 289 Mirror 290 RS232 19, 46, 190 Index 291 SRP 292 Volume create Index 293