Manuals / SANRAD / Computer Equipment / Switch

SANRAD V-Switch manual Changing the Default Identity, Acl set, Acc, Pos

Models: V-Switch

1 300

Download 300 pages 15.92 Kb

Page 125

If you are working in

aV-Switch cluster, the default access rights must be

disabled on both V- Switches.

In the event of a failover, if the default access rights are not modified on both V- Switches, all volumes attached to the target will be read-write accessible to all iSCSI initiators.

Changing the Default Identity

When a target is created, a default access control identity is automatically assigned to its position 0. The default identity allows all hosts read-write access to the target and its underlying volume(s).

If you want to specify other access rights, you must change the general read-write access. Use the CLI command acl set to modify a target’s access rights and identity position.

If you add or modify identities on a target after its volumes have been exposed, the access rights will take effect only at the next login for each iSCSI initiator. Therefore, it is recommended to modify the default access rights for a target first before creating new identities to insure that it will not inadvertently be exposed to all iSCSI initiators in the beginning.

acl set

You need to define four parameters to modify an identity:

SWITCH	PARAMETER	DEFINITION	STATUS	EXAMPLE

-ta	TARGET	ALIAS OF TARGET	MANDATORY	finance
		TO CONNECT WITH
		ACL IDNETITY
-id	IDENTITY	ACL IDENTITY	MANDATORY	DEF_ALL
-acc	ACCESS	ACCESS RIGHTS TO	OPTIONAL	na
		TARGET:
		DEFAULT=RW
		RW =READ-WRITE
		RO = READ-ONLY
		NA =NOT
		ACCESSIBLE
-pos	POSITION	IDENTITY RANK IN	OPTIONAL	0
		ACCESS RIGHT
		EVALUATION SCAN
		DEFAULT=NEXT
		HIGHEST AVAILABLE
		NUMBER

Example

The default access rights for the target finance are changed to not accessible meaning a non-specific host is not allowed access to the target finance.

acl set –ta finance –id def_all –acc na

Chapter 7: Volume Exposure and Security

119

Image 125

SANRAD V-Switch manual Changing the Default Identity, Acc, Pos, Acl set -ta finance -id defall -acc na

Contents

Sanrad V-Switch International Headquarters Limited Warranty FCC-15 User Information Regulatory InformationSafety Notices User Notes Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information Safety Notices User Notes Table of Contents Switch Configuration Volume Exposure & Security Routine Volume Maintenance 195 Volume Configuration Sample Configurations 285 This Chapter SwitchSwitch Overview Order of Operations Switch Network TopologyChapter Title Description Manual OrganizationVolume create transparent CLI Command Line InterfaceVol Transparent1Esc Tab Technical AssistanceInstalling the V-Switch Front Panel ChassisBack Panel System Indicator LEDsSwitch 2000 LEDs Scsi Rack Mounting Surface MountingAttach the Rear L-BRACKET Scsi Storage Port Connection Type Storage Port ConnectionsSwitch 2000 FC Storage Ports Network Port Cable Connections Network Port ConnectionsConsole Port Connection Powering UpSwitch 2000 Power Supplies User Notes LCD Switch 3000 Front Panel Installing the V-Switch Switch 3000 LEDsThis step works best with two people Switch 3000 Storage Ports Switch 3000 Storage Port LEDs 1000BASE-SXSHORT-WAVE Laser for Switch 3000 Network Ports Management Port Connection Switch 3000 Management PortCompact Flash CF Slot LCDScalability Port Scalability PortSwitch 3000 Power Supplies Switch Configuration Switch ConfigurationIntroduction to Managing the V-Switch Switch Management Options Switch Status OK Configuring the V-Switch 3000 Management Parameters via LCDConfiguring the Management Console Telnet Initializing the V-SwitchInit -n VSwitch -ip VSwitchInit 212.199.43.46Changing Management Parameters VSwitch1Changing General Management Parameters Device setExt4838 LocRld Telnet RcomAdding an Snmp Manager Changing the Telnet Communications PortAdding User Login Profiles Page Viewing Scsi Storage Ports and Bus IDs Configuring the Storage PortsSetting a Scsi Storage Port Bus ID Viewing the FC Port Information Configuring an FC Storage PortPscsi set busid -if pscsi3 -id Fc interface show AliasFc set -if fc2 -sp 1 -pt nl -cm prl Viewing the V-Switch World Wide Node Name2000201058001046 Function GatewayIp config set Configuring the Network PortsIp config set -ip 212.199.43.56 -if eth1 -act 212.199.43.56Removing an IP Address Checking the IP ConfigurationsIp config show Ip config remove -ip Ip config removeISCSI Discovery Session Discovering iSCSI TargetsISNS Ip isns addConfiguring iSCSI Portals Removing iSCSI Portals Viewing iSCSI PortalsIscsi portal create -ip Iscsi portal removeOnly one of these paths can be configured for V-Switch Configuring IP RoutingAdding an IP Route Setting a Default GatewayRemoving an IP Route Checking IP RoutesViewing IP Routes 10.12.40.0 255.255.255.0 Eth3 Ip route removeUser Notes Switch Cluster Configuration Switch Cluster ConfigurationIntroduction to V-Switch Clusters Switch Cluster Configuration Re-routing Storage Access with Off-line V-Switch Setting the V-Switch ID Configuring a V-Switch ClusterAdding a Neighbor Device set -idNeighbor add -nb VSwitch2 -ip VSwitch2Neighbor add 212.199.43.75Cluster with Neighbor IP Addresses Maintaining Cluster Communications Working with Scsi Storage DevicesPscsi set busid if pscsi3 -id Cluster show Last Keep AliveCluster failover enable Further V-Switch Cluster ConfigurationsCluster failover disable Enabling and Disabling FailoverNeighbor details Viewing V-Switch Neighbor DetailsNeighbor show Managing a Cluster VSwitch2 212.199.43.75Neighbor set Neighbor removeFint Cluster setKai Sint LUN Carving Volume ConfigurationPhysical Storage used in Examples Introduction to Volume ConfigurationStorage show Identifying Available Storage DevicesAlias Entity Name Storage blink activateStorage blink abort Storage blink activate -s Stor1 -tStorage set Stor1 Disk2JBOD5 Saveforsnap shotsSeagate Storage detailsTrans1 Creating a Transparent VolumeVolume create transparent -vol Trans1 -d Disk1 Trans1 Transpar 1024 512 Volume showAlias Vol Type Subdisk create Creating a Subdisk LUN Carving18000000 Subdisk1Subdisk details Subdisk create -d Disk1 -sl 18000000 -sa 0 -sd Subdisk1Subdisk create -d Disk1 -sl Sa 18000000 -sd Subdisk2 DiskStart Address Simple1 Creating a Simple VolumeVolume create simple Volume show Alias Volume create simple -vol Simple1 -sd Subdisk1State 17999999 512 InternalVolume create concatenated Creating a Concatenated VolumeVol Nbc Concat1Concatenated Volume Volume create stripe Creating a Striped VolumeStripe1 SusSimple4 Simple8 Simple10 Simple2Striped Volume Volume create mirror Creating a Mirrored VolumeMirrored1 100Volume Configuration 101 Replicating Data in a Mirrored VolumeVolume mirror sync -src Simple3 -dst Simple5 Volume mirror syncSrc Simple3Creating a RAID 10 and RAID 0+1 Volume Configuration 103104 Volume create mirror -vol Mirror2 -ch Simple1 -ch Simple7Volume create mirror -vol Mirror3 -ch Simple3 -ch Simple9 Volume Configuration 105 Second Mirrored Volume of RAID106 Striped Volume of RAIDVolume Exposure and Security 107 Volume Exposure & Security108 Introduction to Volume Exposure & SecurityIdentities Volume Exposure and Security 109110 Identity B’s iSCSI InitiatorsAn identity can be used with more than one target Volume Exposure and Security 111112 Access Rights per Identity-Target PairVolume Exposure and Security 113 Authentication114 SwitchCreating an iSCSI Target 116 Iscsi target showAcl show Volume Exposure and Security 117Iscsi target details Not accessible Target Position Identity Access FinanceRead-write Musicbox Musicdept Read-writeAcl set Changing the Default IdentityAcc PosCreating an Identity Creating an Identity Volume Exposure and Security 121Acl identity add name Adding Initiators to an IdentityIqn.1991-05 MicrosoftAdding an Initiator Volume Exposure and Security 123124 Adding a Second InitiatorAssigning Identity Credentials 126 Assigning CredentialsAdding Another Set of Credentials Volume Exposure and Security 127128 Acl identity detailsIp radius add Volume Exposure and Security 129212.199.43.2 DataTurnsMeOnAllow 130AddressPort 212.199.43.21812 212.199.56.1341812 Volume Exposure and Security 131Ip radius show 132 Connecting an Identity and TargetAcl add Acl add -ta finance -id accounting -acc rw -pos Volume Exposure and Security 133Exposing an iSCSI Target and LUN Volume exposeNew Vol1Volume Exposure and Security 135 Volume expose -vol Vol1 -ta finance -lun136 Lu showAdvanced Volume Operations 137 Advanced Volume OperationsData Replication Off-line versus On-line Introduction to Advanced Volume ConfigurationsMirror versus Snapshot Actual Capacity versus Potential CapacityVolume copy create Copying a Volume Off-line CopyAdvanced Volume Operations 139 Src Dst140 Synchronizing a VolumeAdding a Child to a Mirror On-line Copy Advanced Volume Operations 141Vol No sync Volume mirror addMirror5 Simple10 No parameter required 142Advanced Volume Operations 143 Volume mirror add -vol Mir4 -ch Sim6144 Creating a SnapshotAdvanced Volume Operations 145 St Write to Source and Update to 1st Snapshot146 Volume create snapshotVol Src Advanced Volume Operations 147 Update to 1st Snapshot & 1st Write to Source148 Advanced Volume Operations 149 Viewing Snapshot VolumesVolume snapshot show Breaking a Mirror Volume snapshot list -vol Mirror7Mirror7 Snapshot Date & Time Utilization Snp1Mir1 12/12/02 20%Removing a Child from a Mirror Advanced Volume Operations 151Volume mirror break -vol Mir1 -ch Sim5 Volume mirror breakMirror5 Simple10 152Advanced Volume Operations 153 Resizing a Volume154 Creating a CubeAdvanced Volume Operations 155 Further Resizing on the Same VolumeVolume resize -vol Sim2 -a XSim2 -with Sim3 Volume resizeVol With Ch2Volume retract Retracting a VolumeAdvanced Volume Operations 157 Mir5158 Expanding a VolumeVolume expand -vol XSim2 Volume expandAdvanced Volume Operations 159 XSim2160 Expanding XSim2Advanced Volume Operations 161 Routine Volume Maintenance 161 Routine Volume MaintenanceRemoving a Volume VolumesRenaming a Volume Routine Volume Maintenance 163 Volume remove -vol Stripe1Volume remove -all Removing all Volumes in a HierarchyVolume remove -all -vol Stripe1 AllVolume replace Replacing a VolumeRoutine Volume Maintenance 165 Vol Nvol166 Synchronizing a VolumeMirror2 Mirror8 Changing iSCSI Target Parameters Targets and ExposureRemoving an LU Removing an iSNS Server Removing an iSCSI TargetRemoving a Radius Server 169 Snmp Manager170 General Configuration ParametersTelnet Routine V-Switch Maintenance 171Telnet Port 172 Removing an Snmp Manager Setting an Snmp ManagerSnmp Manager User Profiles ISNS ServerAdding an iSNS Server 174Removing a User Profile Adding a User ProfileChanging a User Profile Saving Uploading a V-Switch Database File SwitchResetting a V-Switch Routine V-Switch Maintenance 177 Downloading a V-Switch Configuration FileNetwork Interfaces Ft downloadAdding an Interface IP Address Changing an Interface AliasInterface set Storage1Ip config remove-ip Ip config set -if eth1 -ipRoutine V-Switch Maintenance 179 Removing an Interface IP Address180 IP RoutingDisks and Subdisks Routine V-Switch Maintenance 181Discovering Storage Devices 30.30.20.20 Eth2Exposeas Renaming a Storage DeviceTransparent Storage set -s Stor1 -na RAID1 -info Exposeas transparentRemoving a Subdisk Removing a Storage DeviceRenaming a Subdisk Removing a Neighbor ClustersModifying Neighbor Parameters Kai Routine V-Switch Maintenance 185Modifying a Cluster 186 Switch 3000 Power SupplyFt update Upgrading the V-Switch SoftwareSanrad/update Ft update -ip 212.199.43.46 -fd sanrad/update/v20System set Switch 3000 Compact FlashRep System set -rep yesSystem copy Routine V-Switch Maintenance 189From Cflash Type190 Safe ModeAutomatic Safe Mode Routine V-Switch Maintenance 191 Level 2 Reboot with Default Factory DatabaseExporting a Corrupted Database Manual Safe ModeRoutine V-Switch Maintenance 193 Level O Normal Mode194 Command Line Interface 195 Command Line Interface196 Command Line Interface 197 Switch ConfigurationInit -n VSwitch1 -ip Admin showAdmin show InitAdmin remove Admin addAdmin password User NameInfo ResetDevice set 200Device set -telnet Command Line Interface 201Fc interface show 21/04/2002Interface show Fc node showFc set speed Pscsi show Interface detailsInterface set Snmp manager show Pscsi set busidSnmp manager add AliasBusID Pscsi3 Pscsi4Snmp manager set Command Line Interface 205Snmp manager remove 212.199.43.96 150Ip config set Ip config showIp config remove 206Ip route add Command Line Interface 207Ip route show 10.10.20.20 255.255.255.0 30.30.20.20Ip isns show Ip route removeIp isns add 10.12.40.40 255.255.255.0 20.22.11.11Ip isns remove Command Line Interface 209Neighbor add Neighbor setCluster show Neighbor detailsNeighbor remove Cluster failover disable Cluster failover enableLast Keep Alive Dead Ints FailoverEnabled StateRunning Cluster setFt download Ft showFt upload software System boot Ft export problem212.199.43.70 Backupdata System set214 System copySystem show Command Line Interface 215 Volume ConfigurationStorage blink activate Storage discoveryStorage blink abort Storage showStorage alias Storage disk showStorage disk set Storage set Storage detailsStor7 Disk7 Replacedisk2 218Storage remove Command Line Interface 219Subdisk create Subdisk showSubdisk alias Subdisk detailsSubdisk show Subdisks detailsSubdisk remove Volume showSubdisk set Volume details Volume create simple Volume aliasVolume hierarchy Volume create mirror Volume create transparentVolume create concatenated Mirror2Volume set Volume create stripedVolume replace Volume removeVolume remove -all Volume mirror sync Volume mirror showVolume mirror dummysync Command Line Interface 227Volume copy show Volume copy createVolume copy abort Volume copy abortVolume mirror break Volume mirror addVolume resize Vol Dst No syncVolume expand Volume retractVolume create snapshot 230Volume snapshot list Volume snapshot showCommand Line Interface 231 Mirro2232 Volume ExposureIscsi portal show Command Line Interface 233Iscsi portal create Iscsi portal removeIscsi target alias Iscsi target createIscsi target set Billing.san rad Device DeviceAcl show Iscsi target authenticationIscsi target remove Acl add Acl detailsAcl identity show Acl setAcl rem Acl identity create Acl identity detailsAcl identity delete MedSchool All registered studentsAcl identity add chap Acl identity add nameAcl identity remove name Acl identity remove srp Acl identity remove chapAcl identity add srp Acl down Acl identity setAcl up Ip radius add Ip radius showIp radius set KeyIp radius remove Volume expose -newVolume expose Lu details Lu showMusic.sanrad IscsiLu remove Command Line Interface 245Lu details Expose Lu remove246 Sample Configurations 247 Sample Configurations248 Sample IntroductionSample Configurations 249 Installing and Using the V-Switch250 System OverviewSample Configurations 251 Init -n VSwitch1252 Iscsi portal create -ip 172.17.200.174 -pProtocol Address Type Port IPv4 172.17.200.174 3260 Create Iscsi Target and LUN Sample Configurations 253254 Microsoft iSCSI InitiatorSample Configurations 255 New disk should be configured as a basic disk only256 Replacing a Mirrored VolumeReplacing a Failed Disk Sample Configurations 257Volume create simple -vol Simple5 -d Stor5 Stor5 500708206059f880 Enabled EntireVolume replace -vol Simple4 -nvol Simple5 258Volume remove all -vol Simple4 Volume mirror synch -src Simple3 -dst Simple5Sample Configurations 259 Storage remove -s Stor4260 Replicating Data Off-lineAttach and View Storage Devices Sample Configurations 261Synch None Source Destination Oper Admin Progress StatusSynch DataRep 262Sample Configurations 263 Configuring the V-Switch with a Single IP Routing PathLAN a 264Insert IP 0.0 0 0.0 0 0.0 0 Sample Configurations 265266 Iscsi portal create -ip 212.199.43.56 -pSample Configurations 267 268 Sample Configurations 269 270 Sample Configurations 271 Configuring a Cluster272 Cluster TopologySample Configurations 273 274 Sample Configurations 275 276 Init -n VSwitch2Neighbor add -nb VSwitch1 -ip Iscsi portal create -ip 212.199.43.75 -p Sample Configurations 277278 Sample Configurations 279 280 Sample Configurations 281 282 Sample Configurations 283 284 Nd Microsoft iSCSI Initiator Configuration for Host StationIndex 285 Index286 ChapIndex 287 Dummy synchronize288 IntervalIndex 289 Mirror290 RS232 19, 46, 190Index 291 SRP292 Volume createIndex 293