If you are working in

aV-Switch cluster, each identity must be configured on both V- Switches.

If you are working with an iSNS server, all hosts are able to see the target but only those hosts with access rights are able to connect to the target.

Creating an Identity

If you want to limit host, meaning iSCSI initiator, access to targets, you must create an identity that is more discriminate than the default identity. Use the CLI command acl identity create to name and describe an identity.

When creating identities, keep in mind that:

Each identity can contain one or more iSCSI initiators.

Each identity can be assigned one or both login authentication methods.

Each identity can be attached to more than one target.

Each target is first automatically coupled to a default read-write un-authenticated access identity.

Each target can have more than one identity.

acl identity create

You need to define two parameters to create an identity:

SWITCH

PARAMETER

DEFINITION

STATUS

EXAMPLE

 

 

 

 

 

-alias

ALIAS

ALIAS FOR

MANDATORY

accounting

 

 

IDENTITY

 

 

-info

INFORMATION

INFORMATION ON

OPTIONAL

accountants

 

 

IDENTITY

 

allowed read-

 

 

 

 

write access

 

 

 

 

to accounting

 

 

 

 

records

Example

An identity, accounting, is created for those accountants allowed read-write access to the accounting records, as shown in Figure 63, page 121.

acl identity create – alias accounting – info accountants allowed read-write access to accounting records

120

SANRAD V-Switch User Manual

Page 126
Image 126
SANRAD V-Switch manual Creating an Identity