Connecting an Identity and Target, Acl add, 132 | SANRAD V-Switch

If you are working in

aV-Switch cluster, each Identity must be connected to the target(s) on both V- Switches.

All CLI names and aliases are case sensitive

Connecting an Identity and Target

Once created, an identity must be connected to a target to provide it with access control. An identity specifies which access rights the iSCSI initiators within the Identity have to the target.

When an identity is connected to a target, it is also given a position. The position of the identity determines its place in the V-Switch access rights evaluation. An identity with the position 0 (default identity) is the last identity evaluated when an initiator tries to access a volume. If the initiator meets the profile of the identity, it is granted that identity ‘s access rights. If not, the V-Switch continues to position 1. The V-Switch does not scan all identities to determine which most specifically fits the host. Therefore, identities must be positioned in decreasing specificity to function correctly. The V-Switch scans for the first fit and not the best fit.

An identity can be connected to more than one target to provide the same conditions for each target. Use the CLI command acl add to connect an identity to a target.

acl add

You need to define four parameters to connect an identity to a target:

SWITCH	PARAMETER	DEFINITION	STATUS	EXAMPLE

-ta	TARGET ALIAS	ALIAS OF TARGET	MANDATORY	finance
		TO ATTACH TO
-id	IDENTITY	NAME OF ACL	MANDATORY	accounting
		IDENTITY
-acc	ACCESS	ACCESS RIGHTS TO	OPTIONAL	rw
		TARGET:	DEFAULT=RW
		DEFAULT=RW	DEFAULT=RW
		DEFAULT=RW
		RW =READ-WRITE
		RO = READ-ONLY
		NA =NOT
		ACCESSIBLE
-pos	POSITION	ACL RANK IN	OPTIONAL	1
		ACCESS RIGHT	ASSIGNED LAST
		EVALUATION SCAN	ASSIGNED LAST
		EVALUATION SCAN	POSITION IF
			POSITION IF
			NOT SPECIFIED

Example

The identity, accounting, is connected to the target finance. Accounting is the second identity scanned for an initiator match. Any initiator in the accounting identity is given read-only access. Later, an administrator identity can be created with read-write access and placed in position 0.

132	SANRAD V-Switch User Manual

Image 138

SANRAD V-Switch manual Connecting an Identity and Target, Acl add, 132

Contents

Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information FCC-15 User Information Safety Notices User Notes Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information Safety Notices User Notes Table of Contents Switch Configuration Volume Exposure & Security Routine Volume Maintenance 195 Volume Configuration Sample Configurations 285 Switch This Chapter Switch Overview Switch Network Topology Order of Operations Manual Organization Chapter Title Description Vol CLI Command Line InterfaceVolume create transparent Transparent1 Technical Assistance Esc Tab Installing the V-Switch Chassis Front Panel System Indicator LEDs Back Panel Switch 2000 LEDs Scsi Surface Mounting Rack Mounting Attach the Rear L-BRACKET Storage Port Connections Scsi Storage Port Connection Type Switch 2000 FC Storage Ports Network Port Connections Network Port Cable Connections Powering Up Console Port Connection Switch 2000 Power Supplies User Notes LCD Switch 3000 Front Panel Switch 3000 LEDs Installing the V-Switch This step works best with two people Switch 3000 Storage Ports Switch 3000 Storage Port LEDs 1000BASE-SXSHORT-WAVE Laser for Switch 3000 Network Ports Switch 3000 Management Port Management Port Connection LCD Compact Flash CF Slot Scalability Port Scalability Port Switch 3000 Power Supplies Switch Configuration Switch Configuration Introduction to Managing the V-Switch Switch Management Options Configuring the V-Switch 3000 Management Parameters via LCD Switch Status OK Configuring the Management Console Initializing the V-Switch Telnet Init VSwitchInit -n VSwitch -ip 212.199.43.46 Changing General Management Parameters VSwitch1Changing Management Parameters Device set Rld LocExt4838 Telnet Rcom Changing the Telnet Communications Port Adding an Snmp Manager Adding User Login Profiles Page Configuring the Storage Ports Setting a Scsi Storage Port Bus IDViewing Scsi Storage Ports and Bus IDs Pscsi set busid -if pscsi3 -id Configuring an FC Storage PortViewing the FC Port Information Fc interface show Alias 2000201058001046 Viewing the V-Switch World Wide Node NameFc set -if fc2 -sp 1 -pt nl -cm prl Function Gateway Ip config set -ip 212.199.43.56 -if eth1 -act Configuring the Network PortsIp config set 212.199.43.56 Checking the IP Configurations Ip config showRemoving an IP Address Ip config remove Ip config remove -ip ISNS Discovering iSCSI TargetsISCSI Discovery Session Ip isns add Configuring iSCSI Portals Iscsi portal create -ip Viewing iSCSI PortalsRemoving iSCSI Portals Iscsi portal remove Configuring IP Routing Only one of these paths can be configured for V-Switch Setting a Default Gateway Adding an IP Route Checking IP Routes Viewing IP RoutesRemoving an IP Route Ip route remove 10.12.40.0 255.255.255.0 Eth3 User Notes Switch Cluster Configuration Switch Cluster Configuration Introduction to V-Switch Clusters Switch Cluster Configuration Re-routing Storage Access with Off-line V-Switch Adding a Neighbor Configuring a V-Switch ClusterSetting the V-Switch ID Device set -id Neighbor add VSwitch2Neighbor add -nb VSwitch2 -ip 212.199.43.75 Cluster with Neighbor IP Addresses Pscsi set busid if pscsi3 -id Working with Scsi Storage DevicesMaintaining Cluster Communications Cluster show Last Keep Alive Cluster failover disable Further V-Switch Cluster ConfigurationsCluster failover enable Enabling and Disabling Failover Viewing V-Switch Neighbor Details Neighbor showNeighbor details Neighbor set VSwitch2 212.199.43.75Managing a Cluster Neighbor remove Cluster set Kai SintFint Volume Configuration LUN Carving Introduction to Volume Configuration Physical Storage used in Examples Alias Entity Name Identifying Available Storage DevicesStorage show Storage blink activate Storage set Storage blink activate -s Stor1 -tStorage blink abort Stor1 Disk2JBOD5 Saveforsnap shots Storage details Seagate Creating a Transparent Volume Volume create transparent -vol Trans1 -d Disk1Trans1 Volume show Alias Vol TypeTrans1 Transpar 1024 512 18000000 Creating a Subdisk LUN CarvingSubdisk create Subdisk1 Subdisk create -d Disk1 -sl 18000000 -sa 0 -sd Subdisk1 Subdisk details Disk Start AddressSubdisk create -d Disk1 -sl Sa 18000000 -sd Subdisk2 Creating a Simple Volume Volume create simpleSimple1 State Volume create simple -vol Simple1 -sd Subdisk1Volume show Alias 17999999 512 Internal Vol Nbc Creating a Concatenated VolumeVolume create concatenated Concat1 Concatenated Volume Stripe1 Creating a Striped VolumeVolume create stripe Sus Simple2 Simple4 Simple8 Simple10 Striped Volume Mirrored1 Creating a Mirrored VolumeVolume create mirror 100 Replicating Data in a Mirrored Volume Volume Configuration 101 Src Volume mirror syncVolume mirror sync -src Simple3 -dst Simple5 Simple3 Volume Configuration 103 Creating a RAID 10 and RAID 0+1 Volume create mirror -vol Mirror2 -ch Simple1 -ch Simple7 Volume create mirror -vol Mirror3 -ch Simple3 -ch Simple9104 Second Mirrored Volume of RAID Volume Configuration 105 Striped Volume of RAID 106 Volume Exposure & Security Volume Exposure and Security 107 Introduction to Volume Exposure & Security 108 Volume Exposure and Security 109 Identities Identity B’s iSCSI Initiators 110 Volume Exposure and Security 111 An identity can be used with more than one target Access Rights per Identity-Target Pair 112 Authentication Volume Exposure and Security 113 Switch 114 Creating an iSCSI Target Iscsi target show 116 Volume Exposure and Security 117 Iscsi target detailsAcl show Read-write Target Position Identity Access FinanceNot accessible Musicbox Musicdept Read-write Acc Changing the Default IdentityAcl set Pos Creating an Identity Volume Exposure and Security 121 Creating an Identity Iqn.1991-05 Adding Initiators to an IdentityAcl identity add name Microsoft Volume Exposure and Security 123 Adding an Initiator Adding a Second Initiator 124 Assigning Identity Credentials Assigning Credentials 126 Volume Exposure and Security 127 Adding Another Set of Credentials Acl identity details 128 212.199.43.2 Volume Exposure and Security 129Ip radius add DataTurnsMeOn 130 Allow Volume Exposure and Security 131 Ip radius showAddressPort 212.199.43.21812 212.199.56.1341812 Connecting an Identity and Target Acl add132 Volume Exposure and Security 133 Acl add -ta finance -id accounting -acc rw -pos New Volume exposeExposing an iSCSI Target and LUN Vol1 Volume expose -vol Vol1 -ta finance -lun Volume Exposure and Security 135 Lu show 136 Advanced Volume Operations Advanced Volume Operations 137 Mirror versus Snapshot Introduction to Advanced Volume ConfigurationsData Replication Off-line versus On-line Actual Capacity versus Potential Capacity Advanced Volume Operations 139 Copying a Volume Off-line CopyVolume copy create Src Dst Synchronizing a Volume 140 Advanced Volume Operations 141 Adding a Child to a Mirror On-line Copy Mirror5 Simple10 No parameter required Volume mirror addVol No sync 142 Volume mirror add -vol Mir4 -ch Sim6 Advanced Volume Operations 143 Creating a Snapshot 144 St Write to Source and Update to 1st Snapshot Advanced Volume Operations 145 Volume create snapshot Vol Src146 Update to 1st Snapshot & 1st Write to Source Advanced Volume Operations 147 148 Viewing Snapshot Volumes Volume snapshot showAdvanced Volume Operations 149 Mirror7 Volume snapshot list -vol Mirror7Breaking a Mirror Snapshot Date & Time Utilization Snp1Mir1 12/12/02 20% Advanced Volume Operations 151 Removing a Child from a Mirror Mirror5 Simple10 Volume mirror breakVolume mirror break -vol Mir1 -ch Sim5 152 Resizing a Volume Advanced Volume Operations 153 Creating a Cube 154 Further Resizing on the Same Volume Advanced Volume Operations 155 Vol With Volume resizeVolume resize -vol Sim2 -a XSim2 -with Sim3 Ch2 Advanced Volume Operations 157 Retracting a VolumeVolume retract Mir5 Expanding a Volume 158 Advanced Volume Operations 159 Volume expandVolume expand -vol XSim2 XSim2 Expanding XSim2 160 Advanced Volume Operations 161 Routine Volume Maintenance Routine Volume Maintenance 161 Volumes Renaming a VolumeRemoving a Volume Volume remove -vol Stripe1 Routine Volume Maintenance 163 Volume remove -all -vol Stripe1 Removing all Volumes in a HierarchyVolume remove -all All Routine Volume Maintenance 165 Replacing a VolumeVolume replace Vol Nvol Synchronizing a Volume Mirror2 Mirror8166 Targets and Exposure Removing an LUChanging iSCSI Target Parameters Removing an iSCSI Target Removing a Radius ServerRemoving an iSNS Server Snmp Manager 169 General Configuration Parameters 170 Routine V-Switch Maintenance 171 Telnet PortTelnet 172 Setting an Snmp Manager Snmp ManagerRemoving an Snmp Manager Adding an iSNS Server ISNS ServerUser Profiles 174 Adding a User Profile Changing a User ProfileRemoving a User Profile Switch Resetting a V-SwitchSaving Uploading a V-Switch Database File Network Interfaces Downloading a V-Switch Configuration FileRoutine V-Switch Maintenance 177 Ft download Interface set Changing an Interface AliasAdding an Interface IP Address Storage1 Routine V-Switch Maintenance 179 Ip config set -if eth1 -ipIp config remove-ip Removing an Interface IP Address IP Routing 180 Discovering Storage Devices Routine V-Switch Maintenance 181Disks and Subdisks 30.30.20.20 Eth2 Transparent Renaming a Storage DeviceExposeas Storage set -s Stor1 -na RAID1 -info Exposeas transparent Removing a Storage Device Renaming a SubdiskRemoving a Subdisk Clusters Modifying Neighbor ParametersRemoving a Neighbor Routine V-Switch Maintenance 185 Modifying a ClusterKai Switch 3000 Power Supply 186 Sanrad/update Upgrading the V-Switch SoftwareFt update Ft update -ip 212.199.43.46 -fd sanrad/update/v20 Rep Switch 3000 Compact FlashSystem set System set -rep yes From Routine V-Switch Maintenance 189System copy Cflash Type Safe Mode Automatic Safe Mode190 Level 2 Reboot with Default Factory Database Routine V-Switch Maintenance 191 Manual Safe Mode Exporting a Corrupted Database Level O Normal Mode Routine V-Switch Maintenance 193 194 Command Line Interface Command Line Interface 195 196 Switch Configuration Command Line Interface 197 Admin show Admin showInit -n VSwitch1 -ip Init Admin password Admin addAdmin remove User Name Device set ResetInfo 200 Fc interface show Command Line Interface 201Device set -telnet 21/04/2002 Fc node show Fc set speedInterface show Interface details Interface setPscsi show Snmp manager add Pscsi set busidSnmp manager show AliasBusID Pscsi3 Pscsi4 Snmp manager remove Command Line Interface 205Snmp manager set 212.199.43.96 150 Ip config remove Ip config showIp config set 206 Ip route show Command Line Interface 207Ip route add 10.10.20.20 255.255.255.0 30.30.20.20 Ip isns add Ip route removeIp isns show 10.12.40.40 255.255.255.0 20.22.11.11 Neighbor add Command Line Interface 209Ip isns remove Neighbor set Neighbor details Neighbor removeCluster show Last Keep Alive Dead Ints FailoverEnabled StateRunning Cluster failover enableCluster failover disable Cluster set Ft show Ft upload softwareFt download 212.199.43.70 Backupdata Ft export problemSystem boot System set System copy System show214 Volume Configuration Command Line Interface 215 Storage blink abort Storage discoveryStorage blink activate Storage show Storage disk show Storage disk setStorage alias Stor7 Disk7 Replacedisk2 Storage detailsStorage set 218 Subdisk create Command Line Interface 219Storage remove Subdisk show Subdisk show Subdisk detailsSubdisk alias Subdisks details Volume show Subdisk setSubdisk remove Volume details Volume alias Volume hierarchyVolume create simple Volume create concatenated Volume create transparentVolume create mirror Mirror2 Volume create striped Volume set Volume remove Volume remove -allVolume replace Volume mirror dummysync Volume mirror showVolume mirror sync Command Line Interface 227 Volume copy abort Volume copy createVolume copy show Volume copy abort Volume resize Volume mirror addVolume mirror break Vol Dst No sync Volume create snapshot Volume retractVolume expand 230 Command Line Interface 231 Volume snapshot showVolume snapshot list Mirro2 Volume Exposure 232 Iscsi portal create Command Line Interface 233Iscsi portal show Iscsi portal remove Iscsi target set Iscsi target createIscsi target alias Billing.san rad Device Device Iscsi target authentication Iscsi target removeAcl show Acl details Acl add Acl set Acl remAcl identity show Acl identity delete Acl identity detailsAcl identity create MedSchool All registered students Acl identity add name Acl identity remove nameAcl identity add chap Acl identity remove chap Acl identity add srpAcl identity remove srp Acl identity set Acl upAcl down Ip radius set Ip radius showIp radius add Key Volume expose -new Volume exposeIp radius remove Music.sanrad Lu showLu details Iscsi Lu details Command Line Interface 245Lu remove Expose Lu remove 246 Sample Configurations Sample Configurations 247 Sample Introduction 248 Installing and Using the V-Switch Sample Configurations 249 System Overview 250 Init -n VSwitch1 Sample Configurations 251 Iscsi portal create -ip 172.17.200.174 -p Protocol Address Type Port IPv4 172.17.200.174 3260252 Sample Configurations 253 Create Iscsi Target and LUN Microsoft iSCSI Initiator 254 New disk should be configured as a basic disk only Sample Configurations 255 Replacing a Mirrored Volume 256 Sample Configurations 257 Replacing a Failed Disk Volume replace -vol Simple4 -nvol Simple5 Stor5 500708206059f880 Enabled EntireVolume create simple -vol Simple5 -d Stor5 258 Sample Configurations 259 Volume mirror synch -src Simple3 -dst Simple5Volume remove all -vol Simple4 Storage remove -s Stor4 Replicating Data Off-line 260 Sample Configurations 261 Attach and View Storage Devices Synch DataRep Source Destination Oper Admin Progress StatusSynch None 262 Configuring the V-Switch with a Single IP Routing Path Sample Configurations 263 264 LAN a Sample Configurations 265 Insert IP 0.0 0 0.0 0 0.0 0 Iscsi portal create -ip 212.199.43.56 -p 266 Sample Configurations 267 268 Sample Configurations 269 270 Configuring a Cluster Sample Configurations 271 Cluster Topology 272 Sample Configurations 273 274 Sample Configurations 275 Init -n VSwitch2 Neighbor add -nb VSwitch1 -ip276 Sample Configurations 277 Iscsi portal create -ip 212.199.43.75 -p 278 Sample Configurations 279 280 Sample Configurations 281 282 Sample Configurations 283 Nd Microsoft iSCSI Initiator Configuration for Host Station 284 Index Index 285 Chap 286 Dummy synchronize Index 287 Interval 288 Mirror Index 289 RS232 19, 46, 190 290 SRP Index 291 Volume create 292 Index 293