Manuals / SANRAD / Computer Equipment / Switch

SANRAD V-Switch manual Connecting an Identity and Target, Acl add, 132

Models: V-Switch

1 300

Download 300 pages 15.92 Kb

Page 138

If you are working in

aV-Switch cluster, each Identity must be connected to the target(s) on both V- Switches.

All CLI names and aliases are case sensitive

Connecting an Identity and Target

Once created, an identity must be connected to a target to provide it with access control. An identity specifies which access rights the iSCSI initiators within the Identity have to the target.

When an identity is connected to a target, it is also given a position. The position of the identity determines its place in the V-Switch access rights evaluation. An identity with the position 0 (default identity) is the last identity evaluated when an initiator tries to access a volume. If the initiator meets the profile of the identity, it is granted that identity ‘s access rights. If not, the V-Switch continues to position 1. The V-Switch does not scan all identities to determine which most specifically fits the host. Therefore, identities must be positioned in decreasing specificity to function correctly. The V-Switch scans for the first fit and not the best fit.

An identity can be connected to more than one target to provide the same conditions for each target. Use the CLI command acl add to connect an identity to a target.

acl add

You need to define four parameters to connect an identity to a target:

SWITCH	PARAMETER	DEFINITION	STATUS	EXAMPLE

-ta	TARGET ALIAS	ALIAS OF TARGET	MANDATORY	finance
		TO ATTACH TO
-id	IDENTITY	NAME OF ACL	MANDATORY	accounting
		IDENTITY
-acc	ACCESS	ACCESS RIGHTS TO	OPTIONAL	rw
		TARGET:	DEFAULT=RW
		DEFAULT=RW	DEFAULT=RW
		DEFAULT=RW
		RW =READ-WRITE
		RO = READ-ONLY
		NA =NOT
		ACCESSIBLE
-pos	POSITION	ACL RANK IN	OPTIONAL	1
		ACCESS RIGHT	ASSIGNED LAST
		EVALUATION SCAN	ASSIGNED LAST
		EVALUATION SCAN	POSITION IF
			POSITION IF
			NOT SPECIFIED

Example

The identity, accounting, is connected to the target finance. Accounting is the second identity scanned for an initiator match. Any initiator in the accounting identity is given read-only access. Later, an administrator identity can be created with read-write access and placed in position 0.

132	SANRAD V-Switch User Manual

Image 138

SANRAD V-Switch manual Connecting an Identity and Target, Acl add, 132

Contents

Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information FCC-15 User InformationSafety Notices User Notes Sanrad V-Switch International Headquarters Limited Warranty Regulatory Information Safety Notices User Notes Table of Contents Switch Configuration Volume Exposure & Security Routine Volume Maintenance 195 Volume Configuration Sample Configurations 285 Switch This ChapterSwitch Overview Switch Network Topology Order of OperationsManual Organization Chapter Title DescriptionVol CLI Command Line InterfaceVolume create transparent Transparent1Technical Assistance Esc TabInstalling the V-Switch Chassis Front PanelSystem Indicator LEDs Back PanelSwitch 2000 LEDs Scsi Surface Mounting Rack MountingAttach the Rear L-BRACKET Storage Port Connections Scsi Storage Port Connection TypeSwitch 2000 FC Storage Ports Network Port Connections Network Port Cable ConnectionsPowering Up Console Port ConnectionSwitch 2000 Power Supplies User Notes LCD Switch 3000 Front Panel Switch 3000 LEDs Installing the V-SwitchThis step works best with two people Switch 3000 Storage Ports Switch 3000 Storage Port LEDs 1000BASE-SXSHORT-WAVE Laser for Switch 3000 Network Ports Switch 3000 Management Port Management Port ConnectionLCD Compact Flash CF SlotScalability Port Scalability PortSwitch 3000 Power Supplies Switch Configuration Switch ConfigurationIntroduction to Managing the V-Switch Switch Management Options Configuring the V-Switch 3000 Management Parameters via LCD Switch Status OKConfiguring the Management Console Initializing the V-Switch TelnetInit VSwitchInit -n VSwitch -ip 212.199.43.46Changing General Management Parameters VSwitch1Changing Management Parameters Device setRld LocExt4838 Telnet RcomChanging the Telnet Communications Port Adding an Snmp ManagerAdding User Login Profiles Page Configuring the Storage Ports Setting a Scsi Storage Port Bus IDViewing Scsi Storage Ports and Bus IDs Pscsi set busid -if pscsi3 -id Configuring an FC Storage PortViewing the FC Port Information Fc interface show Alias2000201058001046 Viewing the V-Switch World Wide Node NameFc set -if fc2 -sp 1 -pt nl -cm prl Function GatewayIp config set -ip 212.199.43.56 -if eth1 -act Configuring the Network PortsIp config set 212.199.43.56Checking the IP Configurations Ip config showRemoving an IP Address Ip config remove Ip config remove -ipISNS Discovering iSCSI TargetsISCSI Discovery Session Ip isns addConfiguring iSCSI Portals Iscsi portal create -ip Viewing iSCSI PortalsRemoving iSCSI Portals Iscsi portal removeConfiguring IP Routing Only one of these paths can be configured for V-SwitchSetting a Default Gateway Adding an IP RouteChecking IP Routes Viewing IP RoutesRemoving an IP Route Ip route remove 10.12.40.0 255.255.255.0 Eth3User Notes Switch Cluster Configuration Switch Cluster ConfigurationIntroduction to V-Switch Clusters Switch Cluster Configuration Re-routing Storage Access with Off-line V-Switch Adding a Neighbor Configuring a V-Switch ClusterSetting the V-Switch ID Device set -idNeighbor add VSwitch2Neighbor add -nb VSwitch2 -ip 212.199.43.75Cluster with Neighbor IP Addresses Pscsi set busid if pscsi3 -id Working with Scsi Storage DevicesMaintaining Cluster Communications Cluster show Last Keep AliveCluster failover disable Further V-Switch Cluster ConfigurationsCluster failover enable Enabling and Disabling FailoverViewing V-Switch Neighbor Details Neighbor showNeighbor details Neighbor set VSwitch2 212.199.43.75Managing a Cluster Neighbor removeCluster set Kai SintFint Volume Configuration LUN CarvingIntroduction to Volume Configuration Physical Storage used in ExamplesAlias Entity Name Identifying Available Storage DevicesStorage show Storage blink activateStorage set Storage blink activate -s Stor1 -tStorage blink abort Stor1 Disk2JBOD5 Saveforsnap shotsStorage details SeagateCreating a Transparent Volume Volume create transparent -vol Trans1 -d Disk1Trans1 Volume show Alias Vol TypeTrans1 Transpar 1024 512 18000000 Creating a Subdisk LUN CarvingSubdisk create Subdisk1Subdisk create -d Disk1 -sl 18000000 -sa 0 -sd Subdisk1 Subdisk detailsDisk Start AddressSubdisk create -d Disk1 -sl Sa 18000000 -sd Subdisk2 Creating a Simple Volume Volume create simpleSimple1 State Volume create simple -vol Simple1 -sd Subdisk1Volume show Alias 17999999 512 InternalVol Nbc Creating a Concatenated VolumeVolume create concatenated Concat1Concatenated Volume Stripe1 Creating a Striped VolumeVolume create stripe SusSimple2 Simple4 Simple8 Simple10Striped Volume Mirrored1 Creating a Mirrored VolumeVolume create mirror 100Replicating Data in a Mirrored Volume Volume Configuration 101Src Volume mirror syncVolume mirror sync -src Simple3 -dst Simple5 Simple3Volume Configuration 103 Creating a RAID 10 and RAID 0+1Volume create mirror -vol Mirror2 -ch Simple1 -ch Simple7 Volume create mirror -vol Mirror3 -ch Simple3 -ch Simple9104 Second Mirrored Volume of RAID Volume Configuration 105Striped Volume of RAID 106Volume Exposure & Security Volume Exposure and Security 107Introduction to Volume Exposure & Security 108Volume Exposure and Security 109 IdentitiesIdentity B’s iSCSI Initiators 110Volume Exposure and Security 111 An identity can be used with more than one targetAccess Rights per Identity-Target Pair 112Authentication Volume Exposure and Security 113Switch 114Creating an iSCSI Target Iscsi target show 116Volume Exposure and Security 117 Iscsi target detailsAcl show Read-write Target Position Identity Access FinanceNot accessible Musicbox Musicdept Read-writeAcc Changing the Default IdentityAcl set PosCreating an Identity Volume Exposure and Security 121 Creating an IdentityIqn.1991-05 Adding Initiators to an IdentityAcl identity add name MicrosoftVolume Exposure and Security 123 Adding an InitiatorAdding a Second Initiator 124Assigning Identity Credentials Assigning Credentials 126Volume Exposure and Security 127 Adding Another Set of CredentialsAcl identity details 128212.199.43.2 Volume Exposure and Security 129Ip radius add DataTurnsMeOn130 AllowVolume Exposure and Security 131 Ip radius showAddressPort 212.199.43.21812 212.199.56.1341812 Connecting an Identity and Target Acl add132 Volume Exposure and Security 133 Acl add -ta finance -id accounting -acc rw -posNew Volume exposeExposing an iSCSI Target and LUN Vol1Volume expose -vol Vol1 -ta finance -lun Volume Exposure and Security 135Lu show 136Advanced Volume Operations Advanced Volume Operations 137Mirror versus Snapshot Introduction to Advanced Volume ConfigurationsData Replication Off-line versus On-line Actual Capacity versus Potential CapacityAdvanced Volume Operations 139 Copying a Volume Off-line CopyVolume copy create Src DstSynchronizing a Volume 140Advanced Volume Operations 141 Adding a Child to a Mirror On-line CopyMirror5 Simple10 No parameter required Volume mirror addVol No sync 142Volume mirror add -vol Mir4 -ch Sim6 Advanced Volume Operations 143Creating a Snapshot 144St Write to Source and Update to 1st Snapshot Advanced Volume Operations 145Volume create snapshot Vol Src146 Update to 1st Snapshot & 1st Write to Source Advanced Volume Operations 147148 Viewing Snapshot Volumes Volume snapshot showAdvanced Volume Operations 149 Mirror7 Volume snapshot list -vol Mirror7Breaking a Mirror Snapshot Date & Time Utilization Snp1Mir1 12/12/02 20%Advanced Volume Operations 151 Removing a Child from a MirrorMirror5 Simple10 Volume mirror breakVolume mirror break -vol Mir1 -ch Sim5 152Resizing a Volume Advanced Volume Operations 153Creating a Cube 154Further Resizing on the Same Volume Advanced Volume Operations 155Vol With Volume resizeVolume resize -vol Sim2 -a XSim2 -with Sim3 Ch2Advanced Volume Operations 157 Retracting a VolumeVolume retract Mir5Expanding a Volume 158Advanced Volume Operations 159 Volume expandVolume expand -vol XSim2 XSim2Expanding XSim2 160Advanced Volume Operations 161 Routine Volume Maintenance Routine Volume Maintenance 161Volumes Renaming a VolumeRemoving a Volume Volume remove -vol Stripe1 Routine Volume Maintenance 163Volume remove -all -vol Stripe1 Removing all Volumes in a HierarchyVolume remove -all AllRoutine Volume Maintenance 165 Replacing a VolumeVolume replace Vol NvolSynchronizing a Volume Mirror2 Mirror8166 Targets and Exposure Removing an LUChanging iSCSI Target Parameters Removing an iSCSI Target Removing a Radius ServerRemoving an iSNS Server Snmp Manager 169General Configuration Parameters 170Routine V-Switch Maintenance 171 Telnet PortTelnet 172 Setting an Snmp Manager Snmp ManagerRemoving an Snmp Manager Adding an iSNS Server ISNS ServerUser Profiles 174Adding a User Profile Changing a User ProfileRemoving a User Profile Switch Resetting a V-SwitchSaving Uploading a V-Switch Database File Network Interfaces Downloading a V-Switch Configuration FileRoutine V-Switch Maintenance 177 Ft downloadInterface set Changing an Interface AliasAdding an Interface IP Address Storage1Routine V-Switch Maintenance 179 Ip config set -if eth1 -ipIp config remove-ip Removing an Interface IP AddressIP Routing 180Discovering Storage Devices Routine V-Switch Maintenance 181Disks and Subdisks 30.30.20.20 Eth2Transparent Renaming a Storage DeviceExposeas Storage set -s Stor1 -na RAID1 -info Exposeas transparentRemoving a Storage Device Renaming a SubdiskRemoving a Subdisk Clusters Modifying Neighbor ParametersRemoving a Neighbor Routine V-Switch Maintenance 185 Modifying a ClusterKai Switch 3000 Power Supply 186Sanrad/update Upgrading the V-Switch SoftwareFt update Ft update -ip 212.199.43.46 -fd sanrad/update/v20Rep Switch 3000 Compact FlashSystem set System set -rep yesFrom Routine V-Switch Maintenance 189System copy Cflash TypeSafe Mode Automatic Safe Mode190 Level 2 Reboot with Default Factory Database Routine V-Switch Maintenance 191Manual Safe Mode Exporting a Corrupted DatabaseLevel O Normal Mode Routine V-Switch Maintenance 193194 Command Line Interface Command Line Interface 195196 Switch Configuration Command Line Interface 197Admin show Admin showInit -n VSwitch1 -ip InitAdmin password Admin addAdmin remove User NameDevice set ResetInfo 200Fc interface show Command Line Interface 201Device set -telnet 21/04/2002Fc node show Fc set speedInterface show Interface details Interface setPscsi show Snmp manager add Pscsi set busidSnmp manager show AliasBusID Pscsi3 Pscsi4Snmp manager remove Command Line Interface 205Snmp manager set 212.199.43.96 150Ip config remove Ip config showIp config set 206Ip route show Command Line Interface 207Ip route add 10.10.20.20 255.255.255.0 30.30.20.20Ip isns add Ip route removeIp isns show 10.12.40.40 255.255.255.0 20.22.11.11Neighbor add Command Line Interface 209Ip isns remove Neighbor setNeighbor details Neighbor removeCluster show Last Keep Alive Dead Ints FailoverEnabled StateRunning Cluster failover enableCluster failover disable Cluster setFt show Ft upload softwareFt download 212.199.43.70 Backupdata Ft export problemSystem boot System setSystem copy System show214 Volume Configuration Command Line Interface 215Storage blink abort Storage discoveryStorage blink activate Storage showStorage disk show Storage disk setStorage alias Stor7 Disk7 Replacedisk2 Storage detailsStorage set 218Subdisk create Command Line Interface 219Storage remove Subdisk showSubdisk show Subdisk detailsSubdisk alias Subdisks detailsVolume show Subdisk setSubdisk remove Volume details Volume alias Volume hierarchyVolume create simple Volume create concatenated Volume create transparentVolume create mirror Mirror2Volume create striped Volume setVolume remove Volume remove -allVolume replace Volume mirror dummysync Volume mirror showVolume mirror sync Command Line Interface 227Volume copy abort Volume copy createVolume copy show Volume copy abortVolume resize Volume mirror addVolume mirror break Vol Dst No syncVolume create snapshot Volume retractVolume expand 230Command Line Interface 231 Volume snapshot showVolume snapshot list Mirro2Volume Exposure 232Iscsi portal create Command Line Interface 233Iscsi portal show Iscsi portal removeIscsi target set Iscsi target createIscsi target alias Billing.san rad Device DeviceIscsi target authentication Iscsi target removeAcl show Acl details Acl addAcl set Acl remAcl identity show Acl identity delete Acl identity detailsAcl identity create MedSchool All registered studentsAcl identity add name Acl identity remove nameAcl identity add chap Acl identity remove chap Acl identity add srpAcl identity remove srp Acl identity set Acl upAcl down Ip radius set Ip radius showIp radius add KeyVolume expose -new Volume exposeIp radius remove Music.sanrad Lu showLu details IscsiLu details Command Line Interface 245Lu remove Expose Lu remove246 Sample Configurations Sample Configurations 247Sample Introduction 248Installing and Using the V-Switch Sample Configurations 249System Overview 250Init -n VSwitch1 Sample Configurations 251Iscsi portal create -ip 172.17.200.174 -p Protocol Address Type Port IPv4 172.17.200.174 3260252 Sample Configurations 253 Create Iscsi Target and LUNMicrosoft iSCSI Initiator 254New disk should be configured as a basic disk only Sample Configurations 255Replacing a Mirrored Volume 256Sample Configurations 257 Replacing a Failed DiskVolume replace -vol Simple4 -nvol Simple5 Stor5 500708206059f880 Enabled EntireVolume create simple -vol Simple5 -d Stor5 258Sample Configurations 259 Volume mirror synch -src Simple3 -dst Simple5Volume remove all -vol Simple4 Storage remove -s Stor4Replicating Data Off-line 260Sample Configurations 261 Attach and View Storage DevicesSynch DataRep Source Destination Oper Admin Progress StatusSynch None 262Configuring the V-Switch with a Single IP Routing Path Sample Configurations 263264 LAN aSample Configurations 265 Insert IP 0.0 0 0.0 0 0.0 0Iscsi portal create -ip 212.199.43.56 -p 266Sample Configurations 267 268 Sample Configurations 269 270 Configuring a Cluster Sample Configurations 271Cluster Topology 272Sample Configurations 273 274 Sample Configurations 275 Init -n VSwitch2 Neighbor add -nb VSwitch1 -ip276 Sample Configurations 277 Iscsi portal create -ip 212.199.43.75 -p278 Sample Configurations 279 280 Sample Configurations 281 282 Sample Configurations 283 Nd Microsoft iSCSI Initiator Configuration for Host Station 284Index Index 285Chap 286Dummy synchronize Index 287Interval 288Mirror Index 289RS232 19, 46, 190 290SRP Index 291Volume create 292Index 293