Release notes
Manage the IP addresses that can access the SP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
By default, the SP accepts SSH connection requests from administration hosts of any IP addresses. You can configure the SP to accept SSH connection requests from only the administration hosts that have the IP addresses you specify. The changes you make apply to SSH access to the SP of any nodes in the cluster.
-
Grant SP access to only the IP addresses you specify by using the
system service-processor ssh add-allowed-addressescommand with the-allowed-addressesparameter.-
The value of the
-allowed-addressesparameter must be specified in the format ofaddress/netmask, and multipleaddress/netmaskpairs must be separated by commas, for example,10.98.150.10/24, fd20:8b1e:b255:c09b::/64.Setting the
-allowed-addressesparameter to0.0.0.0/0, ::/0enables all IP addresses to access the SP (the default). -
When you change the default by limiting SP access to only the IP addresses you specify, ONTAP prompts you to confirm that you want the specified IP addresses to replace the “allow all” default setting (
0.0.0.0/0, ::/0). -
The
system service-processor ssh showcommand displays the IP addresses that can access the SP.
-
-
If you want to block a specified IP address from accessing the SP, use the
system service-processor ssh remove-allowed-addressescommand with the-allowed-addressesparameter.If you block all IP addresses from accessing the SP, the SP becomes inaccessible from any administration hosts.
The following examples show the default setting for SSH access to the SP, change the default by limiting SP access to only the specified IP addresses, remove the specified IP addresses from the access list, and then restore SP access for all IP addresses:
cluster1::> system service-processor ssh show
Allowed Addresses: 0.0.0.0/0, ::/0
cluster1::> system service-processor ssh add-allowed-addresses -allowed-addresses 192.168.1.202/24, 192.168.10.201/24
Warning: The default "allow all" setting (0.0.0.0/0, ::/0) will be replaced
with your changes. Do you want to continue? {y|n}: y
cluster1::> system service-processor ssh show
Allowed Addresses: 192.168.1.202/24, 192.168.10.201/24
cluster1::> system service-processor ssh remove-allowed-addresses -allowed-addresses 192.168.1.202/24, 192.168.10.201/24
Warning: If all IP addresses are removed from the allowed address list, all IP
addresses will be denied access. To restore the "allow all" default,
use the "system service-processor ssh add-allowed-addresses
-allowed-addresses 0.0.0.0/0, ::/0" command. Do you want to continue?
{y|n}: y
cluster1::> system service-processor ssh show
Allowed Addresses: -
cluster1::> system service-processor ssh add-allowed-addresses -allowed-addresses 0.0.0.0/0, ::/0
cluster1::> system service-processor ssh show
Allowed Addresses: 0.0.0.0/0, ::/0