Release notes
iSCSI endpoint isolation
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.1 existing iSCSI security commands were enhanced to accept an IP address range, or multiple IP addresses.
All iSCSI initiators must provide origination IP addresses when establishing a session or connection with a target. This new functionality prevents an initiator from logging into the cluster if the origination IP address is unsupported or unknown, providing a unique identification scheme. Any initiator originating from an unsupported or unknown IP address will have their login rejected at the iSCSI session layer, preventing the initiator from accessing any LUN or volume within the cluster.
Implement this new functionality with two new commands to help manage pre-existing entries.
Add initiator address range
Improve iSCSI initiator security management by adding an IP address range, or multiple IP addresses with the vserver iscsi security add-initiator-address-range command.
cluster1::> vserver iscsi security add-initiator-address-range
Remove initiator address range
Remove an IP address range, or multiple IP addresses, with the vserver iscsi security remove-initiator-address-range command.
cluster1::> vserver iscsi security remove-initiator-address-range