Skip to main content
A newer release of this product is available.

vserver export-policy netgroup check-membership

Contributors
Suggest changes

Check to see if the client is a member of the netgroup

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver export-policy netgroup check-membership command determines if the client IP address is a member of the netgroup. The netgroup must be configured as clientmatch in atleast one of the export-policy rules configured in the vserver. Data ONTAP can determine the membership information only after it has fully loaded the netgroup into the cache. Until then, while the reverse lookup scan algorithm might find a match, both DNS round robin and DNS aliases prevent ruling out non-matches. You can use the vserver export-policy netgroup queue show command to monitor the loading of the netgroup.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the name of the Vserver whose netgroup you want to check for client membership.

-netgroup <text> - Name of the Netgroup

This parameter specifies the name of the netgroup that you want to check for client membership.

-client-ip <IP Address> - Client Address

This parameter specifies the IP address of the client whose netgroup membership you want to check.

Examples

The following examples of the vserver export-policy netgroup check-membership command display various possible results for client membership checks.

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  mercury -client-ip 172.17.16.72
Client 172.17.16.72 is a member of netgroup "mercury" for Vserver "vs1" with state "reverse lookup scan".

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  mercury -client-ip 172.17.16.72
Client 172.17.16.72 is a member of netgroup "mercury" for Vserver "vs1" with state "cache".

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  mercury -client-ip 172.17.16.14
Client 172.17.16.14 is not a member of netgroup "mercury" for Vserver "vs1".

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  big -client-ip 172.17.16.69
Cannot yet determine the membership of client 172.17.16.69 in netgroup "big" for Vserver "vs1". Try again when the netgroup is loaded in the cache.

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  big -client-ip 172.17.16.69
Client 172.17.16.72 is a member of netgroup "big" for Vserver "vs1" with state "cache".

cluster1::*> vserver export-policy netgroup check-membership -vserver vs1 -netgroup  big -client-ip 2002:c65f:e228:0:0:0:0:0
Cannot yet determine the membership of client 2002:c65f:e228:: in netgroup "big" for Vserver "vs1". Try again when the netgroup is loaded in the cache.