network interface service-policy create
Create a new service policy
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
The network interface service-policy create
command creates a new service policy with a list of included services. LIFs can reference this policy to control the list of services that they are able to transport on their network. Services can represent applications accessed by a LIF as well as applications served by this cluster.
Parameters
-vserver <vserver name>
- Vserver-
Use this parameter to specify the name of the Vserver on which the service policy will be created.
-policy <text>
- Policy Name-
Use this parameter to specify the name of service policy to be created.
[-services <LIF Service Name>,…]
- Included Services-
Use this parameter to specify a list of services that should be included in this policy.
[-allowed-addresses <IP Address/Mask>,…]
- Allowed Addresses-
Use this parameter to specify a list of subnet masks for addresses that are allowed to access the services in this policy. Use the value
0.0.0.0/0
to represent the wildcard IPv4 address and::/0
to represent the wildcard IPv6 address.
Examples
The following example shows the creation of a service policy with no initial services.
cluster1::> network interface service-policy create -vserver cluster1 -policy empty cluster1::> network interface service-policy show -vserver cluster1 Vserver Policy Service: Allowed Addresses --------- -------------------------- ---------------------------------------- cluster1 default-intercluster intercluster-core: 0.0.0.0/0 management-https: 0.0.0.0/0 default-management management-core: 0.0.0.0/0 management-autosupport: 0.0.0.0/0 management-ssh: 0.0.0.0/0 management-https: 0.0.0.0/0 default-route-announce management-bgp: 0.0.0.0/0 empty - 4 entries were displayed.
The following example shows the creation of a new service policy with a specified service list.
cluster1::> network interface service-policy create -vserver cluster1 -policy custom -services intercluster-core,management-ssh cluster1::> network interface service-policy show -vserver cluster1 Vserver Policy Service: Allowed Addresses --------- -------------------------- ---------------------------------------- cluster1 custom intercluster-core: 0.0.0.0/0 management-ssh: 0.0.0.0/0 default-intercluster intercluster-core: 0.0.0.0/0 management-https: 0.0.0.0/0 default-management management-core: 0.0.0.0/0 management-autosupport: 0.0.0.0/0 management-ssh: 0.0.0.0/0 management-https: 0.0.0.0/0 default-route-announce management-bgp: 0.0.0.0/0 empty - 5 entries were displayed.