Skip to main content

vserver iscsi security create

Contributors
Suggest changes

Create an iSCSI authentication configuration for an initiator

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command configures the security method for an iSCSI initiator on a Vserver. The outbound CHAP password and user name are optional. If you want mutual authentication, you need to configure both inbound and outbound CHAP passwords and user names.

You cannot use the same password for inbound and outbound settings.

Parameters

-vserver <Vserver Name> - Vserver

Specifies the Vserver.

-i, -initiator-name <text> - Initiator Name

Specifies the initiator that you want to create a security method for. You can use either an iqn such as iqn.1995-08.com.example:string or eui such as eui.0123456789abcdef for the initiator.

-s, -auth-type {CHAP|deny|none} - Authentication Type

Specifies the authentication type:

  • CHAP - Authenticates using a CHAP user name and password.

  • none - The initiator can access the Vserver without authentication.

  • deny - The initiator cannot access the Vserver.

[-n, -user-name <text>] - Inbound CHAP User Name

Specifies the inbound CHAP user name. CHAP user names can be one to 128 bytes. A null user name is not allowed. If provided, you will be prompted to provide the corresponding inbound CHAP password.

[-m, -outbound-user-name <text>] - Outbound CHAP User Name

Specifies the outbound CHAP user name. CHAP user names can be one to 128 bytes. If provided, you will be prompted to enter the corresponding outbound CHAP password.

[-initiator-address-ranges {<ipaddr>|<ipaddr>-<ipaddr>}] - Initiator IP Address Ranges

Specifies one or more initiator source IP address ranges. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

An example of a valid IPv4 address range is: '192.168.1.100-192.168.1.150'.

An example of a valid IPv6 address range is: '2001:db8::1000:1-2001:db8::1000:50'.

Examples

cluster1::> vserver iscsi security create -vserver vs_1
-initiator-name eui.0123456789abcdef -auth-type CHAP -user-name bob -outbound-user-name bob2

Password: {enter password}

Outbound Password: {enter password}

Creates authentication method chap for initiator eui.0123456789abcdef with inbound and outbound usernames and passwords.

cluster1::> vserver iscsi security create -vserver vs_1
-initiator-name iqn.1995-08.com.example:e3f87c7cf2e4 -auth-type none
-initiator-address-ranges 192.168.1.1-192.168.1.255

Creates authentication method for initiator iqn.1993-08.com.example:01:e3f87c7cf2e4 with IP address validation only.