vserver iscsi security create
Create an iSCSI authentication configuration for an initiator
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command configures the security method for an iSCSI initiator on a Vserver. The outbound CHAP password and user name are optional. If you want mutual authentication, you need to configure both inbound and outbound CHAP passwords and user names.
You cannot use the same password for inbound and outbound settings.
Parameters
-vserver <Vserver Name>
- Vserver-
Specifies the Vserver.
-i, -initiator-name <text>
- Initiator Name-
Specifies the initiator that you want to create a security method for. You can use either an iqn such as iqn.1995-08.com.example:string or eui such as eui.0123456789abcdef for the initiator.
-s, -auth-type {CHAP|deny|none}
- Authentication Type-
Specifies the authentication type:
-
CHAP - Authenticates using a CHAP user name and password.
-
none - The initiator can access the Vserver without authentication.
-
deny - The initiator cannot access the Vserver.
-
[-n, -user-name <text>]
- Inbound CHAP User Name-
Specifies the inbound CHAP user name. CHAP user names can be one to 128 bytes. A null user name is not allowed. If provided, you will be prompted to provide the corresponding inbound CHAP password.
[-m, -outbound-user-name <text>]
- Outbound CHAP User Name-
Specifies the outbound CHAP user name. CHAP user names can be one to 128 bytes. If provided, you will be prompted to enter the corresponding outbound CHAP password.
[-initiator-address-ranges {<ipaddr>|<ipaddr>-<ipaddr>}]
- Initiator IP Address Ranges-
Specifies one or more initiator source IP address ranges. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.
An example of a valid IPv4 address range is: '192.168.1.100-192.168.1.150'.
An example of a valid IPv6 address range is: '2001:db8::1000:1-2001:db8::1000:50'.
Examples
cluster1::> vserver iscsi security create -vserver vs_1 -initiator-name eui.0123456789abcdef -auth-type CHAP -user-name bob -outbound-user-name bob2 Password: {enter password} Outbound Password: {enter password}
Creates authentication method chap for initiator eui.0123456789abcdef with inbound and outbound usernames and passwords.
cluster1::> vserver iscsi security create -vserver vs_1 -initiator-name iqn.1995-08.com.example:e3f87c7cf2e4 -auth-type none -initiator-address-ranges 192.168.1.1-192.168.1.255
Creates authentication method for initiator iqn.1993-08.com.example:01:e3f87c7cf2e4 with IP address validation only.