Skip to main content

vserver iscsi security show

Contributors
Suggest changes

Show the current iSCSI authentication configuration

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command displays the default authentication and all initiator-specific authentication information. ONTAP authentication overrides all other service authentication methods.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-address-masks ]

Display the list of IP Address ranges in CIDR notation that each initiator is allowed to originate from. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

| [-address-ranges ]

Display the list of IP Address ranges that each initiator is allowed to originate from. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <Vserver Name>] - Vserver

Use this parameter to display authentication information that matches the Vserver name that you specify.

[-i, -initiator-name <text>] - Initiator Name

Use this parameter to display authentication information that matches the initiator that you specify.

[-s, -auth-type {CHAP|deny|none}] - Authentication Type

Use this parameter to display authentication information that matches the authentication type that you specify.

[-n, -user-name <text>] - Inbound CHAP User Name

Use this parameter to display authentication information that matches the inbound CHAP user name that you specify.

[-m, -outbound-user-name <text>] - Outbound CHAP User Name

Use this parameter to display authentication information that matches the outbound CHAP user name that you specify.

[-auth-chap-policy <local>] - Authentication CHAP Policy

Use this parameter to display authentication information that matches the authentication CHAP policy that you specify.

[-initiator-address-ranges {<ipaddr>|<ipaddr>-<ipaddr>}] - Initiator IP Address Ranges

Use this parameter to display authentication information that matches the initiator address range that you specify. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

An example of a valid IPv4 address range is: '192.168.1.100-192.168.1.150'.

An example of a valid IPv6 address range is: '2001:db8::1000:1-2001:db8::1000:50'.

[-initiator-address-masks <IP Address/Mask>,…​] - Initiator IP Address Masks

Use this parameter to display authentication information that matches the initiator address masks that you specify. If this list is empty, the initiator is allowed to log in from any IP address. The IPv4 or IPv6 address range contains a start address and an end address. The start and end addresses themselves are included in the range.

An example of a valid IPv4 address range in CIDR notation is: 192.168.1.3/32.

An example of a valid IPv6 address range in CIDR notation is: 2001:db8::1000:1/128.

Examples

cluster1::> vserver iscsi security show -vserver vs1
                                  Auth   Auth CHAP Inbound CHAP  Outbound CHAP
Vserver    Initiator Name         Type   Policy    User Name     User Name
---------- ---------------------- ------ --------- ------------- -------------
vs1       default                none   -         -             -
          iqn.2010-12.com.example:abcdefg
                                  CHAP   local     bob           bob2
2 entries were displayed.

Displays the authentication information for Vserver vs1.

cluster1::> vserver iscsi security show -address-ranges -vserver vs1

Vserver    Initiator Name         Initiator Address Ranges
---------- ---------------------- --------------------------------------------
vs1        iqn.2010-12.com.example:abcdefg
           iqn.2010-12.com.example:hijklmn
                                  192.168.1.100-192.168.1.150
                                  2001:db8::1000:1-2001:db8::1000:50

2 entries were displayed.

Displays the initiator and their valid address ranges for Vserver vs1.

cluster1::> vserver iscsi security show -address-masks -vserver vs1

Vserver    Initiator Name         Initiator Address Ranges
---------- ---------------------- --------------------------------------------
vs1        iqn.2010-12.com.example:abcdefg
     iqn.2010-12.com.example:hijklmn
          192.168.1.100/30
          192.168.1.104/29
          192.168.1.112/28
          192.168.1.128/28
          192.168.1.144/30
          192.168.1.148/31
          192.168.1.150/32
          2001:db8::1000:1/128
          2001:db8::1000:2/127
          2001:db8::1000:4/126
          2001:db8::1000:8/125
          2001:db8::1000:10/124
          2001:db8::1000:20/123
          2001:db8::1000:40/124
          2001:db8::1000:50/128
2 entries were displayed.

Displays the initiator and their valid address ranges for Vserver vs1.