Skip to main content

network interface service-policy create

Contributors
Suggest changes
PDFs

Create a new service policy

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

The network interface service-policy create command creates a new service policy with a list of included services. LIFs can reference this policy to control the list of services that they are able to transport on their network. Services can represent applications accessed by a LIF as well as applications served by this cluster.

Parameters

-vserver <vserver name> - Vserver

Use this parameter to specify the name of the Vserver on which the service policy will be created.

-policy <text> - Policy Name

Use this parameter to specify the name of service policy to be created.

[-services <LIF Service Name>,…​] - Included Services

Use this parameter to specify a list of services that should be included in this policy.

[-allowed-addresses <IP Address/Mask>,…​] - Allowed Addresses

Use this parameter to specify a list of subnet masks for addresses that are allowed to access the services in this policy. Use the value 0.0.0.0/0 to represent the wildcard IPv4 address and ::/0 to represent the wildcard IPv6 address.

Examples

The following example shows the creation of a service policy with no initial services.

cluster1::> network interface service-policy create -vserver cluster1 -policy empty

cluster1::> network interface service-policy show -vserver cluster1
Vserver   Policy                     Service: Allowed Addresses
--------- -------------------------- ----------------------------------------
cluster1
          default-intercluster       intercluster-core: 0.0.0.0/0
                                     management-https: 0.0.0.0/0
default-management         management-core: 0.0.0.0/0
                                     management-autosupport: 0.0.0.0/0
                                     management-ssh: 0.0.0.0/0
                                     management-https: 0.0.0.0/0
default-route-announce     management-bgp: 0.0.0.0/0
empty                      -

4 entries were displayed.

The following example shows the creation of a new service policy with a specified service list.

cluster1::> network interface service-policy create -vserver cluster1 -policy custom -services intercluster-core,management-ssh

cluster1::> network interface service-policy show -vserver cluster1
Vserver   Policy                     Service: Allowed Addresses
--------- -------------------------- ----------------------------------------
cluster1
          custom                     intercluster-core: 0.0.0.0/0
                                     management-ssh: 0.0.0.0/0
default-intercluster       intercluster-core: 0.0.0.0/0
                                     management-https: 0.0.0.0/0
default-management         management-core: 0.0.0.0/0
                                     management-autosupport: 0.0.0.0/0
                                     management-ssh: 0.0.0.0/0
                                     management-https: 0.0.0.0/0
default-route-announce     management-bgp: 0.0.0.0/0
empty                      -

5 entries were displayed.