Configure a LIF
Suggest changes
PDFs
You must identify a LIF that will be used for establishing a data connection and control connection between the node and the backup application. After identifying the LIF, you must verify that firewall and failover policies are set for the LIF.
|
Beginning with ONTAP 9.10.1, firewall policies are deprecated and wholly replaced with LIF service policies. For more information, see Manage supported traffic. |
-
Identify the intercluster LIF hosted on the nodes by using the
network interface showcommand with the-service-policyparameter.network interface show -service-policy default-intercluster -
Ensure that the intercluster LIF includes the
backup-ndmp-controlservice:network interface service-policy show -
Ensure that the failover policy is set appropriately for the intercluster LIFs:
-
Verify that the failover policy for the intercluster LIFs is set to
local-onlyby using thenetwork interface show -failovercommand.cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group -------- --------------- ----------------- ------------ -------- cluster1 IC1 cluster1-1:e0a local-only Default Failover Targets: ....... IC2 cluster1-2:e0b local-only Default Failover Targets: ....... cluster1-1 cluster1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ....... -
If the failover policy is not set appropriately, modify the failover policy by using the
network interface modifycommand with the-failover-policyparameter.cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
Identify the intercluster LIF hosted on the nodes by using the
network interface showcommand with the-roleparameter.cluster1::> network interface show -role intercluster Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- cluster1 IC1 up/up 192.0.2.65/24 cluster1-1 e0a true cluster1 IC2 up/up 192.0.2.68/24 cluster1-2 e0b true -
Ensure that the firewall policy is enabled for NDMP on the intercluster LIFs:
-
Verify that the firewall policy is enabled for NDMP by using the
system services firewall policy showcommand.The following command displays the firewall policy for the intercluster LIF:
cluster1::> system services firewall policy show -policy intercluster Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1 intercluster dns - http - https - ndmp 0.0.0.0/0, ::/0 ndmps - ntp - rsh - ssh - telnet - 9 entries were displayed. -
If the firewall policy is not enabled, enable the firewall policy by using the
system services firewall policy modifycommand with the-serviceparameter.The following command enables firewall policy for the intercluster LIF:
cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
-
-
Ensure that the failover policy is set appropriately for the intercluster LIFs:
-
Verify that the failover policy for the intercluster LIFs is set to
local-onlyby using thenetwork interface show -failovercommand.cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group -------- --------------- ----------------- ------------ -------- cluster1 IC1 cluster1-1:e0a local-only Default Failover Targets: ....... IC2 cluster1-2:e0b local-only Default Failover Targets: ....... cluster1-1 cluster1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ....... -
If the failover policy is not set appropriately, modify the failover policy by using the
network interface modifycommand with the-failover-policyparameter.cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-