Skip to main content

Remove cluster peering encryption from an existing peer relationship

Contributors netapp-lenida netapp-aherbin netapp-dbagwell
PDFs

By default, cluster peering encryption is enabled on all peer relationships created in ONTAP 9.6 or later. If you do not want to use encryption for cross-cluster peering communications, you can disable it.

Steps

  1. On the destination cluster, modify communications with the source cluster to discontinue use of cluster peering encryption:

    • To remove encryption, but maintain authentication enter:

      cluster peer modify <source_cluster> -auth-status-admin use-authentication -encryption-protocol-proposed none

    • To remove encryption and authentication:

      1. Modify the cluster peering policy to allow unauthenticated access:

        cluster peer policy modify -is-unauthenticated-access-permitted true

      2. Modify encryption and authentication access:

        cluster peer modify <source_cluster> -auth-status no-authentication

  2. When prompted enter the passphrase.

  3. Confirm the passphrase by re-entering it.

  4. On the source cluster, disable encryption for communication with the destination cluster:

    • To remove encryption, but maintain authentication enter:

      cluster peer modify <destination_cluster> -auth-status-admin use-authentication -encryption-protocol-proposed none

    • To remove encryption and authentication:

      1. Modify the cluster peering policy to allow unauthenticated access:

        cluster peer policy modify -is-unauthenticated-access-permitted true

      2. Modify encryption and authentication access:

        cluster peer modify <destination_cluster> -auth-status no-authentication

  5. When prompted, enter and re-enter the same passphrase you used on the destination cluster.