設定LIF
建議變更
PDF
您必須識別要用於在資料與磁帶資源之間建立資料連線的生命期、以及用於控制管理SVM與備份應用程式之間的連線。識別出生命之後、您必須確認已設定服務和容錯移轉原則。
|
從ONTAP S振 分9.10.1開始、防火牆原則已過時、並完全由LIF服務原則取代。如需更多資訊、請參閱 "管理支援的流量"。 |
-
使用命令搭配
-service-policy`參數、識別節點上託管的叢集間 LIF `network interface show。network interface show -service-policy default-intercluster -
使用命令搭配
-service-policy`參數、識別節點上託管的管理 LIF `network interface show。network interface show -service-policy default-management -
確保叢集間 LIF 包含 `backup-ndmp-control`以下服務:
network interface service-policy show -
請確定已針對所有生命期適當設定容錯移轉原則:
-
確認叢集管理 LIF 的容錯移轉原則已設定為
broadcast-domain-wide,而叢集間和節點管理階層的原則則設定為local-only使用network interface show -failover命令。下列命令會顯示叢集管理、叢集間和節點管理生命體的容錯移轉原則:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ------- -------------- -------------- ---------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast- Default domain-wide Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 c1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 c1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ......-
如果未適當設定容錯移轉原則、請使用修改容錯移轉原則
network interface modify命令-failover-policy參數。cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
使用指定資料連線所需的生命
vserver services ndmp modify命令preferred-interface-role參數。cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
使用確認已為叢集設定偏好的介面角色
vserver services ndmp show命令。cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt
-
使用識別叢集間、叢集管理和節點管理階層的生命
network interface show命令-role參數。下列命令會顯示叢集間的LIF:
cluster1::> network interface show -role intercluster Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ------------- ------- ---- cluster1 IC1 up/up 192.0.2.65/24 cluster1-1 e0a true cluster1 IC2 up/up 192.0.2.68/24 cluster1-2 e0b true下列命令會顯示叢集管理LIF:
cluster1::> network interface show -role cluster-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- ------------------ ----------- ------- ---- cluster1 cluster_mgmt up/up 192.0.2.60/24 cluster1-2 e0M true以下命令顯示節點管理生命體:
cluster1::> network interface show -role node-mgmt Logical Status Network Current Current Is Vserver Interface Admin/Oper Address/Mask Node Port Home ----------- ---------- ---------- --------------- ------------ ------ ------ cluster1 cluster1-1_mgmt1 up/up 192.0.2.69/24 cluster1-1 e0M true cluster1-2_mgmt1 up/up 192.0.2.70/24 cluster1-2 e0M true -
確保已爲羣集間 NDMP 、羣集管理(
cluster-mgmt`和節點管理(`node-mgmt()生命體上的 NDMP 啓用防火牆策略:-
使用驗證是否已啟用 NDMP 的防火牆原則
system services firewall policy show命令。下列命令會顯示叢集管理LIF的防火牆原則:
cluster1::> system services firewall policy show -policy cluster Vserver Policy Service Allowed ------- ------------ ---------- ----------------- cluster cluster dns 0.0.0.0/0 http 0.0.0.0/0 https 0.0.0.0/0 ndmp 0.0.0.0/0 ndmps 0.0.0.0/0 ntp 0.0.0.0/0 rsh 0.0.0.0/0 snmp 0.0.0.0/0 ssh 0.0.0.0/0 telnet 0.0.0.0/0 10 entries were displayed.下列命令會顯示叢集間LIF的防火牆原則:
cluster1::> system services firewall policy show -policy intercluster Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1 intercluster dns - http - https - ndmp 0.0.0.0/0, ::/0 ndmps - ntp - rsh - ssh - telnet - 9 entries were displayed.下列命令會顯示節點管理LIF的防火牆原則:
cluster1::> system services firewall policy show -policy mgmt Vserver Policy Service Allowed ------- ------------ ---------- ------------------- cluster1-1 mgmt dns 0.0.0.0/0, ::/0 http 0.0.0.0/0, ::/0 https 0.0.0.0/0, ::/0 ndmp 0.0.0.0/0, ::/0 ndmps 0.0.0.0/0, ::/0 ntp 0.0.0.0/0, ::/0 rsh - snmp 0.0.0.0/0, ::/0 ssh 0.0.0.0/0, ::/0 telnet - 10 entries were displayed. -
如果未啟用防火牆原則、請使用啟用防火牆原則
system services firewall policy modify命令-service參數。下列命令可啟用叢集間LIF的防火牆原則:
cluster1::> system services firewall policy modify -vserver cluster1 -policy intercluster -service ndmp 0.0.0.0/0
-
-
請確定已針對所有生命期適當設定容錯移轉原則:
-
確認叢集管理 LIF 的容錯移轉原則已設定為
broadcast-domain-wide,而叢集間和節點管理階層的原則則設定為local-only使用network interface show -failover命令。下列命令會顯示叢集管理、叢集間和節點管理生命體的容錯移轉原則:
cluster1::> network interface show -failover Logical Home Failover Failover Vserver Interface Node:Port Policy Group ---------- ----------------- ----------------- -------------------- -------- cluster cluster1_clus1 cluster1-1:e0a local-only cluster Failover Targets: ....... cluster1 cluster_mgmt cluster1-1:e0m broadcast-domain-wide Default Failover Targets: ....... IC1 cluster1-1:e0a local-only Default Failover Targets: IC2 cluster1-1:e0b local-only Default Failover Targets: ....... cluster1-1 cluster1-1_mgmt1 cluster1-1:e0m local-only Default Failover Targets: ...... cluster1-2 cluster1-2_mgmt1 cluster1-2:e0m local-only Default Failover Targets: ......-
如果未適當設定容錯移轉原則、請使用修改容錯移轉原則
network interface modify命令-failover-policy參數。cluster1::> network interface modify -vserver cluster1 -lif IC1 -failover-policy local-only
-
-
使用指定資料連線所需的生命
vserver services ndmp modify命令preferred-interface-role參數。cluster1::> vserver services ndmp modify -vserver cluster1 -preferred-interface-role intercluster,cluster-mgmt,node-mgmt
-
使用確認已為叢集設定偏好的介面角色
vserver services ndmp show命令。cluster1::> vserver services ndmp show -vserver cluster1 Vserver: cluster1 NDMP Version: 4 ....... ....... Preferred Interface Role: intercluster, cluster-mgmt, node-mgmt