Specifications

ManualsBrandsCisco ManualsComputer equipment5428 - SN Router

100

6-11

Cisco SN 5428-2 Storage Router Software Configuration Guide

78-15471-01

Chapter 6 Configuring SCSI Routing

Configuring Access to iSCSI Targets

Note If there is a CHAP user name entry in the access list, the SCSI routing instance used to access the storage

target must also have iSCSI authentication enabled. See Chapter 9, “Configuring Authentication,” for

additional information about AAA and iSCSI authentication.

Use the following procedure to create an access list. In this procedure, the access list is called aegis and

the IP host identifiers include three IP addresses (10.2.0.23, 10.3.0.36, and 10.4.0.49) and three CHAP

user names (12h7b.lab2.webservices, 36a8g.lab1.webservices, and 52a3c.lab2.webservices).

Note Access lists are cluster elements and, in a cluster environment, all access list management functions are

handled by a single storage router. If you issue accesslist commands from another storage router in the

cluster, the CLI displays an informational message with the name of the storage router that is currently

handling those functions. See Chapter 11, “Maintaining and Managing the SN 5428-2 Storage Router,”

for more information on operating the SN 5428-2 in a cluster.

Configuring Access to iSCSI Targets

Configuring access to iSCSI targets consists of associating a named access list to an iSCSI target to

control target access on a per-IP host basis. The default for access to newly configured iSCSI targets is

none. You must configure access to iSCSI targets according to the information provided in this section.

When configuring access, you can specify one iSCSI target at a time or all iSCSI targets associated with

a SCSI routing instance, and you can specify a named access list or allow access by any IP host using a

SCSI routing instance. In addition, you can deny access to iSCSI targets one at a time or all at once.

Command Description

Step 1

enable Enter Administrator mode.

Step 2

accesslist aegis Create an access list by naming it (aegis). There is a 31 character

limit.

Step 3

accesslist aegis description

“Access to zeus SCSI routing

service”

(Optional) Add a string as a description for the access list. Enclose

the string using single or double quotes.

Step 4

accesslist aegis 10.2.0.23/32

10.3.0.36/32 10.4.0.49/32

Add IP addresses of IP hosts to the access list. Separate multiple

IP addresses with a space. To limit the access to each specific IP

address, set the subnet mask to 255.255.255.255. In this example,

the subnet mask was set using CIDR style (/32).

Step 5

accesslist aegis chap-username

12h7b.lab2.webservices

accesslist aegis chap-username

36a8g.lab1.webservices

accesslist aegis chap-username

52a3c.lab2.webservices

Add CHAP user names to the access list. In this example, each IP

host has a unique CHAP user name.

Note When using CHAP user names in an access list, iSCSI

authentication must be enabled for the SCSI routing

instance, and the IP host must be successfully

authenticated using the configured AAA methods.