Table of ContentsView in Frames

Restricting protocol access

If a protocol is enabled for Data ONTAP, you can restrict the protocol's access to the storage system by specifying the host name, IP address, or network interface name.

Step

  1. At the storage system prompt, enter one of the following commands:
    If you want to restrict a protocol's access to the storage system by using... Enter...
    host name or IP address
    options protocol.access host=[hostname|IP_address]
    network interface name
    options protocol.access if=interface_name

    • protocol is the name of the protocol you want to allow access to the storage system.

      It can be rsh, telnet, ssh, httpd, httpd.admin, snmp, ndmpd, snapmirror, or snapvault.

    • hostname is the name of the host to which you want to allow access by using protocol.
    • IP_address is the IP address of the host to which you want to allow access by using protocol.

      The ssh.access and rsh.access options support both IPv4 and IPv6 addressing.

    • interface_name is the network interface name of the host to which you want to allow access by using protocol.
    Note: If the telnet.access option is not set to legacy, the trusted.hosts option is ignored for Telnet. If the httpd.admin.access option is not set to legacy, the trusted.hosts option is ignored for httpd.admin. If the snapmirror.access option is not set to legacy, the /etc/snapmirror.allow file is ignored for SnapMirror destination checking.

    For more information about controlling protocol access to a storage system by using multiple host names, IP addresses, and network interfaces, see the na_protocolaccess(8) man page.

    For information about SNMP, see the Data ONTAP Network Management Guide for 7-Mode.

    For information about NDMP, see the Data ONTAP Data Protection Tape Backup and Recovery Guide for 7-Mode.

    For information about SnapMirror or SnapVault, see the Data ONTAP Data Protection Online Backup and Recovery Guide for 7-Mode.