Table of Contents
The snapmirror.access option is the preferred method for controlling SnapMirror access on a SnapMirror source node. See na_options(1) and na_protocolaccess (8) for information on setting the option. If the option snapmirror.access is set to "legacy", the snapmirror.allow file defines the access permissions.
The snapmirror.allow file exists on the source node used for SnapMirror. It contains a list of allowed destination nodes to which you can replicate volumes or qtrees from that node.
The file format is line-based. Each line consists of the hostname of the allowed destination node.
The snapmirror.checkip.enable option controls how the allow check is performed. When the option is off, which is the default, the entries in the allow file must match the hostname of the destination node as reported by the hostname command. When the option is on, the source node resolves the names in the snapmirror.allow to IP addresses and then checks for a match with the IP address of the requesting destination node. In this mode, literal IPv4 addresses (e.g. 22.214.171.124), literal IPv6 addresses (e.g. fe:dc:ba:98:76:54:32:10) and fully qualified names (e.g. toaster.acme.com) may be valid entries in the allow file.
Note that the allow file entry must map to the IP address of the originating network interface on the destination node. For example, if the request comes from the IP address of a Gbit Ethernet interface e10 which is given the name "toaster-e10", then the allow file must contain "toaster-e10" or "toaster-e10.acme.com" so the name resolves to the correct IP address.
A local SnapMirror, between two volumes or qtrees on the same node, does not require an entry in the allow file.
Table of Contents