• Configure Network Communication

    PDF

    On this page

    Configure Network Communication

    Manage NAS servers

    NAS servers are software components on the system that are dedicated to managing operations for data transferred through the SMB or NFS protocols. You must configure at least one NAS server before you can create network share storage. You can configure a NAS server to support Windows network shares (SMB), Linux/UNIX network shares, or both.

    NAS servers run on each SP and communicate with network hosts through SP ports. Once you configure a NAS server, you can then create file systems from which you export NFS or SMB network shares. Configured hosts map or mount the network shares to access the file system storage.

    Each NAS server is identified by an ID.

    The following table lists the attributes for NAS servers.

    Table 1. NAS server attributes
    Attributes
    Description
    ID
    ID of the NAS server.
    Name
    Name of the NAS server.
    Health state
    Health state of the NAS server. The health state code appears in parentheses. Value is one of the following:
    • Unknown (0) — Status is unknown.
    • OK (5) — Working correctly.
    • OK BUT (7) — Configuration is not complete.
    • Degraded/Warning (10) — Working and performing all functions, but the performance may not be optimum.
    • Minor failure (15) — NAS server has faulted.
    • Major failure (25) — Failed and recovery may not be possible. This condition has resulted in data loss and should be remedied immediately.
    Health details
    Additional health information. See Appendix A, Reference, for details.
    SP
    Primary SP on which the NAS server runs.
    If the primary SP is degraded or has failed, the server fails over to the other SP. The value displays the current SP the server is using in parentheses. For example, SPA (failed over to SPB).
    Storage pool
    Associated storage pool identifier.
    Tenant
    Identifier and name of the tenant.
    Interface
    ID of the network interface assigned to the NAS server that defines the server IP address and allows the server to communicate with the network and hosts. Manage network interfaces explains how to configure network interfaces on the system.
    It is allowable to remove the last interface of the server.
    CIFS enabled
    Indicates whether SMB file systems are enabled on the NAS server. Value is yes or no. Default is no. SMB file systems provide support for SMB network shares.
    Multiprotocol sharing enabled
    Indicates whether multiprotocol sharing is enabled for all file systems on the NAS server. Valid values are:
    • yes
    • no
    Unix directory service
    Directory service used for looking up identity information for Unix such as UIDs, GIDs, net groups, and so on. Valid values are:
    • local
    • nis
    • ldap
    • localThenNis
    • localThenLdap
    • none (default)
    A value other than the default is required for accurate multiprotocol files sharing between Unix and Windows users.
    Auto user mapping enabled
    Applies when multiprotocol sharing mode is enabled. Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files.
    • yes— The system generates an internal UID for the Windows user and allows access to the NAS server's files through Windows.
    • no (default)— The Windows authentication fails unless there is a default Unix username configured.
    Default Unix username
    Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name is used for Windows users when the corresponding Unix/Linux user name is not found by the mapping mechanism.

    The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS.

    Default Windows username
    Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used for Unix users when the corresponding Windows user name is not found by the mapping mechanism.
    Replication type
    Indicates in what asynchronous replication this NAS Server is participating. Valid values are:
    • none
    • local
    • remote
    Synchronous replication type
    Indicates in what synchronous replication this NAS Server is participating. Valid values are:
    • none
    • remote
    Replication destination
    Indicates whether the NAS server is a replication destination. Valid values are:
    • yes
    • no
    This attribute does not apply to the replication status of related file systems. Use the stor/prov/fs show command to view the replication status of file systems.
    Backup only
    Indicates whether the NAS server is used as backup. This attribute reflects that the NAS server cannot be the production site. This means both planned failover and unplanned failover are disallowed in the backup only NAS server associated replication session.
    Migration destination
    Indicates whether the NAS server is a destination for a NAS import session. Valid values are:
    • yes
    • no
    Username translation
    Indicates whether a Unix to/from Windows user name mapping is enabled. Valid values are:
    • yes
    • no
    Packet Reflect enabled
    Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
    • yes
    • no (default)
    Preferred production interfaces overridden
    Indicates whether the production preferred interfaces are overridden on the replication destination.
    Preferred production IPv4 interface
    Specifies the settings for the preferred production IPv4 interface. Valid values are:
    • <interface ID>
    • auto
    Preferred production IPv6 interface
    Specifies the settings for the preferred production IPv6 interface. Valid values are:
    • <interface ID>
    • auto
    Preferred backup IPv4 interface
    Specifies the settings for the preferred backup and disaster recovery test IPv4 interface. Valid values are:
    • <interface ID>
    • auto
    Preferred backup IPv6 interface
    Specifies the settings for the preferred backup and disaster recovery test IPv6 interface. Valid values are:
    • <interface ID>
    • auto
    Source preferred production IPv4 interface
    Specifies replicated production IPv4 preferred interface settings on the replication destination. If overridden, this may be different from the Preferred production IPv4 interface. Valid values are:
    • <interface ID>
    • auto
    Source preferred production IPv6 interface
    Specifies replicated production IPv4 preferred interface settings on the replication destination. If overridden, this may be different from the Preferred production IPv6 interface. Valid values are:
    • <interface ID>
    • auto
    Data Reduction space saved
    Specifies the size saved when using data reduction for this NAS server.
    Data Reduction percent
    Specifies the storage percentage saved when using data reduction, compared to the total size used by this NAS server.
    Data Reduction ratio
    Specifies the ratio between data without data reduction, and data after data reduction savings for this NAS server.

    Create a NAS server

    Create a NAS server.

    The NFSv3 protocol is enabled by default when creating a NAS server.
    Format
    /net/nas/server create -name <value> -sp <value> {-pool <value> | -poolName <value>} [-tenant <value>] [-mpSharingEnabled {no | yes [-autoUserMappingEnabled {yes | no}][-unixDirectoryService {local | ldap | nis | localThenNis | localThenLdap | none}] [-defaultUnixUser <value>] [-defaultWindowsUser <value>]}] [-replDest {yes [-backupOnly {yes | no}] | no}] [-enablePacketReflect {yes | no}]
    Action qualifiers
    Qualifier
    Description
    -name
    Specifies the NAS server name.
    NAS server names can contain alphanumeric characters, a single dash, and a single underscore. Server names cannot contain spaces or begin or end with a dash. You can create NAS server names in four parts that are separated by periods (example: aa.bb.cc.dd). Names can contain up to 255 characters, but the first part of the name (before the first period) is limited to 15 characters.
    -sp
    Specifies the parent SP for the NAS server. Value is SPA or SPB.
    -pool
    Specifies the ID of the storage pool for the NAS server.
    -poolName
    Specifies the name of the storage pool for the NAS server.
    -tenant
    Specifies the tenant identifier.
    If a tenant is not specified, the NAS server is created in the default network namespace.
    -mpSharingEnabled
    Indicates whether multiprotocol sharing mode is enabled. Value is yes or no (default).
    -unixDirectoryService
    Directory Service used for querying identity information for Unix (such as UIDs, GIDs, net groups). Valid values are:
    • nis
    • ldap
    • local
    • none (default)
    • localThenNis
    • localThenLdap
    -autoUserMappingEnabled
    Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files Valid values are:
    • yes— The system generates an internal UID for the Windows user and allows access to the NAS server's files through Windows.
    • no (default)— The Windows authentication fails unless there is a default Unix username configured.
    -defaultUnixUser
    Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name or ID is used when the corresponding Unix/Linux user name or ID is not found by the mapping mechanism.

    The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS.

    -defaultWindowsUser
    Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used when the corresponding Windows user name is not found by the mapping mechanism.
    -replDest
    Replication destination settings for the NAS server. When this option is set to yes, only mandatory parameters may be included. All other optional parameters will be inherited from the source NAS server. Valid values are:
    • yes
    • no (default)
    -backupOnly
    Indicates whether to create NAS server as backup only. The backup only NAS server cannot be a production site, which means both planned failover and unplanned failover are disallowed in a backup only NAS server associated replication session. Valid values:
    • yes
    • no
    -enablePacketReflect
    Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
    • yes (default)
    • no
    Example

    The following command creates a NAS server with these settings:

    • Name is NasServer_1.
    • Associated with SP A.
    • Associated with storage pool pool_0.
    • IP Packet Reflect is enabled.
    • The ID of the new NAS server is ID nas_1.
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server create -name NasServer_1 -sp spa -pool pool_0 -enablePacketReflect yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nas_1
    Operation completed successfully.
    
                            

    View NAS servers

    View details about configured NAS servers, including their name, ID, and whether they have enabled support for CIFS (SMB) file systems or NFS file systems. You can filter on the NAS server ID.

    The show action command explains how to change the output format.
    Format
    /net/nas/server [{-id <value> | -name <value> | -tenant {<value> | none}}] show
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of a NAS server.
    -name
    Type the NAS server name.
    -tenant
    Type the tenant identifier.
    Example

    The following command displays all details for a list of all configured NAS servers:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
     
    1:    ID                                          = nas_1
          Name                                        = MyVDM1
          NetBIOS name                                =
          SP                                          = spa
          Storage pool                                = pool_1
          Tenant                                      =
          Interface                                   =
          NFS enabled                                 = yes
          NFSv4 enabled                               = no
          CIFS enabled                                = no
          Workgroup                                   =
          Windows domain                              =
          Multiprotocol sharing enabled               = no
          Unix directory service                      = none
          Auto user mapping enabled                   =
          Default Unix username                       =
          Default Windows username                    =
          Extended Unix credentials enabled           = no
          Credentials cache retention                 = 15m
          Username translation                        =
          Packet Reflect enabled                      = yes
          Health state                                = OK (5)
          Health details                              = "The component is operating normally. No action is required."
          Replication type                            = none
          Synchronous replication type                = none
          Replication destination                     = no
          Backup only                                 = no
          Migration destination                       = no
          Preferred production interfaces overridden  =
          Preferred production IPv4 interface         = auto
          Preferred production IPv6 interface         = auto
          Preferred backup and DR test IPv4 interface = auto
          Preferred backup and DR test IPv6 interface = auto
          Source preferred production IPv4 interface  =
          Source preferred production IPv6 interface  =
          Compression space saved                     = 0
          Compression percent                         = 0%
          Compression ratio                           = 1:1
          Data Reduction space saved                  = 0
          Data Reduction percent                      = 0%
          Data Reduction ratio                        = 1:1
                            

    Change NAS server settings

    Modify an existing NAS server.

    Manage network interfaces explains how to modify the network interfaces associated with a NAS server.
    Format
    /net/nas/server {-id <value | -name <value } set [-name <value>] [-sp {spa | spb}] [-mpSharingEnabled {yes | no}] [-unixDirectoryService {ldap | nis | none}] [-autoUserMappingEnabled {yes | no}] [{-defaultAccessDisabled | [-defaultUnixUser <value>] [-defaultWindowsUser <value>]}] [-enablePacketReflect {yes | no }] [-replDest {yes | no }] [-backupOnly {yes | no}] [-preferredProductionOverride { no | yes }][-preferredProductionIPv4 { auto | <value>}] [-preferredProductionIPv6 { auto | <value>}] [-preferredBackupIPv4 {auto | <value>}] [-preferredBackupIPv6 {auto | <value>}
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the NAS server to change.
    -name
    Type the name of the NAS server to change.
    Action qualifiers
    Qualifier
    Description
    -name
    Shared folder server name.
    -sp
    Owner SP. Valid values are:
    • spa
    • spb
    -mpSharingEnabled
    Indicates whether multiprotocol sharing mode is enabled. Valid values are:
    • yes
    • no
    You cannot disable multiprotocol file sharing for a NAS server once a file system is created on that NAS server.
    -unixDirectoryService
    Directory Service used for querying identity information for Unix (such as UIDs, GIDs, net groups). Valid values are:
    • nis
    • ldap
    • local
    • none
    • localThenNis
    • localThenLdap
    -defaultAccessDisabled
    Disables file access when no user mapping mechanism is found.
    -autoUserMappingEnabled
    Indicates whether a Windows user who is not mapped to a known Unix/Linux username is allowed to access the NAS server's files Valid values are:
    • yes. The system generates an internal UID for the Windows user and allows access to the NAS server's files through Windows.
    • no (default). The Windows authentication fails unless there is a default Unix username configured.
    -defaultUnixUser
    Default Unix user name or Unix ID that grants file access in the multiprotocol sharing mode. This user name or ID is used when the corresponding Unix/Linux user name or ID is not found by the mapping mechanism.

    The Unix ID format is @uid=xxxx,gid=yyyy@, where xxxx and yyyy are the decimal numerical values of the UID and the primary GID, respectively. When using this ID, the user does not need to be defined in the UDS.

    -defaultWindowsUser
    Default Windows user name that grants file access in the multiprotocol sharing mode. This user name is used when the corresponding Windows user -defaultWindowsUser name is not found by the mapping mechanism.
    -enablePacketReflect
    Indicates whether the reflection of outbound (reply) packets through the same interface that inbound (request) packets entered is enabled. Valid values are:
    • yes
    • no
    -replDest
    Replication destination settings for the NAS server. Valid values are:
    • yes
    • no
    -backupOnly
    Indicates whether the NAS server is used as backup. Only a replication destination NAS server can be set as backup only. This attribute reflects that the NAS server cannot be the production site. This means both planned failover and unplanned failover are disallowed in the backup only NAS server associated replication session. Valid values are:
    • yes
    • no
    -preferredProductionOverride
    Override the replicated production interfaces "preferred interface" settings. Valid values are:
    • yes
    • no
    -preferredProductionIPv4
    Production IPv4 preferred interface settings. The interface must be IPv4 and belong to this server. Valid values are:
    • <interface ID>
    • auto
    -preferredProductionIPv6
    Production IPv6 preferred interface settings. The interface must be IPv6 and belong to this server. Valid values are:
    • <interface ID>
    • auto
    -preferredBackupIPv4
    Backup and DR test IPv4 preferred interface settings. The interface must be IPv4 and belong to this server. Valid values are:
    • <interface ID>
    • auto
    -preferredBackupIPv6
    Backup and DR test IPv6 preferred interface settings. The interface must be IPv6 and belong to this server. Valid values are:
    • <interface ID>
    • auto
    Example 1

    The following command updates NAS server nas_1 with these settings:

    • Enables multiprotocol sharing.
    • Uses LDAP as the Unix Directory Service.
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 set -mpSharingEnabled yes -unixDirectoryService ldap
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nas_1
    Operation completed successfully.
                            
    Example 2

    The following command changes the replication settings for NAS server nas_1.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 set -replDest yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nas_1
    Operation completed successfully.
                            
    Example 3

    The following command changes the storage processor to SPB for NAS server nas_1.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 set -sp spb
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    WARNING: Modifying the NAS server's SP disrupts any running NDMP jobs, and may also result in data unavailability for some client configurations other than NFS (v3, v4, and v4.1) and SMB3+CA. The NDMP jobs must be restarted after the SP modification is completed. 
    Are you sure you want to modify the default SP? 
    yes / no:yes
    
    ID = nas_1
    Operation completed successfully.
                            
    • When the SP is being modified, the NAS server health attribute is updated to INFO, and the health details attribute is updated to Transitioning to other Storage Processor. When the SP modification completes, the NAS server health and health details are reverted back to the previous values.
    • A change to the SP cannot be performed on a NAS Server that is part of an active VDM File Import operation. The Import operation must be completed before the SP can be changed. Otherwise, the following error occurs: Failed: Cannot complete the operation because the resource is under import. (Error Code:0x900012a).
    • A change to the SP cannot be performed on a NAS Server that is part of an active replication session. Pause the replication session, perform the SP change, and then resume the replication session. Otherwise, the following error occurs: Cannot modify the NAS server's Storage Processor when there are non-paused replication sessions on the NAS server or its file systems. (Error Code:0x6720665).

    Delete NAS servers

    Delete a NAS server.

    Prerequisites

    Before you can delete a NAS server, you must first delete all storage resources associated with it.

    Deleting a NAS server removes everything configured on the NAS server, but does not delete the storage resources that use it. You cannot delete a NAS server while it has any associated storage resources. After the storage resources are deleted, the files and folders inside them cannot be restored from snapshots. Back up the data from the storage resources before deleting them from the system.
    Format
    /net/nas/server {-id <value> | -name <value>} delete [{ -cifsDomUser <value> {-cifsDomPwd <value> | -cifsDomPwdSecure} | -skipUnjoin}]
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the NAS server to delete.
    -name
    Type the name of the NAS server to delete.
    Action qualifiers
    Qualifier
    Description
    -cifsDomUser
    Domain username.
    If the NAS server still has SMB (CIFS) servers joined to it, specify the SMB domain user to unjoin from AD before deleting the NAS server.
    -cifsDomPwd
    Domain user password.
    Specify the user password when you want to unjoin the CIFS server from the AD domain before deleting it.
    -cifsDomPwdSecure
    Domain user password in secure mode. This prompts the user to input the password.
    -skipUnjoin
    Does not unjoin the SMB server from the AD domain before deleting it.
    Example

    The following command deletes NAS server nas_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server –id nas_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
    
                            

    Check and update user mappings for multiprotocol NAS servers

    A multiprotocol environment requires the following types of user mappings:

    • A Windows user name that maps to a corresponding Unix user name
    • A Unix user name that maps to a corresponding Windows user name which uses NFS to access a file system configured with a Windows access policy
    • A Unix user name that is not mapped to a corresponding Windows user name which uses NFS to access a file system configured with a Unix or native access policy.

    This command uses information from LDAP, NIS, or local files to parse all file systems associated with the NAS server and to update the SID/UID mapping in all nodes.

    Format
    /net/nas/server {-id <value> | -name <value>} update [-async] {-userMapping [-dryRun] | -confView}
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the NAS server to update.
    -name
    Type the name of the NAS server to update.
    Action qualifiers
    Qualifier
    Description
    -async
    Perform the operation asynchronously.
    -userMapping
    For all CIFS (SMB) file systems on the NAS server, update the UID/GID and generate a user mapping report. A new UID/GID will be obtained from a Unix Directory Service for the user name of the object owner. The user name will be resolved from Active Directory by the Windows SID.
    Quota management and correct multiprotocol file access require correct mappings between SIDs and UIDs/GIDs at the NAS server level. Because this operation can take a significant amount of time for large file systems, it is recommended to use the -async qualifier.
    -dryRun
    Generate a user mapping report for downloading. Once users access a file or folder on the NAS server from the SMB protocol, their SID to UID/GID mapping is stored in an internal mapping database. This operation parses the mapping database, and for each mapped user, queries the existing Unix Directory Service and Active Directory Domain Controller to report any inconsistencies between the UID/GID in the Unix Directory Service and the UID/GID stored in the database.

    It is recommended that you generate and review the user mapping report right before enabling multiprotocol. This enables you to ensure that your Unix Directory Service can return a UID/GID for every user whose mapping is inconsistent. Otherwise, after multiprotocol is enabled, users with inconsistent mappings may not be able to access files, because their permissions cannot be determined. Also, access to objects created by these users from SMB/CIFS cannot be granted, because the owners cannot be mapped to Unix.

    When the UID/GID mapping for all NAS server file systems are updated, the mapping report is re-generated automatically.

    Once a user successfully accesses any file or folder on the NAS server from Windows, the UID/GID in the mapping database for this user is updated. The UID/GID is also updated if the user is accessing a file from Unix for a file system with a Windows access policy.
    -confView
    Force an immediate refresh of the NAS server configuration snapshot. When the NAS server is acting as replication destination of synchronous replication session, its configuration snapshot is updated every 15 minutes by default.
    Example 1

    The following command generates a user mapping report for NAS server nas_1.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 update -async -userMapping
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Job ID = 76
    Job created successfully.
                            
    Example 2

    The following command forces an immediate refresh of NAS server nas_1 snapshot.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/server -id nas_1 update -confView
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nas_1
    Operation completed successfully.
                            

    Manage FTP settings

    File Transfer Protocol (FTP) is a client/server protocol that operates over TCP/IP and allows file sharing across heterogeneous systems. Secure File Transfer Protocol (SFTP) protocol provides secure file transfer and manipulation functionality by using SSH.

    You can configure a NAS server to share files using the FTP or SFTP protocol. Remote clients can be authenticated using a Unix or Windows user name. You can also have the FTP service to accept anonymous user authentication.

    Table 2. FTP and SFTP attributes for a NAS server
    Attribute
    Description
    NAS server
    Associated NAS server identifier.
    FTP enabled
    Indicates whether the FTP protocol is enabled. Valid values are:
    • yes
    • no (default)
    SFTP enabled
    Indicates whether the SFTP protocol is enabled. Valid values are:
    • yes
    • no (default)
    CIFS users enabled
    Indicates whether Windows (SMB) users can be authenticated by the FTP or SFTP server. Valid values are:
    • yes (default)
    • no
    Unix users enabled
    Indicates whether Unix users can be authenticated by the FTP or SFTP server. Valid values are:
    • yes (default)
    • no
    Anonymous user enabled
    Indicates whether the FTP server supports anonymous user authentication. Valid values are:
    • yes (default)
    • no
    Home directory limitation enabled
    Indicates whether authenticated FTP or SFTP users are limited to their home directories. Valid values are:
    • yes (default)
    • no
    Default home directory
    Indicates the default home directory for the FTP or SFTP users with no defined or accessible home directory.
    Welcome message
    Indicates the welcome message that appears to FTP or SFTP users before authentication.
    Message of the day
    Indicates the message of the day that appears once the FTP or SFTP users log on.
    Audit enabled
    Indicates whether the FTP or SFTP server has audit file collection enabled. Valid values are:
    • yes
    • no
    Audit files directory
    Specifies the directory where the audit files for the FTP or SFTP server are stored.
    Audit file maximum size
    Specifies the maximum file size of the audit files. When the maximum is reached, a new audit file is created.
    Allowed hosts
    Specifies a comma-separated list of host IPs that are allowed access to the FTP or SFTP server. The IP can be the IPv4, IPv6, or subnet address.

    For subnets, the following notation convention must be used:

    • 10.0.0.1/10
    • 2000:DB1::/10
    Network names are ignored.
    If this option is specified, FTP/SFTP connections are allowed only for clients whose IP addresses are included in those specified in the allowed hosts list. Any clients whose IP is not specified in this list are denied access. If a subnet is defined in the allowed hosts list, the client IP must belong to the specified subnet to be allowed to connect to the NAS server. If defined, denied hosts cannot be defined.
    Allowed users
    Specifies a comma-separated list of user names that are allowed access to the FTP or SFTP server (numerical user IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are allowed only for the specified users. Any users not specified in this list are denied access. If defined, denied users cannot be defined.
    Allowed groups
    Specifics a comma-separated list of user groups that are allowed access to the FTP or SFTP server. Specify the name of the group (numerical group IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are allowed only for the listed groups. Any user groups not specified in this list will be denied access. If defined, denied groups cannot be defined.
    Denied hosts
    Specifies a comma-separated list of host IPs that are denied access to the FTP or SFTP server. The IP can be the IPv4, IPv6, or subnet address.

    For subnets, the following notation convention must be used:

    • 10.0.0.1/10
    • 2000:DB1::/10
    Network names are ignored.
    If this option is specified, FTP/SFTP connections are denied only for clients whose IP addresses or subnet addresses are included in this list. If defined, allowed hosts cannot be defined.
    Denied users
    Specifies a comma-separated list of user names that are denied access to the FTP or SFTP server (numerical user IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are denied only for the specified users. Any users not specified in this list are allowed access. If defined, allowed users cannot be defined.
    Denied groups
    Specifics a comma-separated list of user groups that are denied access to the FTP or SFTP server. Specify the name of the group (numerical group IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are denied only for the listed groups. Any user groups not specified in this list will be allowed access. If defined, allowed groups cannot be defined.

    View FTP settings

    View FTP or SFTP server settings for a NAS server.

    Format
    /net/nas/ftp [-server <value>] show
    Object qualifier
    Qualifier
    Description
    -server
    Type the name of the associated NAS server.
    Example

    The following command displays the FTP server settings for a NAS server:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp show
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    NAS server                 = nas_1
          FTP enabled                = yes
          SFTP enabled               = no
          CIFS users enabled         = yes
          Unix users enabled         = yes
          Anonymous user enabled     = no
          Homedir limitation enabled = no
          Default home directory     = /home/public      
          Allowed hosts              = 1.2.3.10,1.2.3.11,192.168.0.0/16,2001:db8::/48
          Allowed users              = 
          Allowed groups             =
          Denied hosts               =
          Denied users               = guest,jack,john
          Denied groups              = guests,group1
    
    
                                

    Change FTP settings

    Modify existing FTP or SFTP settings of a NAS server.

    Format
    /net/nas/ftp -server <value> set [-ftpEnabled <value>] [-sftpEnabled <value>] [-cifsUserEnabled <value>] [-unixUserEnabled <value>] [-anonymousUserEnabled <value>] [-homedirLimitEnabled <value>] [-defaultHomedir <value>] [-welcome <value>] [-motd <value>] [-auditEnabled {yes|no}] [-auditDir <value>] [-auditMaxSize <value>] {[-allowHost <value>] | [-appendAllowHost <value>] | [-removeAllowHost <value>] | [-denyHost <value>] | [-appendDenyHost <value>] | [-removeDenyHost <value>]} {[-allowUser <value>] | [-appendAllowUser <value>] | [-removeAllowUser <value>] | [-denyUser <value>] | [-appendDenyUser <value>] | [-removeDenyUser <value>]} {[-allowGroup <value>]| [-appendAllowGroup <value>] | [-removeAllowGroup <value>] |[-denyGroup <value>] | [-appendDenyGroup <value>] | [-removeDenyGroup <value>]}
    Object qualifier
    Qualifier
    Description
    -server
    Type the name of the NAS server.
    Action qualifier
    Qualifier
    Description
    -ftpEnabled
    Indicates whether the FTP server is enabled on the NAS server. Valid values are:
    • yes
    • no
    -sftpEnabled
    Indicates whether the SFTP server is enabled on the NAS server. Valid values are:
    • yes
    • no
    -cifsUserEnabled
    Indicates whether Windows (SMB) users can be authenticated by the FTP or SFTP server. Valid values are:
    • yes
    • no
    -unixUserEnabled
    Indicates whether Unix users can be authenticated by the FTP or SFTP server. Valid values are:
    • yes
    • no
    -anonymousUserEnabled
    Indicates whether the FTP server supports anonymous user authentication. Valid values are:
    • yes
    • no
    -homedirLimitEnabled
    Indicates whether authenticated FTP or SFTP users are limited to their home directories. Valid values are:
    • yes
    • no
    -defaultHomedir
    Type the default home directory for the FTP or SFTP users with no defined or accessible home directory.
    -welcome
    Type the welcome message that appears to FTP or SFTP users before authentication.
    -motd
    Type the message of the day that appears once the FTP or SFTP users log on.
    -auditEnabled
    Indicates whether FTP/SFTP auditing is enabled on the NAS server. Valid values are:
    • yes
    • no
    -auditDir
    Type the directory where the audit files should be saved.
    -auditMaxSize
    Type the maximum size for the audit log file. When this maximum is exceeded, a new audit file is created.
    -allowHost
    Type the comma-separated list of allowed client host IPs. The IP can be the IPv4, IPv6, or subnet address.

    For subnets, the following notation convention must be used:

    • 10.0.0.1/10
    • 2000:DB1::/10
    Network names are ignored.
    If specified, FTP/SFTP connections are allowed only for clients whose IP addresses are included in those specified in the allowed hosts list. Any clients whose IP is not specified in this list are denied access. If a subnet is defined in the allowed hosts list, the client IP must belong to the specified subnet to be allowed to connect to the NAS FTP/SFTP server. If -allowHost is defined, -denyHost cannot be defined.
    -appendAllowHost
    Specify one or multiple comma-separated host IPs to append to existing list of allowed host IP addresses.
    -removeAllowHost
    Specify one or multiple comma-separated host IPs to remove from the existing list of allowed host IP addresses.
    -denyHost
    Type the comma-separated list of client host IPs that will be denied access to the FTP/SFTP server. The IP can be the IPv4, IPv6, or subnet address.

    For subnets, the following notation convention must be used:

    • 10.0.0.1/10
    • 2000:DB1::/10
    Network names are ignored.
    If specified, FTP/SFTP connections are denied only for clients whose IP addresses are included in those specified in the -denyHost list. Any clients whose IP is not specified in this list are allowed access. If a subnet is defined in the denied hosts list, client IPs which belong to the specified subnet will be denied access to the NAS FTP/SFTP server. If -denyHost is defined, -allowHost cannot be defined.
    -appendDenyHost
    Specify one or multiple comma-separated host IPs to append to existing list of denied host IP addresses.
    -removeDenyHost
    Specify one or multiple comma-separated host IPs to remove from the existing list of denied host IP addresses.
    -allowUser
    Type the comma-separated list of user names that will be allowed access to the FTP/SFTP server (numerical user IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are allowed only for the specified users. Any users not specified in this list are denied access. If -allowUser is defined, -denyUser cannot be defined.
    -appendAllowUser
    Specify one or multiple comma-separated user names to append to existing list of allowed users.
    -removeAllowUser
    Specify one or multiple comma-separated user names to remove from the existing list of allowed users.
    -denyUser
    Type the comma-separated list of user names that will be denied access to the FTP/SFTP server (numerical user IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are denied only for the specified users. Any users not specified in this list are denied access. If -denyUser is defined, -allowUser cannot be defined.
    -appendDenyUser
    Specify one or multiple comma-separated user names to append to existing list of denied users.
    -removeDenyUser
    Specify one or multiple comma-separated user names to remove from the existing list of denied users.
    -allowGroup
    Type the comma-separated list of user group names that will be allowed access to the FTP/SFTP server (numerical group IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are allowed only for the listed groups. Any user groups not specified in this list will be denied access. If -allowGroup is defined, -denyGroup cannot be defined.
    -appendAllowGroup
    Specify one or multiple comma-separated user group names to append to existing list of allowed groups.
    -removeAllowGroup
    Specify one or multiple comma-separated user group names to remove from the existing list of allowed groups.
    -denyGroup
    Type the comma-separated list of user group names that will be denied access to the FTP/SFTP server (numerical group IDs are invalid and ignored).
    If this option is specified, FTP/SFTP connections are denied only for the listed groups. Any user groups not specified in this list will be allowed access. If -denyGroup is defined, -allowGroup cannot be defined.
    -appendDenyGroup
    Specify one or multiple comma-separated user group names to append to existing list of denied groups.
    -removeDenyGroup
    Specify one or multiple comma-separated user group names to remove from the existing list of denied groups.
    Example 1
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp -server nas_1 set -ftpEnabled yes -sftpEnabled no -cifsUserEnabled yes -unixUserEnabled yes -anonymousUserEnabled no -homedirLimitEnabled no -defaultHomedir /home/public -welcome "Welcome to this awesome server"
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                
    Example 2
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ftp -server nas_1 set -denyUser "guest,jack,john" -appendAllowHost 1.2.3.4,1.2.3.5
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Manage LDAP settings of a NAS server

    The Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying directory services running on TCP/IP networks. LDAP provides central management for network authentication and authorization operations by helping to centralize user and group management across the network.

    You can configure a NAS server to use LDAP or NIS as a Unix Directory Service to map users, retrieve netgroups, and build a Unix credential. When an initial LDAP configuration is applied, the system checks for the type of LDAP server. It can be an Active Directory schema (IDMU), IPLANET schema, or an RFC 2307 (open LDAP) schema. By default, the RFC 2307 schema is generated. Once the schema is identified, it is saved inside a ldap.conf file. You can download this LDAP schema, edit it based on your needs, and upload it back again using the CLI commands mentioned in this section.

    The following table lists the attributes for LDAP settings for a NAS server.

    Table 3. LDAP settings of a NAS server
    Attribute
    Description
    NAS server
    Unique identifier of the associated NAS server. The LDAP client configuration object is identified by the NAS server ID.
    Servers
    Relevant IP addresses of the associated LDAP servers. If you want the NAS server to use DNS service discovery to obtain LDAP server IP addresses automatically, do not specify a value for this option.
    For the automatic discovery process to work, the DNS server must contain pointers to the LDAP servers, and the LDAP servers must share the same authentication settings.
    Port
    The TCP/IP port used by the NAS server to connect to the LDAP servers. Default value for LDAP is 389 and LDAPS is 636.
    Protocol
    Type of LDAP protocol. Valid values are:
    • ldap
    • ldaps
    For a secure SSL connection, use ldaps.
    Authentication type
    Type of authentication for the LDAP server. Valid values are:
    • anonymous
    • kerberos
    • simple
    Verify certificate
    Indicates whether Certification Authority certificate is used to verify the LDAP server certificate for secure SSL connections. Valid values are:
    • yes
    • no
    Value shows as empty when the LDAP protocol is selected (no SSL).Value defaults to yes when the LDAPS protocol is used.
    Use CIFS account (applies to Kerberos authentication)
    Indicates whether CIFS authentication is used to authenticate to the LDAP server. Valid values are:
    • yes – Indicates that the CIFS (SMB) settings are used for Kerberos authentication. This option is commonly used when configuring IDMU as a Unix directory service.
    • no – Indicates that Kerberos uses its own settings. See Configure Kerberos settings to configure authentication through the Kerberos realm.
    Principal (applies to Kerberos authentication)
    Specifies the principal name for Kerberos authentication.
    Realm (applies to Kerberos authentication)
    Specifies the realm name for Kerberos authentication.
    Password (applies to Kerberos authentication)
    Specifies the associated password for Kerberos authentication.
    Bind DN (applies to Simple authentication)
    Specifies the Distinguished Name (DN) used when binding.
    Bind password (applies to Simple authentication)
    Specifies the associated password used when binding.
    Base DN
    Specifies the DN of the root level in the directory tree in RFC notation, or specifies the dotted domain name.
    Profile DN
    For an iPlanet LDAP server, specifies the DN of the entry with the configuration profile.
    Replication sync
    Indicates the status of the LDAP servers addresses list in the NAS server operating as a replication destination. When a replicated LDAP servers list is created on the source NAS server, it is automatically synchronized to the destination. Valid values are:
    • Not replicated – LDAP list is not replicated over to the destination.
    • Auto synchronized – LDAP list is automatically synchronized over to the replication destination. Any modify or delete operations at the source will automatically be reflected on the destination.
    • Overridden – LDAP list has been manually modified or overridden on the replication destination. Modifications or deletions of addresses from the LDAP list on the source NAS server will have no effect on the overridden DNS list on the replication destination.
    When a LDAP list is disabled or deleted from the source, overridden LDAP list in the destination may not get disabled or deleted automatically.
    Source servers
    List of LDAP server IP addresses defined on the replication source.

    View LDAP settings of a NAS server

    View LDAP settings of a NAS server.

    Format
    /net/nas/ldap [-server <value>] show
    Object qualifier
    Qualifier
    Description
    -server
    Name of the associated NAS server.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 show -detail
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: NAS server       = nas_1
       IP address       = 10.64.74.64, 10.64.74.74
       Port             = 636
       Protocol         = ldaps
       Authentication   = simple
       Use CIFS account =
       Principal        =
       Realm            =
       Bind DN          = cn=administrator,cn=User,dc=emc,dc=com
       Base DN          = dc=emc,dc=com
       Profile DN       =
       Replication sync = Not replicated
       Source servers   = 
    
                                

    Change LDAP settings of a NAS server

    Modify LDAP settings of a NAS server.

    Format
    /net/nas/ldap -server <value> set {-enabled no | [ -ip <value>] [-port <value>] [-protocol {ldap | ldaps}] [-verifyCert {yes | no}] [-authType {anonymous | kerberos {-useCifsAccount | -principal <value> [-realm <value>] [{-password <value> | -passwordSecure }]} | simple [-bindDn <value> {-bindPasswd <value> | -bindPasswdSecure}]}] [-baseDn <value>] [-profileDn <value>]} [-replSync {auto | overridden}]
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Action qualifier
    Qualifier
    Description
    -enabled
    Specify to disable LDAP for an existing NAS server. Valid value is no.
    Setting the value to no removes the LDAP settings for an existing NAS server.
    -ip
    Type the IP addresses (separated by comma) of the associated LDAP servers. If you want the NAS server to use DNS service discovery to obtain LDAP server IP addresses automatically, do not specify a value for this option.
    For the automatic discovery process to work, the DNS server must contain pointers to the LDAP servers, and the LDAP servers must share the same authentication settings.
    -port
    Type the port associated with the LDAP server. If LDAPS is used, the default is 363. If LDAP is used, the default port is 389.
    -protocol
    For a secure SSL connection, use ldaps.
    -verifyCert
    Specify that uploaded Certification Authority (CA) certificates should be used to verify the certificates of LDAP servers for establishing secure SSL connections. Valid values are:
    • yes
    • no
    Applicable only when the protocol is LDAPS. Value shows as empty when LDAP (no SSL) is used.
    -authType
    Specify the type of authentication for the LDAP server. Valid values are:
    • anonymous
    • kerberos
    • simple
    -bindDn (valid only when simple authentication is used)
    Type the Distinguished Name (DN) to be used when binding to the server.
    -bindPasswd (valid only when simple authentication is used)
    Type the associated password to be used when binding to the server.
    -bindPasswdSecure (valid only when simple authentication is used)
    Type the password in secured mode. You will be prompted to enter the password separately.
    -useCifsAccount (valid only when kerberos authentication is used)
    Specify whether you want to use CIFS (SMB) authentication. For Kerberos authentication only. Commonly used to configure NAS servers to use IDMU as a Unix Directory Service. (Choose simple authentication to authenticate AD without using a CIFS account.)
    -principal (valid only when kerberos authentication is used)
    Type the principal name for Kerberos authentication.
    -realm (valid only when kerberos authentication is used)
    Type the realm name for Kerberos authentication.
    -password (valid only when kerberos authentication is used)
    Type the associated password for Kerberos authentication.
    -baseDn
    Type the DN of the root level in the directory tree in RFC notation, or type the dotted domain name. Valid notation formats include:
    • RFC, for example <dc=nt2k80, dc=drm,dc=lab,dc=emc,dc=com>
    • Dotted domain name, for example <nt2k80.drm.lab.emc.com>
    -profileDn
    For an iPlanet LDAP server, type the DN of the entry with the configuration profile.
    -replSync
    Status of the LDAP addresses servers list in the NAS server operating as a replication destination. Valid values are:
    • auto
    • overridden
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 set -ip 10.64.74.64,10.64.74.74 -port 636 -protocol ldaps -authType simple -bindDn "cn=administrator,cn=User,dc=emc,dc=com" -bindPasswd "Ldap123!" -baseDn "dc=mec,dc=com"
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Upload an LDAP schema

    You can customize the LDAP schema for your NAS server, and upload the new schema file. Once the schema is uploaded, it gets validated. If the schema is valid, it is applied, and your NAS server LDAP configuration is changed.

    Example
    uemcli -upload -f "LDAP_nas_1.conf" -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap -server nas_1 -type config
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Download an LDAP schema

    When an initial LDAP configuration is applied, the system checks for the type of LDAP server. Once the schema is identified, the schema is saved inside an ldap.conf file. You can download this LDAP schema using the -download switch, and customize it based on your needs. For more information on switches, see Switches.

    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! -download /net/nas/ldap -server nas_1 -type config
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Upload a Certification Authority certificate

    You can upload Certification Authority (CA) certificates for your NAS LDAP servers. Once you upload the CA certificate, it can be used for validating certificates of an LDAP server.

    Example
    uemcli –upload -f “MyCert.pem” -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/ldap –server nas_1 –type CACertificate
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Download a Certification Authority certificate

    A Certification Authority (CA) certificate is used for validating certificates of an LDAP server.

    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! –download /net/nas/ldap –server nas_1 –type CACertificate
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Manage NAS interfaces

    NAS interfaces represent the network interface configured on an Ethernet port for a NAS server.

    Table 4. Interface attributes
    Attribute
    Description
    ID
    ID of the interface.
    NAS server
    NAS server identifier.
    Preferred
    Sets the network interface as the preferred source for outgoing traffic. All outgoing DNS or Active Directory requests are forwarded through this interface, and the IP address assigned to this interface is used as the source address of the data packets. For each NAS server, you can choose a single IP address as preferred. Valid values are:
    • yes
    • no
    This attribute applies to file interfaces only.
    Port
    ID of the physical port or link aggregation on an SP on which the interface is running. The ID includes the port name and SP name.
    VLAN ID
    Virtual local area network (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1-4095.

    For IP multi-tenancy, the VLAN ID of a NAS server interface must comply with the set of VLAN IDs assigned to a tenant to which the NAS server belongs. Only unassigned VLAN IDs are allowed for NAS servers that do not belong to a tenant.

    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details about VLANs.
    IP address
    IPv4 or IPv6 address.
    Subnet mask
    IPv4 subnet mask.
    Gateway
    IPv4 or IPv6 gateway.
    MAC address
    MAC address of the interface.
    SP
    SP that uses the interface.
    Role
    Specifies the use of the file interface. Valid values are:
    • production
    • backup
    Backup interfaces are only available for backup via NFS and NDMP protocols, and are not available for CIFS (SMB) protocol. Interfaces associated with NAS servers in a replication session are not replicated via the replication session. You can create a backup interface on the destination NAS server. Unlike production interfaces, backup interfaces become instantly active on the destination NAS server and enable you to perform backup and disaster recovery testing via the NFS share over the snapshot.
    Replication sync
    Applies to production interfaces replicated over replication sessions. Valid values are:
    • Not replicated
    • Auto synchronized – indicates that such interface is automatically synchronized over the replication session to the destination. Any modify and delete operations on the source will be automatically reflected on the destination.
    • Overridden – indicates that such interface is manually modified / overridden on the destination side.
    When a replication production interface is created on the source NAS server, it is auto-synchronized to the destination.
    Modifications or deletions of network settings of the corresponding source IP interfaces have no effect on overridden interface on destination. However, when an interface is deleted on the source, overridden interfaces stop responding and health state values of such interfaces become degraded/warning. This is because the SMB/CIFS shares are tightly set to the production IP interfaces, and they will not operate via overridden interfaces after a failover.
    Health state
    A numerical value indicating the health of the system. Valid values are:
    • Unknown (0)
    • OK (5)
    • OK BUT (7)
    • Degraded/Warning (10)
    • Minor failure (15)
    • Major failure (20)
    Health details
    Additional health information.
    Source VLAN ID
    Indicates the value of the corresponding VLAN ID as defined on the source NAS server in a replication session.
    Source IP address
    Indicates the value of the corresponding IP address as defined on the source NAS server in a replication session.
    Source subnet mask
    Indicates the value of the corresponding subnet mask as defined on the source NAS server in a replication session.
    Source gateway
    Indicates the value of the corresponding gateway as defined on the source NAS server in a replication session.

    Create a NAS interface

    Create a NAS interface.

    Format
    /net/nas/if create [-vlanId <value>] {-server <value> | -serverName <value>} [-preferred] -port <value> -addr <value>] [-netmask <value>] [-gateway <value>] [-role {production | backup}]
    Action qualifiers
    Qualifier
    Description
    -server
    NAS server identifier.
    A NAS server cannot have more than one IPv4 interface and one IPv6 interface.
    -serverName

    NAS server name.

    A NAS server cannot have more than one IPv4 interface and one IPv6 interface.
    -preferred
    Specify this qualifier to set the network interface as the preferred source for outgoing traffic. That means that all outgoing DNS or Active Directory requests will be forwarded though interface marked as preferred and will use the IP address assigned to this interface as a source address of the packets.
    For each NAS server, you can choose an IPv4 interface and IPv6 interface as the preferred interfaces.
    -port
    Type the ID of the SP port or link aggregation that will use the interface.
    On dual SP systems, a file interface is created on a pair of symmetric Ethernet ports (or link aggregations) rather than on a single specified port. Its current port is defined by NAS server SP and may differ from the specified port (for example, if the user specifies spa_eth2, but the NAS server current SP is SP B, the interface is created on spb_eth2 instead).
    -vlanId
    Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details about VLANs.
    -addr
    Type the IP address for the interface. The prefix length should be appended to the IPv6 address and, if omitted, will default to 64. For IPv4 addresses, the default length is 24. The IPv4 netmask may be specified in address attribute after slash.
    -netmask
    Type the subnet mask for the interface.
    This qualifier is not required if the prefix length is specified in the -addr attribute.
    -gateway
    Type the gateway for the interface.
    This qualifier configures the default gateway for the specified port’s SP.
    -role
    Specify the role of the interface. Valid values are:
    • production (default)
    • backup
    To create an interface on a NAS server operating as a replication destination, specify the value as backup.
    Example

    The following command creates a NAS interface. The interface receives the ID IF_2:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if create -server nas_1 -port eth0_SPA -addr 10.0.0.1 -netmask 255.255.255.0
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = IF_2
    Operation completed successfully.
                                

    View NAS interfaces

    View a list of NAS interfaces on the system. You can filter on the interface ID.

    The show action command explains how to change the output format.
    Format
    /net/nas/if [ {-id <value> | -port <value> | -server <value> | -serverName <value>} ] show
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of an interface.
    -port
    Type the port the interface is associated with.
    -server
    Type the NAS server the interface is associated with.
    -serverName
    Type the name of the NAS server the interface is associated with.
    Example

    The following command displays all NAS interfaces on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if show
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID                      = if_0
           NAS server              = nas_0
           Preferred               = yes
           Port                    = eth0_spa
           VLAN ID                 = 0
           IP address              = 3ffe:80c0:22c:4e:a:0:2:7f/64
           Subnet mask             = 
           Gateway                 = fe80::20a8bff:fe5a:967c
           SP                      = SPA
    
    2:     ID                      = if_1
           NAS server              = nas_1
           Preferred               = yes
           Port                    = eth1_spa
           VLAN ID                 = 1
           IP address              = 192.168.1.2
           Subnet mask             = 255.255.255.0
           Gateway                 = 192.168.1.254
           SP                      = SPA
    
    3:     ID                      = if_2
           Type                    = replication
           NAS server              =
           Preferred               = no
           Port                    = eth1_spb
           VLAN ID                 =
           IP address              = 10.103.75.56
           Subnet mask             = 255.255.248.0
           Gateway                 = 10.103.72.1
           SP                      = spb
    
    
                                

    Change NAS interface settings

    Change the settings for a NAS interface.

    Format
    /net/nas/if -id <value> set [-vlanId <value>] [-addr <value>] [-netmask <value>] [-gateway <value>][-preferred] [-replSync {auto | overridden}]
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the interface to change.
    Action qualifier
    Qualifier
    Description
    -vlanId
    Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details on VLANs.
    -addr
    Specify the IP address for the interface.
    The prefix length should be appended to the IPv6 address. The IPv4 netmask may be specified in address attribute after the slash.
    -netmask
    Specify the IPv4 subnet mask for the interface.
    -gateway
    Specify the gateway for the interface.
    The gateway is optional for both IPv4 and IPv6. This qualifier configures the default gateway for the specified port’s SP.
    -preferred
    Specify this qualifier to set the network interface as the preferred source for outgoing traffic. For each NAS server, you can choose an IPv4 interface and IPv6 interface as the preferred interfaces.
    This attribute applies to file interfaces only.
    -replSync
    Applicable only to NAS server acting as replication destination. Any modification to network address information automatically switches the interface into overridden mode. Valid values are:
    • auto
    • overridden
    Note the following:
    • Use this qualifier to switch an interface back into "auto" synchronization and clear all overridden settings.
    • When the corresponding interface is already deleted on the source, when replication sync is set to "auto", it will also cause deletion of the interface on destination.
    • Value "overridden" will cause network interfaces to stop being automatically synchronized. Current settings on the source system will become "frozen" and auto-propagation will stop.
    Example

    The following command changes the gateway address for interface IF_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/if –id IF_1 set -gateway 2001:db8:0:170:a:0:2:70
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = IF_1
    Operation completed successfully.
                                

    Delete NAS interfaces

    Delete a NAS interface.

    Deleting a NAS interface can break the connection between systems that use it, such as configured hosts.
    Format
    /net/nas/if –id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the interface to delete.
    Example

    The following command deletes interface IF_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/if –id IF_1 delete
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Manage NAS routes

    A NAS route represents a route configured on a NAS interface.

    Table 5. NAS route attributes
    Attribute
    Description
    ID
    ID of the route.
    NAS server
    NAS server identifier.
    Interface
    ID of the interface used to reach the gateway.
    Route type
    Type of route. Valid values are (case-insensitive):
    • default – The system uses a default gateway/route when it cannot find a more specific host or network route to a given destination. One default IPv4 and IPv6 route is allowed per interface.
    • host – Creates a route to a host.
    • net – Creates a route to a subnet.
    Target
    IP address for the target network node based on the value of -type. Value is one of the following:
    • For a default route, the system will use the IP address specified for -gateway.
    • For a host route, specify the IP address of a target host.
    • For a net route, specify the IP address of a target subnet. Include the -netmask qualifier for the target subnet.
    Netmask
    Subnet mask.
    Gateway
    Gateway address.
    Replication sync
    If the route source is a NAS server production interface, this is a copy of the Replication sync attribute of the associated interface. (The associated interface is specified in the Interface attribute).

    If the route source is not a NAS server production interface, the value of this attribute is empty.

    Health state
    Numerical value indicating the health of the system. Valid values are:
    • Unknown (0)
    • OK (5)
    • OK BUT (7)
    • Degraded/Warning (10)
    • Minor failure (15)
    • Major failure (20)
    Health details
    Additional health information.
    Use for external services access
    Flag indicating whether the route is used for access to external services. Valid values are:
    • yes
    • no

    Create a NAS route

    Create a route for a NAS interface.

    Format
    /net/nas/route create -if <value> -type {default | host -target <value> | net -target <value> [-netmask <value>]} -gateway <value>
    Action qualifiers
    Qualifier
    Description
    -if
    Specify the interface associated with the route. Each interface has its own routing table for use in responding to inbound service requests.
    -type
    Specify the type of route. Valid values are (case-insensitive):
    • default – System uses the default route/gateway when a more specific host or network route is not available. One default IPv4 and IPv6 route is allowed per interface.
    • host – Create a route to a host.
    • net – Create a route to a subnet.
    -target
    Specify the IP address for the target network node based on the value of -type:
    • For a default route, do not specify a value.
    • For a host route, specify the IP address of a target host.
    • For a net route, specify the IP address of a target subnet. Include the -netmask qualifier for the target subnet.
    -netmask
    For a route to a subnet, specify the netmask of the destination subnet.
    -gateway
    Specify the gateway for the route.
    Example

    The following command creates a network route for interface if_1 to reach the 10.64.74.x subnet using gateway 10.64.74.1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route create -if if_1 -type net -target 10.64.200.10 ‑netmask 255.255.255.0 -gateway 10.64.74.1
                                  Storage system address: 10.64.75.201
    Storage system port: 443
    HTTPS connection
    
    ID = route_1
    Operation completed successfully.
                                

    Change NAS route settings

    Change the settings for a NAS route.

    Format
    /net/nas/route -id <value> set [-type {default | host | net}] [-target <value>] [-netmask <value>] [-gateway <value>]
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the NAS route object.
    Action qualifiers
    Qualifier
    Description
    -type
    Specify the type of route. Valid values are (case-insensitive):
    • default – System uses the default route/gateway when a more specific host or network route is not available. One default IPv4 and IPv6 route is allowed per interface.
    • host – Create a route to a host.
    • net – Create a route to a subnet.
    -target
    Specify the IP address for the target network node based on the value of -type. Valid values are:
    • For a default route, do not specify a value. The system will use the IP address specified for -gateway.
    • For a host route, specify the IP address of a target host.
    • For a net route, specify the IP address of a target subnet. Include the -netmask qualifier for the target subnet.
    -netmask
    For a route to a subnet, specify the netmask of the destination subnet.
    -gateway
    Specify the gateway for the route.
    Example

    The following command changes the target IP address to 10.64.200.11, the netmask to 255.255.255.0, and the gateway to 10.64.74.2 for NAS route route_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/route -id route_1 set -target 10.64.200.11 ‑netmask 255.255.255.0 -gateway 10.64.74.2 uemcli
                                  Storage system address: 10.64.75.201
    Storage system port: 443
    HTTPS connection
    
    ID = route_1
    Operation completed successfully.
    
                                

    View NAS routes

    View a list of routes for a specified NAS interface or for all NAS interfaces on the system.

    The show action command explains how to change the output format.
    Format
    /net/nas/route [{-id <value> | -server <value> [-useForESAccess {yes | no}] | -if <value>}] show
    Object qualifiers
    Qualifier
    Description
    -id
    Specify the ID of the route.
    -server
    Specify the NAS server for which to view routes.
    -useForESAccess
    Indicate whether you want the system to display only the routes that are used for external services.
    -if
    Indicate whether you want the system to display only the routes associated with the specified NAS server.
    Example

    The following command displays all NAS routes on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route show -detail
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID                               = route_1
          NAS server                       = nas_1
          Type                             = net
          Target                           = 10.50.50.10
          Netmask                          = 255.255.255.0
          Gateway                          = 10.0.0.1
          Interface                        = if_1
          Health state                     = OK (5)
          Health details                   = "The component is operating normally. action is required."
          Replication sync                 = 
          Use for external services access = no
    	
    
    2:    ID                               = route_2
          NAS server                       = nas_1
          Type                             = default
          Target                           =
          Netmask                          =
          Gateway                          = 10.0.0.2
          Interface                        = if_2
          Health state                     = OK (5)
          Health details                   = "The component is operating normally. No action is required."
          Replication sync                 = 
          Use for external services access = no
    
    3:    ID                               = route_3
          NAS server                       = nas_1
          Type                             = host
          Target                           = 10.50.50.168
          Netmask                          =
          Gateway                          = 10.0.0.3
          Interface                        = if_3
          Health state                     = OK (5)
          Health details                   = "The component is operating normally. No action is required."
          Replication sync                 = 
          Use for external services access = yes
                                

    Delete NAS routes

    Delete a NAS route.

    Deleting a NAS route can break the connection between systems that use it, such as configured hosts.
    Format
    /net/nas/route -id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Specify the ID of the interface to delete.
    Example

    The following command deletes route route_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/route -id route_1 delete
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                                

    Manage Kerberos settings

    Settings for custom Kerberos key distribution center servers.

    Kerberos is a distributed authentication service designed to provide strong authentication with secret-key cryptography. It works on the basis of "tickets" that allow nodes communicating over a non-secure network to prove their identity in a secure manner. When configured to act as a secure NFS server, the NAS server uses the RPCSEC_GSS security framework and Kerberos authentication protocol to verify users and services. You can configure a secure NFS environment for a multiprotocol NAS server or one that supports Unix-only shares. In this environment, user access to NFS file systems is granted based on Kerberos principal names.

    Table 6. Kerberos attributes
    Attribute
    Description
    NAS server
    Kerberos realm configuration object, as identified by the NAS server ID.
    Realm
    Name of the Kerberos realm.
    Servers
    Comma separated list of DNS names for the Kerberos Key Distribution Center (KDC) servers.
    Port
    KDC servers TCP port. Default: 88.

    Configure Kerberos settings

    Set Kerberos settings for a NAS server.

    Format
    /net/nas/kerberos -server <value> set {-enabled no | [ -addr <value>] [-port <value>] [-realm <value>]}
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Action qualifiers
    Qualifier
    Description
    -enabled
    Enables Kerberos on the NAS server. Value is yes or no.
    -addr
    Specifies the DNS names of the Kerberos KDC servers, separated by commas.
    Setting addresses via IP and overriding them is not supported in this release. A fully qualified DNS name is expected.
    -port
    Specifies the TCP port of the KDC server. Value is any TCP port.
    -realm
    Identifies the Kerberos realm. When non-unique for the system, the operation returns an error.
    Example

    The following command configures a custom Kerberos realm for NAS server nas_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/kerberos -server nas_1 set -addr "master.mydomain.lab.emc.com,slave.mydomain.emc.com" -realm "MYDOMAIN.LAB.EMC.COM"
                                  Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                                

    View Kerberos settings

    View Kerberos settings.

    Format
    /net/nas/kerberos [{-server <value> | -realm <value>}] show
    Object qualifiers
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    -realm
    Identifies the associated Kerberos realm.
    Example

    The following command shows Kerberos settings for all of the storage system's NAS servers.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/kerberos show
                                  
    Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    NAS server = nas_2
          Realm      = TEST.LAB.EMC.COM
          Servers    = us67890.test.lab.emc.com
    
    2:    NAS server = nas_1
          Realm      = TEST.LAB.EMC.COM
          Servers    = us12345.test.lab.emc.com
    
    
                                

    Manage VLANs

    Network partitioning is provided through Virtual LANs. VLANs are statically allocated in the system, and the only allowed actions are to assign or de-assign a VLAN ID either to or from a specific tenant.

    Each VLAN is identified by an ID.

    The following table lists the attributes for VLANs.

    Table 7. VLAN attributes
    Attribute
    Description
    ID
    VLAN identifier.
    Tenant
    Tenant identifier, if assigned.
    Interface
    List of network interfaces that use this VLAN ID for network traffic tagging.

    View VLANs

    View details about configured VLANs. You can filter on the ID of the VLAN.

    Format
    /net/vlan show {-id <value> | [-from <value>] [-count <value>] [-inUse {yes | no}] [-assigned {yes [-tenant <value>] | no}]}
    Action qualifiers
    Qualifier
    Description
    -id
    Identifies the VLAN ID. Valid values are 1 to 4095. If specified, no other VLAN ID range, network interface or tenant assignment selectors are allowed.
    -from
    Specifies the lower boundary of the VLAN range to be displayed. Valid values are 1 to 4095. If omitted, the default value is 1.
    -count
    Specifies the number of items to be displayed. Valid values are 1 to 4095. If omitted, the default value is 10.
    -inUse
    Valid values are:
    • yes — Shows only those VLANs being used by a network interface. These VLANs cannot be moved to or from another tenant.
    • no — Shows only those VLANs that are not being used by a network interface.
    -assigned
    Valid values are:
    • yes — Shows only those VLANs that are assigned to a tenant.
    • no — Shows only those VLANs that are not assigned to a tenant.
    -tenant
    If specified, identifies the tenant.
    Example

    The following command displays information for VLANs that are in use starting from 100:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/vlan show -from 100 -inUse yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     VLAN      = 101
           Tenant    = tenant_1
           Interface = if_1,if_3
     
    2:     VLAN      = 105
           Tenant    =
           Interface = if_5
    
                            

    Manage tenants

    IP multi-tenancy provides the ability to assign multiple network namespaces to the NAS Servers on a storage processor. Tenants are used to create isolated file-based (CIFS/NFS) storage partitions. This enables cost-effective tenant management of available resources while ensuring that tenant visibility and management are restricted to assigned resources only.

    Each tenant can have its own:

    • VLAN domain
    • Routing table
    • IP firewall
    • Virtual interface, traffic separated from virtual device and in Linux Kernel layer
    • DNS server or other administrative servers to allow the tenant to have its own authentication and security validation from the Protocol layer

    Each tenant is identified by a Universally Unique Identifier (UUID).

    The following table lists the attributes for tenants.

    Table 8. Tenant attributes
    Attribute
    Description
    ID
    Tenant identifier
    Name
    Friendly name of the tenant.
    UUID
    Universally unique identifier of a tenant.
    VLAN
    Comma-separated list of VLAN IDs assigned to the tenant.

    Create a tenant

    Create a tenant.

    Format
    /net/tenant create -name <value> -uuid <value> [-vlan <value>]
    Action qualifiers
    Qualifier
    Description
    -name
    Specify the tenant name.
    -uuid
    Specify the Universally Unique Identifier of a tenant.
    -vlan
    Specify the comma-separated list of VLAN IDs that the tenant can use.
    Valid values are 1 to 4095; however, each specific VLAN ID can be assigned to a tenant if:
    1. It is not assigned to any other tenant.
    2. No existing network interfaces are tagged with the VLAN ID.
    Example

    The following command creates a tenant with these settings:

    • Tenant name is Tenant A.
    • UUID is b67cedd7-2369-40c5-afc9-9e8753b88dee.
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant create -name "Tenant A" -uuid b67cedd7-2369-40c5-afc9-9e8753b88dee
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = tenant_1
    Operation completed successfully.
    
                            

    View tenants

    View details about configured tenants. You can filter on the ID of the tenant.

    Format
    /net/tenant [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the tenant to be displayed.
    Example

    The following command displays tenant information:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID     = tenant_1
           Name   = Tenant A
           UUID   = b67cedd7-2369-40c5-afc9-9e8753b88dee
           VLAN   = 102,103,104
    
                            

    Change tenant settings

    Change the settings for a tenant.

    Format
    /net/tenant –id <value> set [ -name <value> ] { [-vlan <value>] | [-addVlan <value>] | [-removeVlan <value>] }
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the tenant.
    Action qualifiers
    Qualifier
    Description
    -name
    Specify the new name of the tenant.
    -vlan
    Specify the comma-separated list of VLAN IDs.
    Valid values for VLAN IDs are 1 to 4095. The new set of VLAN IDs is compared against VLAN IDs already assigned to this tenant. Mismatches are interpreted as if respective IDs were passed to -addVlan or -removeVlan qualifiers. For example, if VLANs 101,102, and103 are assigned to tenant X, the command:
                                            tenant -id X set -Vlan 101,102,104
                                          
    is equivalent to:
                                            tenant –id X set –removeVlan 103
    tenant –id X set –addVlan 104
    
                                          
    -addVlan
    Specify the VLAN ID to be assigned to the tenant.
    Valid values for VLAN IDs are 1 to 4095; however, each specific VLAN ID can be assigned to a tenant if:
    1. It is not assigned to any other tenant.
    2. No existing network interfaces are tagged with the VLAN ID.
    -removeVlan
    Specify the VLAN ID to be removed from the tenant.
    The VLAN ID can be removed only if it is not in use by any interface of any NAS server within this tenant.
    Example

    The following command changes the tenant settings for the list of VLAN IDs:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant –id tenant_1 set -vlan 101,102,104
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Delete a tenant

    Deletes an existing tenant. When you delete an existing tenant, the VLANs associated with that tenant become available for use with other tenants.

    Format
    /net/tenant -id <value> delete
    Object qualifiers
    Qualifier
    Description
    -id
    Identifies the tenant.
    Example

    The following command deletes a tenant.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/tenant –id tenant_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = tenant_1
    Operation completed successfully.
                            

    Manage CIFS Servers

    CIFS (SMB) servers use the CIFS protocol to transfer files. A CIFS server can participate as a member of a Windows Active Directory domain or operate independently of any Windows domain as a stand-alone CIFS server.

    The following table lists the attributes for CIFS servers.

    Table 9. CIFS Server attributes
    Attribute
    Description
    ID
    ID of the CIFS server.
    NAS server
    Associated NAS server ID.
    Name
    Name of the CIFS server account used when joining the Active Directory.
    Description
    Description of the CIFS server.
    NetBIOS name
    Server NetBIOS name.
    Windows domain
    Windows server domain name.
    User name
    Windows domain user name.
    Password
    Windows domain user password.
    Last used organization unit
    Last used Active Directory organizational unit.
    Workgroup
    Workgroup name.
    Workgroup administrator password
    Workgroup administrator password.

    Create a CIFS server

    Create a CIFS (SMB) server.

    Only one CIFS server per NAS server can be created.
    Format
    /net/nas/cifs create {-server <value> | -serverName <value>} [-name <value>] [-description <value>] [-netbiosName <value>] {-domain <value> -username <value> {-passwd <value> | -passwdSecure} [-orgUnit <value>] | -workgroup <value> {-adminPasswd <value> | -adminPasswdSecure}}
    Action qualifiers
    Qualifier
    Description
    -server
    Specifies the NAS server identifier.
    -serverName
    Specifies the NAS server name.
    -name
    Specifies the CIFS server name. By default, this is the same as the value for serverName. This value is ignored if the CIFS server is standalone.
    -description
    Specifies the description of the CIFS server.
    -netbiosName
    Specifies the CIFS server NetBIOS name. By default it is generated automatically based on the CIFS server name.
    -domain (valid only when joining the CIFS server to AD)
    Specifies Windows Active Directory domain name.
    -username (valid only when joining the CIFS server to AD)
    Specifies the Active Directory user that will be used to join the CIFS server to AD.
    -passwd (valid only when joining the CIFS server to AD)
    Specifies the AD user password.
    -passwdSecure (valid only when joining the CIFS server to AD)
    Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
    -orgUnit (valid only when joining the CIFS server to AD)
    Active directory organizational unit.
    -workgroup (valid only when configuring a stand-alone CIFS server)
    Specifies the workgroup of the stand-alone -workgroup CIFS server.
    -adminPasswd (valid only when configuring a stand-alone CIFS server)
    Specifies the local administrator account password of the stand-alone CIFS server.
    -adminPasswdSecure (valid only when configuring a stand-alone CIFS server)
    Specifies the password in secure mode. You will be prompted to enter the password and the password confirmation.
    Example

    The following command creates a CIFS server.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs create -server nas_0 -name CIFSserver1 -description "CIFS description" -domain domain.one.com -username user1 -passwd password1
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = CIFS_0
    Operation completed successfully.
                            

    View CIFS server

    The following command displays CIFS (SMB) server settings.

    Format
    /net/nas/cifs [{-id <value> | -name <value> | -server <value> | -serverName <value>}] show
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the CIFS server.
    -name
    Type the name of the CIFS server.
    -server
    Type the ID of the associated NAS server.
    -serverName
    Type the name of the associated NAS server.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID             = CIFS_0
           NAS server     = nas_0
           Name           = CIFSserver1
           Description    = CIFS description
           NetBIOS name   = CIFSserv
           Windows domain = domain.one.com
    
    
                            

    Change CIFS server settings

    Modify an existing CIFS (SMB) server.

    If moving a CIFS server from one domain to another, include the following options:

    • [-domain <value>]
    • [-newUsername <value> {-newPasswd <value> | -newPasswdSecure}]

    Note that you must specify the username and password of the domain to which the CIFS server was previously joined in order to perform the unjoin. You must also specify the user name and password of the new domain to which it will be joined.

    Format
    /net/nas/cifs {-id <value> | -name <value>} set [-name <value>] [-description <value>] [-netbiosName <value>] [-currentUsername <value> {-currentPasswd <value> | -currentPasswdSecure} | -skipUnjoin} ] { [-domain <value>] [-newUsername <value> {-newPasswd <value> | -newPasswdSecure} ] | [-orgUnit <value>] | -workgroup <value>] [ {-adminPasswd <value> | -adminPasswdSecure} ] }
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the CIFS server to change .
    -name
    Type the name of the CIFS server to change.
    Action qualifiers
    Qualifier
    Description
    -name
    Specifies the new CIFS server name.
    -description
    Specifies the description of the CIFS server.
    -netbiosName
    Specifies the new CIFS server NetBIOS name.
    -domain
    Specifies the new Windows server domain name.
    -orgUnit
    Active Directory organizational unit.
    -currentUsername
    Specifies the current domain user.
    -currentPasswd
    Specifies the current domain user password.
    -currentPasswdSecure
    Specifies the current password in secure mode - the user will be prompted to input the password and the password confirmation.
    -skipUnjoin
    Do not unjoin the CIFS server from an AD domain.
    -newUsername
    Specifies the new domain user.
    -newPasswd
    Specifies the new domain user password.
    -newPasswdSecure
    Specifies the new password in secure mode - the user will be prompted to input the password and the password confirmation.
    -workgroup
    Specifies the new workgroup of the stand-alone CIFS server.
    -adminPasswd
    Specifies the new local admin password of the stand-alone CIFS server.
    -adminPasswdSecure
    Specifies the password in secure mode - the user will be prompted to input the password and the password confirmation.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs -id CIFS_0 set -workgroup MyWorkgroup -adminPasswd MyPassword
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = CIFS_0
    Operation completed successfully.
    
    
                            

    Delete a CIFS server

    Delete an existing CIFS (SMB) server.

    When you delete an existing CIFS server or convert it to a stand-alone configuration, you must specify the current credentials (username and password) to properly unjoin it from the domain and remove the computer account from Active Directory. You can use the -skipUnjoin option to delete the CIFS server without removing the computer account from AD. (This will require the administrator to manually remove the account from AD.) The -skipUnjoin option can also be used when AD is not operational or cannot be reached. If you ran this command without the username and password, you will not be able to join the CIFS server with the same name back again. To join the same CIFS server back to the domain, you will then need to first change its name.
    Format
    /net/nas/cifs {-id <value> | -name <value>} delete [ {-username <value> {-passwd <value> | -passwdSecure} | -skipUnjoin} ]
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the CIFS server to delete.
    -name
    Identifies the CIFS server name.
    Action qualifiers
    Qualifier
    Description
    -username
    Specifies the domain username. Not required for stand-alone CIFS servers.
    Specify the username when you want to unjoin the CIFS server from the AD domain before deleting it.
    -passwd
    Specifies the domain user password. Not required for stand-alone CIFS servers.
    Specify the user password when you want to unjoin the CIFS server from the AD domain before deleting it.
    -passwdSecure
    Specifies the password in secure mode. This prompts the user to input the password.
    -skipUnjoin
    Does not unjoin the CIFS server from the AD domain before deleting it.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cifs -id CIFS_0 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = CIFS_0
    Operation completed successfully.
    
                            

    Manage NFS servers

    NFS servers use the NFS protocol to transfer files.

    The following table lists the attributes for NAS servers.

    Table 10. NFS Server attributes
    Attribute
    Description
    ID
    ID of the NFS server.
    NAS server
    Associated NAS server ID.
    Hostname
    NFS server hostname. When an SMB server is joined to an Active Directory (AD) domain, the NFS server hostname is defaulted to the SMB computer name. If you configure NFS secure to use a custom realm for Kerberos authentication, this hostname can be customized.
    NFSv4 enabled
    Indicates whether NFS shares can be accessed by using the NFSv4 protocol. Valid values are yes or no (default is no).
    Secure NFS enabled
    Indicates whether secure NFS (with Kerberos) is enabled. Value is yes or no.
    Kerberos KDC type
    Indicates the type of KDC realm to use for NFS secure. Value is one of the following:
    • Windows — Use the Windows realm associated with the SMB server configured on the NAS server. If you configure secure NFS using this method, SMB support cannot be deleted from the NAS server while secure NFS is enabled and configured to use the Windows realm.
    • custom — Configure a custom realm to point to any type of Kerberos realm. (Windows, MIT, Heidmal). If you configure secure NFS using this method, you must upload the keytab file to the NAS server being defined. Refer to Configure Kerberos settings for more information.
    Service principal name
    Comma-separated list of service principal names to used to authenticate to the Kerberos realm. The name is automatically deducted from the NFS server hostname and the selected realm.
    Extended Unix credentials enabled
    Use more than 16 Unix groups. Value is yes or no (default).
    Credentials cache retention
    Credentials cache refreshing timeout, in minutes.

    Create an NFS server

    Create an NFS server.

    Only one NFS server per NAS server can be created.
    Format
    /net/nas/nfs create {-server <value> | -serverName <value>} [-hostname <value>] [-v4 {yes | no}] [-secure {no | yes [-kdcType {Windows | custom}]}] [-username <value> {-passwd <value> | -passwdSecure}] [-extendedUnixCredEnabled {yes|no}] [-credCacheRetention <value>]
    Action qualifiers
    Qualifier
    Description
    -server
    Specifies the NAS server identifier.
    -serverName
    Specifies the NAS server name.
    -hostname
    Specifies the hostname for the NFS server. This is used in Kerberos and DNS registration, so that the client can specify this name when mounting exports. By default, the hostname is the same as the SMB computer name or NAS server name.
    -v4
    Indicates whether NFS shares can be accessed using the NFSv4 protocol. Value is yes or no (default).
    -secure
    Indicates whether to enable secure NFS (with Kerberos). Value is yes or no (default). To enable secure NFS, you must also configure the NAS server Kerberos object, specify a corresponding KDC type using the -kdcType qualifier, and upload the keytab file (generated with kadmin).
    -kdcType
    Specifies the type of type of KDC realm to use for NFS secure. Value is one of the following:
    • windows - Use the Windows realm associated with the SMB-enabled NAS server. If you configure secure NFS using this method, SMB support cannot be deleted from the NAS server while secure NFS is enabled and configured to use the Windows realm.
    • custom - Configure a custom realm to point to any type of Kerberos realm. (Windows, MIT, Heidmal). If you configure secure NFS using this method, you must upload the keytab file to the NAS server being defined. Refer to Configure Kerberos settings for more information.
    -username
    (Applies when the -kdcType is Windows.) Specifies a user name with administrative rights to register the service principal in the AD domain.
    -passwd
    (Applies when the -kdcType is Windows.) Specifies the AD domain administrator password.
    -passwdSecure
    Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
    -extendedUnixCredEnabled
    Specifies whether there are more than 16 Unix groups. Valid value is yes or no (default).
    -credCacheRetention
    Specifies the amount of time (in minutes) when the credential cache refreshes or times out. Default value is 15 minutes.
    Example

    The following command creates an NFS server on NAS server nas_1 with ID nfs_1 that supports NFSv4 and NFS secure.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs create -server nas_1 -v4 yes -secure yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nfs_1
    Operation completed successfully.
    
    
                            

    View an NFS server

    The following command displays NFS server settings.

    Format
    /net/nas/nfs [{-id <value> | -server <value> | -serverName <value> | -hostname <value>}] show
    Object qualifiers
    Qualifier
    Description
    -id
    Type the ID of the NFS server to view.
    -server
    Type the ID of the associated NAS server.
    -serverName
    Type the name of the associated NAS server.
    -hostname
    Type the hostname for the NFS server. The FDQN or short name formats are supported.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID                                = nfs_1
           NAS server                        = nas_1
           Hostname                          = SATURN
           NFSv4 enabled                     = yes
           Secure NFS enabled                = yes
           Kerberos KDC type                 = Windows
           Service principal name            = nfs/SATURN.domain.lab.emc.com, nfs/SATURN
           Extended Unix credentials enabled = no
           Credentials cache retention       = 15 
    
                            

    Change NFS server settings

    Modify an existing NFS server.

    Format
    /net/nas/nfs [-id <value>] set [-hostname <value>] [-v4 {yes | no}] [-secure {no | yes [-kdcType {Windows | custom}]}] [-username <value> {-passwd <value> | -passwdSecure}] [-extendedUnixCredEnabled {yes | no}] [-credCacheRetention <value>]
    Qualifier
    Description
    -id
    Identifies the NFS server to change.
    Action qualifiers
    Qualifier
    Description
    -hostname
    Specifies the new hostname for the NFS server. This is used in Kerberos and DNS registration, so that the client can specify this name when mounting exports. By default, the hostname is the same as the SMB computer name or NAS server name
    -v4
    Indicates whether NFS shares can be accessed using the NFSv4 protocol. Valid values are yes or no.
    -secure
    Indicates whether to enable secure NFS (with Kerberos). Value is yes or no. To enable secure NFS, you must also configure the NAS server Kerberos object, specify a corresponding KDC type using the -kdcType qualifier, and upload the keytab file (generated with kadmin).
    -kdcType
    Specifies the type of type of KDC realm to use for NFS secure. Value is one of the following:
    • Windows - Use the Windows realm associated with the SMB server configured on the NAS server. If you configure secure NFS using this method, SMB support cannot be deleted from the NAS server while secure NFS is enabled and configured to use the Windows realm.
    • custom - Configure a custom realm to point to any type of Kerberos realm (Windows, MIT, Heidmal). If you configure secure NFS using this method, you must upload the keytab file to the NAS server being defined. Refer to Configure Kerberos settings for more information.
    -username
    (Applies when the -kdcType is Windows.) Specifies a user name with administrative rights to register the service principal in the AD domain.
    -password
    (Applies when the -kdcType is Windows.) Specifies the AD domain administrator password.
    -passwdSecure
    Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
    -skipUnjoin
    (Applies when the KDC realm type is Windows.) Deletes the NFS server without automatically unregistering the NFS service principals from the AD domain.
    -extendedUnixCredEnabled
    Specifies whether there are more than 16 Unix groups. Valid values are yes or no.
    -creditCacheRetention
    Specifies the amount of time (in minutes) when the credential cache refreshes or times out. Default value is 15 minutes.
    Example

    The following command changes the credit cache retention period for NFS server nfs_1.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs -id nfs_1 set -credCacheRetention 20
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = nfs_1
    Operation completed successfully.
    
                            

    Delete an NFS server

    Delete an existing NFS server. The NFS server cannot be deleted if it has any associated resources, such as NFS shares, on the NAS server.

    Format
    /net/nas/nfs -id <value> delete [-username <value> {-passwd <value> | -passwdSecure}] [-skipUnjoin]
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the NFS server to delete.
    Action qualifiers
    Qualifier
    Description
    -username (applies when the KDC realm type is Windows)
    Specifies a user name with administrative rights to unregister the service principal from the AD domain.
    -passwd (applies when the KDC realm type is Windows)
    Specifies the AD domain administrator password.
    -passwdSecure
    Specifies the password in secure mode. The user will be prompted to input the password and the password confirmation.
    -skipUnjoin (applies when the KDC realm type is Windows)
    Deletes the NFS server without automatically unregistering the NFS service principals from the AD domain.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/nfs -id nfs_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage Common Anti Virus Agent (CAVA)

    The following table lists the attributes for CAVA:

    Table 11. CAVA attributes
    Attribute
    Description
    NAS server
    Associated NAS server identifier.
    Enabled
    Indicates if CAVA is enabled. Valid values are:
    • yes
    • no
    Before you can enable CAVA, you must first upload a CAVA configuration file to the NAS server. See View the switches for details on how to upload the configuration file.

    View CAVA settings

    View details about CAVA settings.

    Format
    /net/nas/cava [-server <value>] show
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Example

    The following command displays the CAVA settings:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cava show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1:     NAS server  = nas_0
           Enabled     = yes
    
    2:     NAS server  = nas_1
           Enabled     = no
                            

    Change CAVA settings

    Modify the CAVA settings.

    Format
    /net/nas/cava -server <value> set -enabled {yes | no}
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Action qualifier
    Qualifier
    Description
    -enabled
    Specify whether CAVA is enabled. Valid values are:
    • yes
    • no
    Before you can enable CAVA, you must first upload a CAVA configuration file to the NAS server. See View the switches for details on how to upload the configuration file.
    Example

    The following command enables CAVA:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/cava -server nas_1 set -enabled yes
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage Events Publishing configuration settings

    Events Publishing allows third-party applications to register to receive event notification and context from the storage system when accessing file systems by using the SMB or NFS protocols. The Common Event Publishing Agent (CEPA) delivers to the application both event notification and associated context in one message. Context may consist of file metadata or directory metadata that is needed to decide business policy.

    You must define at least one event option (pre-, post-, or post-error event) when Events Publishing is enabled.

    • Pre-event notifications are sent before processing an SMB or NFS client request.
    • Post-event notifications are sent after a successful SMB or NFS client request.
    • Post-error event notifications are sent after a failed SMB or NFS client request.
    Table 12. Events Publishing attributes
    Attributes
    Description
    NAS server
    Identifies the associated NAS server.
    Enabled
    Identifies whether Events Publishing is enabled on the NAS Server. Valid values are:
    • yes
    • no (default)
    Pre-event failure policy
    Policy applied when a pre-event notification fails. Valid values are:
    • ignore (default) - indicates that when a pre-event notification fails, it is acknowledged as being successful.
    • deny - indicates that when a pre-event notification fails, the request of the SMB or NFS client is not executed by the storage system. The client receives a 'denied' response.
    Post-event failure policy
    Policy applied when a post-event notification fails. The policy is also applied to post-error events. Valid values are:
    • ignore (default) - continue and tolerate lost events.
    • accumulate - continue and use a persistence file as a circular event buffer for lost events.
    • guarantee - continue and use a persistence file as a circular event buffer for lost events until the buffer is filled, and then deny access to file systems where Events Publishing is enabled.
    • deny - on CEPA connectivity failure, deny access to file systems where Events Publishing is enabled.
    HTTP port
    HTTP port number for connectivity to the CEPA server. The default value is 12228. The HTTP protocol is used to connect to CEPA servers. It is not protected by a username or password.
    HTTP enabled
    Identifies whether connecting to CEPA servers by using the HTTP protocol is enabled. When enabled, a connection by using HTTP is tried first. If HTTP is either disabled or the connection fails, then connection through the MS-RPC protocol is tried if all CEPA servers are defined by a fully-qualified domain name (FQDN). When an SMB server is defined in a NAS server in the Active Directory (AD) domain, the NAS server's SMB account is used to make an MS-RPC connection. Valid values are:
    • yes (default)
    • no
    Username
    When using the MS-RPC protocol, name of a Windows user allowed to connect to CEPA servers.
    Password
    When using the MS-RPC protocol, password of the Windows user defined by the username.
    Heartbeat
    Time interval (in seconds) between scanning CEPA servers to detect their online or offline status. The default is 10 seconds. The range is from 1 through 120 seconds.
    Timeout
    Time in ms to determine whether a CEPA server is offline. The default is 1,000 ms. The range is from 50 ms through 5,000 ms.
    Health state
    Health state of Events Publishing. The health state code appears in parentheses. Valid values are:
    • OK (5) - the Events Publishing service is operating normally.
    • OK_BUT (7) - some CEPA servers configured for the NAS server cannot be reached.
    • Minor failure (15) - the Events Publishing service is not functional.
    • Major failure (20) - all CEPA servers configured for the NAS server cannot be reached.
    Health details
    Additional health information. See Appendix A, Reference, for details.

    View CEPA configuration settings

    View details about CEPA configuration settings.

    Format
    /net/nas/event/config [-server <value>] show
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Example

    The following example displays the CEPA settings.

    uemcli /net/nas/event/config -server nas_1 show -detail
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    1:     NAS server                = nas_1
           Enabled                   = yes    
           Pre-event failure policy  = ignore
           Post-event failure policy = ignore
           HTTP port                 = 12228
           HTTP enabled              = yes
           Username                  = user1
           Heartbeat                 = 10s
           Timeout                   = 1000ms
           Health state              = OK (5)
           Health details            = The Events Publishing Service is operating normally.
                            

    Change CEPA configuration settings

    Modify the Events Publishing configuration. When you create a NAS server, an Events Publishing configuration object is automatically created with default values.

    Format
    /net/nas/event/config –server <value> set [-enabled {yes | no}] [-preEventPolicy {ignore | deny}] [-postEventPolicy {ignore | accumulate | guarantee | deny}] [-httpPort <value>] [-httpEnabled {yes | no}] [-username <value> {-passwd <value> | -passwdSecure}] [-heartbeat <value>] [-timeout <value>]
    Object qualifier
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    Action qualifiers
    Qualifier
    Description
    -enabled
    Identifies whether Events Publishing is enabled on the NAS Server. Valid values are:
    • yes
    • no (default)
    -preEventPolicy
    Identifies the policy applied when a pre-event notification fails. Valid values are:
    • ignore (default) - indicates that when a pre-event notification fails, it is acknowledged as being successful.
    • deny - indicates that when a pre-event notification fails, it is acknowledged with a 'denied' answer.
    -postEventPolicy
    Identifies the policy applied when a post-event notification fails. The policy is also applied to post-error events. Valid values are:
    • ignore (default) - continue and tolerate lost events.
    • accumulate - continue and use a persistence file as a circular event buffer for lost events.
    • guarantee - continue and use a persistence file as a circular event buffer for lost events until the buffer is filled, and then deny access to file systems where Events Publishing is enabled.
    • deny - on CEPA connectivity failure, deny access to file systems where Events Publishing is enabled.
    -httpPort
    HTTP port number used for connectivity to the CEPA server. The default value is 12228. The HTTP protocol is used to connect to CEPA servers. It is not protected by a username or password.
    -httpEnabled
    Specifies whether connecting to CEPA servers by using the HTTP protocol is enabled. When enabled, a connection by using HTTP is tried first. If HTTP is either disabled or the connection fails, then connection through the MS-RPC protocol is tried if all CEPA servers are defined by a fully-qualified domain name (FQDN). The SMB account of the NAS server in the Active Directory domain is used to make the connection by using MS-RPC. Valid values are (case insensitive):
    • yes (default)
    • no
    -username
    Name of a Windows user who is allowed to connect to CEPA servers.
    To ensure that a secure connection (by using the Microsoft RPC protocol) is used, you must disable HTTP by setting -httpEnabled=no.
    -passwd
    Password of the Windows user defined by the username.
    -passwdSecure
    Specifies the password in secure mode. The user is prompted to specify the password.
    -heartbeat
    Time interval between scanning CEPA servers (in seconds) to detect their online or offline status. The default is 10 seconds. The range is from 1 through 120 seconds.
    -timeout
    Time in ms to determine whether a CEPA server is offline. The default is 1,000 ms. The range is from 50 ms through 5,000 ms.
    Example

    The following command enables Events Publishing and sets the post-event policy to accumulate.

    uemcli /net/nas/event/config -server nas_1 set -enabled yes -postEventPolicy accumulate
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage CEPA pool configuration settings

    Event pools configure the types of events published by the NAS Server, and the addresses of CEPA servers.

    Events Publishing must be enabled for both the NAS server and the file system. Certain types of events can be enabled for either the NFS protocol, the SMB protocol, or both NFS and SMB on a file system basis.

    Table 13. CEPA pool attributes
    Attributes
    Description
    ID
    Identifies the Events Publishing pool.
    NAS server
    Identifies the associated NAS server.
    Name
    Identifies the Events Publishing pool name.
    Addresses
    Addresses of the CEPA servers. A CEPA pool allows using IPv4, IPv6, and FQDN addresses.
    Replication sync
    Applicable only when the NAS server is replicated through a replication session. Valid values are:
    • Not replicated
    • Auto synchronized – indicates that the Events Publishing pool servers list is automatically synchronized over the replication session to the destination. Any modify and delete operations on the source are automatically reflected on the destination.
    • Overridden – indicates that the Events Publishing pool servers list is manually modified or overridden on the destination side.

    When an Events Publishing pool servers list is created on the source of a replication, it is auto-synchronized to the destination NAS server.

    IP address changes or deletions from the Events Publishing pool servers list on a source Events Publishing server have no effect on overridden Events Publishing pool servers on the destination.

    Source addresses
    Addresses of the CEPA servers defined on the replication source. A CEPA pool allows using IPv4, IPv6, and FQDN addresses.
    Pre-events
    Lists the selected pre-events. The NAS server sends a request event notification to the CEPA server before an event occurs and processes the response. The valid events are defined in the table that follows.
    Post-events
    Lists the selected post-events. The NAS server sends a notification after an event occurs. The valid events are defined in the table that follows.
    Post-error events
    Lists the selected post-error events. The NAS server sends notification after an event generates an error. The valid events are defined in the table that follows.
    Table 14. Event descriptions
    Value
    Definition
    Protocol
    OpenFileNoAccess
    Sends a notification when a file is opened for a change other than read or write access (for example, read or write attributes on the file).
    • SMB/CIFS
    • NFS (v4)
    OpenFileRead
    Sends a notification when a file is opened for read access.
    • SMB/CIFS
    • NFS (v4)
    OpenFileReadOffline
    Sends a notification when an offline file is opened for read access.
    • SMB/CIFS
    • NFS (v4)
    OpenFileWrite
    Sends a notification when a file is opened for write access.
    • SMB/CIFS
    • NFS (v4)
    OpenFileWriteOffline
    Sends a notification when an offline file is opened for write access.
    • SMB/CIFS
    • NFS (v4)
    OpenDir
    Sends a notification when a directory is opened.
    SMB/CIFS
    FileRead
    Sends a notification when a file read is received over NFS.
    NFS (v3/v4)
    FileWrite
    Sends a notification when a file write is received over NFS.
    NFS (v3/v4)
    CreateFile
    Sends a notification when a file is created.
    • SMB/CIFS
    • NFS (v3/v4)
    CreateDir
    Sends a notification when a directory is created.
    • SMB/CIFS
    • NFS (v3/v4)
    DeleteFile
    Sends a notification when a file is deleted.
    • SMB/CIFS
    • NFS (v3/v4)
    DeleteDir
    Sends a notification when a directory is deleted.
    • SMB/CIFS
    • NFS (v3/v4)
    CloseModified
    Sends a notification when a file is changed before closing.
    • SMB/CIFS
    • NFS (v4)
    CloseUnmodified
    Sends a notification when a file is not changed before closing.
    • SMB/CIFS
    • NFS (v4)
    CloseDir
    Sends a notification when a directory is closed.
    SMB/CIFS
    RenameFile
    Sends a notification when a file is renamed.
    • SMB/CIFS
    • NFS (v3/v4)
    RenameDir
    Sends a notification when a directory is renamed.
    • SMB/CIFS
    • NFS (v3/v4)
    SetAclFile
    Sends a notification when the security descriptor (ACL) on a file is changed.
    SMB/CIFS
    SetAclDir
    Sends a notification when the security descriptor (ACL) on a directory is changed.
    SMB/CIFS
    SetSecFile
    Sends a notification when a file security change is received over NFS.
    NFS (v3/v4)
    SetSecDir
    Sends a notification when a directory security change is received over NFS.
    NFS (v3/v4)

    Create a CEPA pool

    Create a CEPA pool.

    Format
    /net/nas/event/pool create -server <value> -name <value> -addr <value> [-preEvents <value>] [-postEvents <value>] [-postErrEvents <value>]
    Action qualifiers
    Qualifier
    Description
    -server
    Identifies the associated NAS server.
    -name
    Specifies a CEPA pool name. The name must be unique for each NAS server.
    -addr
    Specifies a comma-separated list of addresses of the CEPA servers. You can specify IPv4, IPv6, and FQDN addresses.
    -preEvents
    Specifies the comma-separated list of pre-events.
    -postEvents
    Specifies the comma-separated list of post-events.
    -postErrEvents
    Specifies the comma-separated list of post-error events.
    Example

    The following command creates a CEPA pool and a list of post events for which to be notified.

    uemcli /net/nas/event/pool create -server nas_1 -name mypool1 -addr 10.1.2.100 -postEvents CreateFile,DeleteFile
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    ID = cepa_pool_1
    Operation completed successfully.
                            

    View CEPA pool settings

    View details about a CEPA pool.

    Format
    /net/nas/event/pool [{-id <value> | -server <value> | -name <value>}] show
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the Events Publishing pool.
    -server
    Identifies the associated NAS server.
    -name
    Identifies the Events Publishing pool name.
    Example

    The following command displays information about a CEPA pool.

    uemcli /net/nas/event/pool -server nas_1 show
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    1:     ID                 = cepa_pool_1
           NAS server         = nas_1
           Name               = MyCepaPool
           Addresses          = 10.1.2.2
           Pre-events         = 
           Post-events        = CreateFile, DeleteFile
           Post-error events  =
                            

    Change CEPA pool settings

    Modify settings for an existing Events Publishing pool.

    Format
    /net/nas/event/pool -id <value> set [-name <value>] [-addr <value>] [-preEvents <value>] [-postEvents <value>] [-postErrEvents <value>] [-replSync {auto | overridden}]
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the Events Publishing pool.
    Action qualifiers
    Qualifier
    Description
    -name
    Specifies a CEPA Pool name. The name is unique for any specified NAS server.
    -addr
    Specifies a comma-separated list of addresses of the CEPA servers. A CEPA pool allows IPv4, IPv6, and FQDN addresses.
    -preEvents
    Specifies the comma-separated list of pre-events.
    -postEvents
    Specifies the comma-separated list of post-events.
    -postErrEvents
    Specifies the comma separated list of post-error events.
    -replSync
    Applicable only when the NAS server is operating as a replication destination. The valid values are:
    • auto – indicates that the Events Publishing pool servers list is automatically synchronized over the replication session to the destination. Any change and delete operations on the source are automatically reflected on the destination.
    • overridden – indicates that the Events Publishing pool servers list is manually changed or overridden on the destination side.

    When a replicated Events Publishing pool servers list is created on the source Events Publishing server, it is auto-synchronized to the destination.

    Changes or deletions of IP addresses from the Events Publishing pool servers list on a source Events Publishing service have no effect on an overridden Events Publishing pool servers list on the destination.

    Example

    The following command changes the name for a CEPA pool.

    uemcli /net/nas/event/pool -id cepa_pool_1 set -name TestCepaPool
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    ID = cepa_pool_1
    Operation completed successfully.
                            

    Delete a CEPA pool

    Deletes a CEPA pool.

    Before you begin

    The Events Publishing service requires at least one CEPA pool. If you delete the last CEPA pool, the Events Publishing service becomes disabled.

    Format
    /net/nas/event/pool [{-id <value> | -name <value>}] delete
    Object qualifiers
    Qualifier
    Description
    -id
    Identifies the Events Publishing pool.
    -name
    Identifies the Events Publishing pool name.
    Example

    The following command deletes a CEPA pool.

    uemcli /net/nas/event/pool –id cepa_pool_1 delete
                              Storage system address: 10.1.2.100
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage VMware NAS protocol endpoint servers

    VMware protocol endpoint servers are NFS-based NAS servers enabled to provide an I/O path from the VMware host to it's respective File VVol datastore on the storage system.

    When creating a NAS protocol endpoint server, you can choose which IP address the NAS PE will use from the list of IP interfaces already created for the NAS server. It is recommended that you enable at least two NAS servers for VVols, one on each SP, for high availability. The system will select one of these NAS PEs automatically based on which will maximize throughput.

    Table 15. Protocol endpoint server attributes
    Attribute
    Description
    ID
    VMware protocol endpoint identifier.
    NAS server
    Identifier of the associated NAS server for NAS PEs.
    NAS server interface
    Identifier of the NAS server IP interface to be used by the VMware NAS protocol endpoint server.
    Only one VMware protocol endpoint server per NAS server is supported.

    Create protocol endpoint servers

    Create VMware protocol endpoints servers for File VVols.

    Format
    /net/nas/vmwarepe create [-async] {-server <value> | -serverName <value>} -if <value>
    Action qualifier
    Qualifier
    Description
    -async
    Run the operation in asynchronous mode.
    -server
    Type the identifier of the NAS server.
    -serverName
    Type the name of the NAS server.
    -if
    Type the name of the identifier for the NAS IP interface to be used by the VMware protocol endpoint server.
    Example

    The following example creates a protocol endpoint server on NAS server "nas_1" with the IP interface "if_1".

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/vmwarepe create -server nas_1 -if if_ 1
                              Storage system address: 10.0.0.1 
    Storage system port: 443 
    HTTPS connection 
    
    ID = PES_0 
    Operation completed successfully. 
                            

    View VMware protocol endpoint servers

    View VMware protocol endpoints servers for File VVols.

    Format
    /net/nas/vmwarepe [{-id <value> | -server <value> | -serverName <value>}] show
    Action qualifier
    Qualifier
    Description
    -id
    Type the identifier of the NAS protocol endpoint server.
    -server
    Type the identifier of the associated NAS server.
    -serverName
    Type the name of the associated NAS server.
    Example

    The following example shows the details for all of the VMware protocol endpoint servers on the system.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/nas/vmwarepe show -detail
                              Storage system address: 10.0.0.1 
    Storage system port: 443 
    HTTPS connection 
    
    1:     ID                   = PES_0
           NAS server           = nas_1
           NAS server interface = if_1 
                            

    Delete protocol endpoint servers

    Delete a VMware protocol endpoints server.

    Format
    /net/nas/vmwarepe -id <value> delete [-async] [-force]
    Object qualifiers
    Qualifier
    Description
    -id
    Type the identifier or the VMware protocol endpoint server to be deleted.
    Action qualifiers
    Qualifier
    Description
    -async
    Run the operation in asynchronous mode.
    -force
    Unconditionally removes all VMware NAS protocol endpoints using the VMware protocol endpoint server and unbinds all virtual volumes using the protocol endpoint server.
    Example

    The following example deletes VMware NAS protocol endpoint server "PES_0".

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/nas/vmwarepe –id PES_0 delete
                              Storage system address: 10.0.0.1 
    Storage system port: 443 
    HTTPS connection 
    
    Operation completed successfully. 
                            

    Manage reverse CHAP for mutual CHAP authentication

    The Challenge Handshake Authentication Protocol (CHAP) is a security protocol that defines a method for authenticating hosts (initiators) and iSCSI nodes (targets). When CHAP is enabled, an iSCSI target will “challenge” an initiator that attempts to establish a connection with it. If the initiator does not respond with a valid password (called a secret), the target refuses the connection. CHAP authentication can be one-way, where only the target authenticates the initiator, or reverse (also called mutual), where the target and initiator authenticate each other. Compared to one-way CHAP, enabling reverse CHAP provides an extra level of security. To set one-way CHAP authentication, create an iSCSI CHAP account for a host. Manage iSCSI CHAP accounts for one-way CHAP authentication explains the commands for configuring one-way CHAP authentication.

    For reverse CHAP, the secret password you specify applies to all iSCSI nodes on the system. Also, the CHAP secret specified for any host configuration must be different from the reverse CHAP password specified for iSCSI nodes.

    The iSCSI reverse CHAP object manages the username/secret used by the target (storage system) to respond to a challenge from an initiator (host).

    Specify reverse CHAP secret settings

    The following table lists the iSCSI reverse CHAP attributes.

    Table 16. iSCSI reverse CHAP attributes
    Attribute
    Description
    Username
    The reverse CHAP user name.
    Secret
    The reverse CHAP secret (password).
    Secret format
    The reverse CHAP input format. Value is one of the following:
    • ascii - ASCII format
    • hex - Hexadecimal format

    Sets the reverse CHAP username and secret.

    Format
    /net/iscsi/reversechap set { [–username <value>] {-secret <value> | -secretSecure} [-secretFormat { ascii | hex } ] | -noChap}
    Action qualifiers
    Qualifier
    Description
    -username
    The reverse CHAP user name.
    -secret
    Specifies the reverse CHAP secret (password).
    Restrictions: the CHAP secret is an ASCII string that is 12 to 16 characters. Hexadecimal secrets are 12 to 16 pairs of data (24 to 32 characters).
    -secretSecure
    Specifies the password in secure mode - the user will be prompted to input the password.
    -secretFormat
    The reverse CHAP input format. Value is one of the following:
    • ascii - ASCII format
    • hex - Hexadecimal format
    -noChap
    Remove the reverse CHAP credentials.
    Example
    uemcli /net/iscsi/reversechap set -secret xyz0123456789
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    View reverse CHAP secret settings

    View whether a reverse CHAP secret password has been configured for iSCSI nodes.

    The show action command explains how to change the output format.
    Format
    /net/iscsi/reversechap show
    Example

    The following command shows the current reverse CHAP setting:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/reversechap show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:       Username = ReverseChapUser
    
                            

    Set up iSNS for iSCSI storage

    The iSNS protocol (iSNSP) allows centralized management of iSCSI devices. An iSNS server can provide services such as remote discovery and configuration for iSCSI nodes and hosts. When iSNSP is in use, both the iSCSI nodes (targets) and hosts (initiators) on the network must be configured to use the iSNS server. You create a single iSNS server record for the system. The following table lists the attributes for iSNS server records.

    Table 17. iSNS server record attributes
    Attribute
    Description
    ID
    ID of the iSNS server record.
    Server
    Name or IP address of an iSNS server.

    Create iSNS server records

    Create an iSNS server record to specify an iSNS server for the system to use. When you create an iSNS server record, it will overwrite the existing record on the system.

    Format
    /net/iscsi/isns create -server <value>
    Action qualifiers
    Qualifier
    Description
    -server
    Type the name or IP address of the iSNS server.
    Example

    The following command creates an iSNS server record for server IP address 10.5.2.128. The server record receives the ID iSNS_10.5.2.128:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns create –server 10.5.2.128
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = isns_0
    Operation completed successfully.
    
                            

    View iSNS server records

    View details for configured iSNS server records.

    The show action command explains how to change the output format.
    Format
    /net/iscsi/isns show
    Example

    The following command shows details for the iSNS server record:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = isns_0
    Operation completed successfully.
    
                            

    Delete iSNS server records

    Delete an iSNS server record.

    Format
    /net/iscsi/isns -id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the iSNS server record to delete.
    Example

    The following command deletes the iSNS server record isns_0:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns -id isns_0 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Change iSNS server record settings

    Modify an existing iSNS server record.

    Format
    /net/iscsi/isns -id <value> set -server <value>
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the iSNS server record to delete.
    Action qualifiers
    Qualifier
    Description
    -server
    New IP address associated with the iSNS server.
    Example

    The following command modifies the iSNS server record:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/isns -id isns_0 set -server 10.5.2.130
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = isns_0
    Operation completed successfully.
    
                            

    Manage iSCSI configuration

    The following table lists the attributes for iSCSI configuration.

    Table 18. ISCSI configuration attributes
    Attribute
    Description
    CHAP required
    Specifies whether CHAP authentication is required in order to access iSCSI storage. Valid values are:
    • yes
    • no

    View iSCSI configuration

    View details about the iSCSI configuration.

    Format
    /net/iscsi/config show
    Example

    The following command shows details for the iSCSI configuration:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/config show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1: CHAP required = yes
    
                            

    Change iSCSI configuration

    Modify the iSCSI configuration.

    Format
    /net/iscsi/config set -chapRequired {yes | no}
    Object qualifier
    Qualifier
    Description
    -chapRequired
    Specify whether CHAP authentication is required. Values are case-sensitive. Valid values are:
    • yes
    • no
    Example

    The following command denies host access without CHAP authentication:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/config set -chapRequired yes
                              Storage system address:10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage iSCSI nodes (servers)

    iSCSI nodes, or iSCSI Servers, are software components on the system that are dedicated to managing operations for data transferred through the iSCSI protocol. iSCSI nodes run on each Ethernet port and communicate with network hosts through the SP ports.

    iSCSI nodes handle storage creation, monitoring, and management tasks for iSCSI LUNs. Hosts connect to the LUN through iSCSI initiators.

    Each iSCSI node is identified by an ID.

    Manage reverse CHAP for mutual CHAP authentication explains how to configure reverse CHAP authentication between iSCSI hosts and nodes.

    The following table lists the attributes for iSCSI nodes.

    Table 19. iSCSI node attributes
    Attribute
    Description
    ID
    ID of the iSCSI node.
    Alias
    Name of the iSCSI node.
    IQN
    iSCSI qualified name (IQN) for the node. The iSCSI protocol outlines a specific address syntax for iSCSI devices that communicate on a network. The iSCSI addresses are called IQNs. Each IQN includes a Type field, Date field, Naming Authority field, and String field. For example: iqn.1992-07.com.emc:apm000650039080000-3
    SP
    Primary SP on which the node runs..
    Health state
    Health state of the iSCSI node. The health state code appears in parentheses. Value is one of the following:
    • Unknown (0) — Status is unknown.
    • OK (5) — Working correctly.
    • Degraded/Warning (10) — Working and performing all functions, but the performance may not be optimum.
    • Critical failure (25) — Failed and recovery may not be possible. This condition has resulted in data loss and should be remedied immediately.
    Health details
    Additional health information. See Appendix A, Reference, for health information details.
    Port
    Associated network port identifier.
    Interfaces
    ID of each network interface assigned to the iSCSI node. The interface defines the IP address for the node and allows it to communicate with the network and hosts.
    Manage network interfaces explains how to configure network interfaces on the system.

    View iSCSI nodes

    View details about iSCSI nodes. You can filter on the iSCSI node ID.

    The show action command explains how to change the output format.
    Format
    /net/iscsi/node [–id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of an iSCSI node.
    Example

    The following command lists all iSCSI nodes on the system:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/node show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID           = ISCSIN_1
           Alias        = MyISCSIserver1
           IQN          = iqn.1992-05.com.emc:fcnch0821001340000-1         
           Health state = OK (5)
           SP           = SPA
           Port         = eth0_SPA
           Interfaces   = IF_1,IF_2
    
    2:     ID           = ISCSIN_2
           Name         = MyISCSIserver2
           IQN          = iqn.1992-05.com.emc:fcnch0821001340001-1          
           Health state = OK (5)
           SP           = SPA
           Port         = eth1_SPA
           Interfaces   = IF_3
                            

    Change iSCSI node settings

    Change the network interface alias assigned to the node.

    Format
    /net/iscsi/node –id <value> set -alias <value>
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the iSCSI node to change.
    Action qualifier
    Qualifier
    Description
    -alias
    User-friendly name that identifies the iSCSI node.
    Example

    The following command assigns an alias to the ISCSIN_1 node:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/iscsi/node -id ISCSIN_1 set -alias “My iSCSI node”
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = ISCSIN_1
    Operation completed successfully.
    
                            

    Manage Ethernet ports

    View and change the settings for the network ports on each SP.

    The following table describes the port attributes.

    Table 20. Network port attributes
    Attribute
    Description
    ID
    ID of the port.
    Name
    Name of the port.
    SP
    Name of the SP on which the port resides. Value is SPA or SPB.
    Protocols
    Types of protocols the port supports. Value is one of the following:
    • mgmt — Management interface.
    • file — Network interface for Windows (SMB) and Linux/UNIX (NFS) storage.
    • iscsi — iSCSI interface for iSCSI storage.
    Manage network interfaces explains how to configure network interfaces on the system.
    MTU size
    Maximum transmission unit (MTU) packet size (in bytes) that the port can transmit. Default is 1500 bytes per packet.
    Requested MTU size
    MTU size set by the user.
    Available MTU size
    List of available MTU sizes.
    Speed
    Current link speed of the port.
    Requested speed
    Link speed set by the user.
    Available speeds
    List of available speed values.
    Health state
    Health state of the port. The health state code appears in parentheses. Value is one of the following:
    • Unknown (0) — Status is unknown.
    • OK (5) — Port is operating normally.
    • OK BUT (7) — Lost communication, but the port is not in use.
    • Minor failure (15) — Lost communication. Check the network connection and connected cables.
    • Major failure (20) — Port has failed. Replace the SP that contains the port.
    Health details
    Additional health information. See Appendix A, Reference, for health information details.
    Aggregated port ID
    If the port is in a link aggregation, the ID of the link aggregation appears. Manage link aggregations explains how to configure link aggregations on the SP ports.
    Connector type
    Physical connector type. Valid values are:
    • unknown
    • RJ45
    • LC
    • MiniSAS_HD
    • CopperPigtail
    • NoSeparableConnector
    MAC address
    Unique identifier assigned to a network device for communications on a network segment.
    SFP supported speeds
    List of supported speed values of the inserted Small Form-factor Pluggable.
    SFP supported protocols
    List of supported protocols of the inserted Small Form-factor Pluggable. Valid values are:
    • unknown
    • FibreChannel
    • Ethernet
    • SAS

    View Ethernet port settings

    View details about the network ports. You can filter on the port ID.

    The show action command explains how to change the output format.
    Format
    /net/port/eth [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the port.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/eth show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:    ID                      = spa_eth2
          Name                    = SP A Ethernet Port 2
          SP                      = spa
          Protocols               = file, net, iscsi
          MTU size                = 4500
          Requested MTU size      = 4500
          Available MTU sizes     = 1280-9216
          Linux device name       = eth2
          Speed                   = 1 Gbps
          Requested speed         = auto
          Available speeds        = 1 Gbps, 10 Gbps, 100 Mbps, auto
          Health state            = OK (5)
          Health details          = "The port is operating normally."
          Aggregated port ID      = None
          FSN port ID             = None
          Connector type          = RJ45
          MAC address             = 00:60:16:7A:7F:CF
          SFP supported speeds    =
          SFP supported protocols =
    
    2:    ID                      = spa_eth3
          Name                    = SP A Ethernet Port 3
          SP                      = spa
          Protocols               = file, net, iscsi
          MTU size                = 1500
          Requested MTU size      = 1500
          Available MTU sizes     = 1500, 9000
          Linux device name       = eth3
          Speed                   = 1 Gbps
          Requested speed         = auto
          Available speeds        = 1 Gbps, 10 Gbps, 100 Mbps, auto
          Health state            = OK (5)
          Health details          = "The port is operating normally."
          Aggregated port ID      = None
          FSN port ID             = None
          Connector type          = RJ45
          MAC address             = 00:60:16:7A:7F:CE
          SFP supported speeds    =
          SFP supported protocols =
                            

    Change Ethernet port settings

    The new settings are applied to a pair of symmetrical ports on dual SP systems.

    Change the maximum transmission unit size and port speed for an Ethernet port.

    Format
    /net/port/eth -id <value> set [-mtuSize <value>] [-speed <value>]
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the network port.
    Action qualifier
    Qualifier
    Description
    -mtuSize
    Type the maximum transmission unit packet size (in bytes) for the port:
    • If an Ethernet port carries File interfaces only, the MTU size can be set to a custom value between 1280 and 9216.
    • If an Ethernet port carries iSCSI interfaces, the allowed MTU sizes are 1500 and 9000.
    Specific I/O modules may also restrict allowed range for MTU size value. The MTU size values of 1500 bytes (default) and 9000 bytes (jumbo frame) are supported by all interfaces and I/O modules.
    -speed
    Type the port speed.
    Example

    The following command sets the MTU size for Ethernet port 0 (eth0) on SP A to 9000 bytes:

    uemcli /net/port/eth –id spa_eth0 set –mtuSize 9000
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = spa_eth0
    ID = spb_eth0
    Operation completed successfully.
                            

    Manage SAS ports (physical deployments only)

    View the settings for the SAS ports on each SP. The following table describes the port attributes.

    Table 21. SAS port attributes
    Attribute
    Description
    ID
    ID of the port.
    Name
    Name of the port.
    SP
    Name of the SP on which the port resides. Valid values are:
    • spa
    • spb
    Speed
    Current link speed of the port.
    Health state
    Health state of the port. The health state code appears in parentheses. Valid values are:
    • Unknown (0) — Status is unknown.
    • OK (5) — Port is operating normally.
    • OK BUT (7) — Lost communication, but the port is not in use.
    • Minor failure (15) — Lost communication. Check the network connection and connected cables.
    • Major failure (20) — Port has failed. Replace the SP that contains the port.
    Health details
    Additional health information. See Health details for health information details.
    Connector type
    Physical connector type. Valid values are:
    • unknown
    • RJ45
    • LC
    • MiniSAS_HD
    • CopperPigtail
    • NoSeparableConnector

    View SAS settings

    View details about the SAS ports. You can filter on the port ID.

    The show action command explains how to change the output format.
    Format
    /net/port/sas [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the port.
    Example
    uemcli /net/port/sas show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID           = spa_sas0
           Name         = SP A SAS Port 0
           SP           = spa
           Speed        = 
           Health state = OK_BUT (7)
    
    2:     ID           = spa_sas1
           Name         = SP A SAS Port 1
           SP           = spa
           Speed        = 6 Gbps
           Health state = OK (5)
                            

    Manage FC ports

    View and change the settings for the FC ports on each SP.

    The following table describes the port attributes.

    Table 22. FC port attributes
    Attribute
    Description
    ID
    ID of the port.
    Name
    Name of the port.
    SP
    Name of the SP on which the port resides.
    WWN
    World Wide Name (WWN) of the port.
    Speed
    Current link speed of the port.
    Requested speed
    Link speed set by the user.
    Available speed
    List of available speed values.
    Health state
    Health state of the port. The health state code appears in parentheses. Value is one of the following:
    • Unknown (0) — Status is unknown.
    • OK (5) — Port is operating normally.
    • OK BUT (7) — Lost communication, but the port is not in use.
    • Minor failure (15) — Lost communication. Check the network connection and connected cables.
    • Major failure (20) — Port has failed. Replace the SP that contains the port.
    Health details
    Additional health information. See Appendix A, Reference, for health information details.
    Connector type
    Physical connector type. Valid values are:
    • unknown
    • RJ45
    • LC
    • MiniSAS_HD
    • CopperPigtail
    • NoSeparableConnector
    SFP supported speeds
    List of supported speed values of the inserted Small Form-factor Pluggable.
    SFP supported protocols
    List of supported protocols of the inserted Small Form-factor Pluggable. Valid values are:
    • unknown
    • FibreChannel
    • Ethernet
    • SAS
    Replication capability
    Type of replication capability. Valid values are:
    • Sync replication
    • RecoverPoint

    View FC port settings

    View details about the FC ports. You can filter on the port ID.

    Format
    /net/port/fc [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the port.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/fc show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID                      = spa_fc4
           Name                    = SP A FC Port 4
           SP                      = spa
           WWN                     = 50:06:BD:01:60:05:8E:50:06:01:64:3D:E0:05:8E
           Speed                   = 1 Gbps
           Requested speed         = auto
           Available speeds        = 4 Gbps, 8 Gbps, 16 Gbps, auto
           Health state            = OK (5)
           Health details          = "The port is operating normally."
           SFP supported speeds    = 4 Gbps, 8 Gbps, 16 Gbps
           SFP supported protocols = FibreChannel
           Replication capability  = Sync replication
           SFP supported mode      = Multimode
                            

    Change port settings

    Change the speed for an FC port.

    Format
    /net/port/fc -id <value> set -speed <value>
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the FC port.
    Action qualifier
    Qualifier
    Description
    -speed
    Type the port speed.
    Example

    The following command sets the speed for FC port fc1 on SP A to 1 Gbps:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/fc –id spa_fc1 set –speed 1Gbps
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = spa_fc1
    Operation completed successfully.
                            

    Manage uncommitted ports

    This command is used to manage uncommitted network ports.

    Uncommitted ports must be initialized in order to be used by the system. Use the CLI to view information on the uncommitted and removed system Small Form-factor Pluggable (SFP) ports.

    Table 23. Uncommitted port attributes
    Attribute
    Description
    ID
    Port identifier.
    Name
    Port name.
    SP
    Storage processor on which the port resides.
    Health state
    Current health state of the port. Valid states are:
    • Unknown (0) — Status is unknown.
    • OK (5)—The Uncommitted port is uninitialized. It needs to be committed before it can be used.
    • OK (5)—The Small Form-factor Pluggable (SFP) module in this Uncommitted port has been removed. Since the port is not in use, no action is required.
    Health details
    Additional health information.
    Connector type
    Physical connector type associated with the uncommitted port. Valid values are:
    • unknown
    • RJ45
    • LC
    • MiniSAS_HD
    • CopperPigtail
    • NoSeparableConnector
    SFP supported speeds
    List of supported speed values of the inserted SFP.
    SFP supported protocols
    List of supported protocols of the inserted SFP. Valid values are:
    • unknown
    • FibreChannel
    • Ethernet

    View uncommitted ports

    Use this command to view a list of uncommitted ports on the system.

    View details about uncommited ports.

    Format
    /net/port/unc [-id <value>] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the port.
    Example
    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/port/unc show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    
    1:    ID                      = spb_unc5
          Name                    = SP B Uncommitted Port 5
          SP                      = spb
          Health state            = OK (5)
          Health details          = "The Small Form-factor Pluggable (SFP) module in this Uncommitted port has been removed. Since the port is not in use, no action is required."
          Connector type          = LC
          SFP supported speeds    =
          SFP supported protocols =
    
    2:    ID                      = spa_unc5
          Name                    = SP A Uncommitted Port 5
          SP                      = spa
          Health state            = OK (5)
          Health details          = "The Uncommitted port is uninitialized. It needs to be committed before it can be used."
          Connector type          = LC
          SFP supported speeds    = 10 Gbps
          SFP supported protocols = Ethernet
    
    3:    ID                      = spb_iom_1_unc0
          Name                    = SP B I/O Module 1 Uncommitted Port 0
          SP                      = spb
          Health state            = OK (5)
          Health details          = "The Uncommitted port is uninitialized. It needs to be committed before it can be used."
          Connector type          = RJ45
          SFP supported speeds    =
          SFP supported protocols =
    
                            

    Manage Management network interfaces

    Configure management network interfaces to remotely manage and monitor the system, the network, and configured hosts. Specify the IP address for the interface as well as the IP addresses for the subnet mask and gateway. View details about existing management interfaces configured on the system through the Connection Utility. Each management interface is identified by its IP protocol version. IPv4 and IPv6 can be configured, independently of each other, at the same time, but they cannot both be disabled at the same time. The netmask can be specified with the appropriate prefix length, separated from the IP address with a /, such as 10.0.0.1/24. This is optional for IPv4, but required for IPv6. There can be up to five IPv6 addresses assigned automatically. Only one IPv6 address can be set manually.

    The following table lists the interface attributes with a description of each.

    Table 24. Interface attributes
    Attribute
    Description
    IP protocol version
    IP protocol version. Valid values are:
    • ipv4
    • ipv6
    Address origin
    IP settings origin. Valid values are:
    • disabled— Indicates the interface is disabled.
    • automatic— Indicates the IP attributes are set automatically by DHCP or SLAAC (IPv6 only).
    • static— Indicates the IP attributes are set manually.
    IP address
    IPv4 or IPv6 address.
    Subnet mask
    IPv4 subnet mask.
    Gateway
    IPv4 or IPv6 gateway.
    MAC address
    MAC address associated with the interface.

    View management interfaces

    View a list of interfaces on the system. You can filter on the interface ID.

    Format
    /net/if/mgmt show
    Example

    The following command displays all management interfaces on the system:

    uemcli /net/if/mgmt show
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     IP protocol version = ipv4
           Address origin      = static
           IP address          = 10.0.0.1
           Subnet mask         = 255.255.255.0
           Gateway             = 10.0.0.2
    
    2:     IP protocol version = ipv6
           Address origin      = automatic
           IP address          = 3ffe:80c0:22c:4e:a:0:2:7f/64
           Subnet mask         = 
           Gateway             = 3ffe
                            

    Change interface settings

    Change the settings for an interface.

    Format
    /net/if/mgmt set { -ipv4 | -ipv6 } {disabled | automatic | static [-addr <value>] [-netmask <value>] [-gateway <value>] }
    Action qualifier
    Qualifier
    Description
    -ipv4
    Specifies the IPv4 origin. Value is one of the following:
    • disabled — Indicates the interface is disabled.
    • automatic — Indicates the IP attributes are set automatically by DHCP.
    • static — Indicates the IP attributes are set manually
    -ipv6
    Specifies the IPv6 origin. Value is one of the following:
    • disabled — Indicates the interface is disabled.
    • automatic — Indicates the IP attributes are set automatically by DHCP. or SLAAC.Multiple addresses are possible
    • static — Indicates the IP attributes are set manually.
    -addr
    Specifies the IPv4 or IPv6 address of the interface. Optionally, you can also specify the prefix length in the following format: <IP address>/<prefix length> .
    The default prefix length for IPv6 is 64.
    -netmask
    Specifies the IPv4 subnet mask for the interface.
    This is optional if you specify the prefix length in the -addr attribute.
    -gateway
    Specifies the IPv4 or IPv6 gateway for the interface.
    Example

    The following command changes the IP address, the netmask, and the gateway for interface IF_1:

    uemcli /net/if/mgmt set -ipv4 static -addr 192.168.1.1 -netmask 255.255.255.0 -gateway 192.168.1.2
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
    
                            

    Manage network interfaces

    Create interfaces to enable and control access between the system, the network, and configured hosts. Specify the IP address for the interface as well as the IP addresses for the subnet mask and gateway.

    You can create the following types of interfaces:

    • iSCSI interfaces for controlling access to iSCSI storage. You assign the interface to an iSCSI node.
    • Replication interfaces for replication-related data or management traffic.

    The system configures each interface on a pair of symmetrical SP ports. The interface can be moved between SPs. You have the option of indicating which SP the interface will use, either a physical port or a link aggregation port. You also have the option of specifying a virtual LAN (VLAN) ID, for communicating with VLAN networks.

    Each interface is identified by an ID.

    The following table lists the interface attributes with a description of each.

    Table 25. Interface attributes
    Attribute
    Description
    ID
    ID of the interface.
    Type
    Interface type. Value is one of the following:
    • iscsi — Interface for iSCSI storage.
    • replication — Interface for replication-related data or management traffic.
    Port
    ID of the physical port or link aggregation on an SP on which the interface is running. The ID includes the port name and SP name.
    VLAN ID
    Virtual local area network (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1-4095.
    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details about VLANs.
    IP address
    IPv4 or IPv6 address.
    Subnet mask
    IPv4 subnet mask.
    Gateway
    IPv4 or IPv6 gateway.
    MAC address
    MAC address of the interface.
    SP
    SP that uses the interface.
    Health state
    A numerical value indicating the health of the system. Value is one of the following:
    • Unknown (0)
    • OK (5)
    • OK BUT (7)
    • Degraded/Warning (10)
    • Minor failure (15)
    • Major failure (20)
    Health details
    Additional health information.

    Create interfaces

    Create an interface.

    Format
    /net/if create [ -async ] [-vlanId <value>] -type { iscsi | replication} -port <value> -addr <value> [-netmask <value>] [-gateway <value>]
    Action qualifier
    Qualifier
    Description
    -async
    Run the creation operation in asynchronous mode.
    -type
    Specify the interface type. Value is one of the following:
    • iscsi — Interface for iSCSI storage.
    • replication — Interface for replication-related data or management traffic.
    -port
    Specify the ID of the SP port or link aggregation that will use the interface.
    For systems with two SPs, a file interface is created on a pair of symmetric Ethernet ports rather than on a single specified port. Its current port is defined by NAS server SP and may differ from the specified port. For example, if the user specifies port spa_eth2, but the NAS server is on SP B, the interface is created on port spb_eth2.
    -vlanId
    Specify the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details about VLANs.
    -addr
    Specify the IP address for the interface. The prefix length should be appended to the IPv6 address and, if omitted, will default to 64. For IPv4 addresses, the default length is 24. The IPv4 netmask may be specified in address attribute after slash.
    -netmask
    Specify the subnet mask for the interface.
    This qualifier is not required if the prefix length is specified in the -addr attribute.
    -gateway
    Specify the gateway for the interface.
    This qualifier configures the default gateway for the specified port’s SP.
    Example

    The following command creates a replication interface. The interface receives the ID IF_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if create -type replication -port eth1_spb -addr 10.0.0.1 -netmask 255.255.255.0 -gateway 10.0.0.1
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = IF_1
    Operation completed successfully.
                            

    View interfaces

    View a list of interfaces on the system. You can filter on the interface ID.

    The show action command explains how to change the output format.
    Format
    /net/if [ {-id <value> | -port <value> | -type <value>} ] show
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of an interface.
    -port
    Type the port the interface is associated with.
    -type
    Specify the type of the interface. Valid values are:
    • iscsi
    • replication
    Example

    The following command displays the details of all interfaces on the system.

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID                      = if_0
           Type                    = file
           NAS server              = nas_0
           Port                    = eth0_spa
           VLAN ID                 = 0
           IP address              = 3ffe:80c0:22c:4e:a:0:2:7f/64
           Subnet mask             = 
           Gateway                 = fe80::20a8bff:fe5a:967c
           IPv4 mode               = 
           IPv4 address            = 
           IPv4 subnet mask        = 
           IPv4 gateway            = 
           IPv6 mode               = static
           IPv6 address            = 3ffe:80c0:22c:4e:a:0:2:7f/64
           IPv6 link-local address = 
           IPv6 gateway            = fe80::20a8bff:fe5a:967c
           MAC address             = EA:3E:22:3F:0C:62
           SP                      = spa
           Preferred               = yes
    
    2:     ID                      = if_1
           Type                    = file
           NAS server              = nas_1
           Port                    = eth1_spb
           VLAN ID                 = 1
           IP address              = 192.168.1.2
           Subnet mask             = 255.255.255.0
           Gateway                 = 192.168.1.254
           IPv4 mode               = static
           IPv4 address            = 192.168.1.2
           IPv4 subnet mask        = 255.255.255.0
           IPv4 gateway            = 192.168.1.254
           IPv6 mode               = 
           IPv6 address            = 
           IPv6 link-local address = 
           IPv6 gateway            = 
           MAC address             = EA:3E:22:21:7A:78
           SP                      = spa
           Preferred               = yes
    
    3:     ID                      = if_2
           Type                    = replication
           NAS server              =
           Port                    = eth1_spb
           VLAN ID                 =
           IP address              = 10.103.75.56
           Subnet mask             = 255.255.248.0
           Gateway                 = 10.103.72.1
           IPv4 mode               = static
           IPv4 address            = 10.103.75.56
           IPv4 subnet mask        = 255.255.248.0
           IPv4 gateway            = 10.103.72.1
           IPv6 mode               =
           IPv6 address            =
           IPv6 gateway            =
           MAC address             = EA:3E:22:6D:BA:40
           SP                      = spb
           Preferred               = no
                            

    Change interface settings

    Change the settings for an interface.

    Format
    /net/if -id <value> set [-vlanId <value>] [-addr <value>] [-netmask <value>] [-gateway <value>]
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the interface to change.
    Action qualifier
    Qualifier
    Description
    -vlanId
    Type the virtual LAN (VLAN) ID for the interface. The interface uses the ID to accept packets that have VLAN tags. The value range is 1–4095.
    If no VLAN ID is specified, which is the default, packets do not have VLAN tags. The Unisphere online help provides more details on VLANs.
    -addr
    Specify the IP address for the interface.
    The prefix length should be appended to the IPv6 address. The IPv4 netmask may be specified in address attribute after the slash.
    -netmask
    Specify the IPv4 subnet mask for the interface.
    -gateway
    Specify the gateway for the interface.
    The gateway is optional for both IPv4 and IPv6. This qualifier configures the default gateway for the specified port’s SP.
    Example

    The following command changes the gateway address for interface IF_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456!/net/if –id IF_1 set -gateway 2001:db8:0:170:a:0:2:70
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = IF_1
    Operation completed successfully.
                            

    Delete interfaces

    Delete an interface.

    Deleting an interface can break the connection between systems that use it, such as configured hosts.
    Format
    /net/if –id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the interface to delete.
    Example

    The following command deletes interface IF_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/if –id IF_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage static IP routes

    A route determines where to forward a packet destined for a non-local subnet so it can reach its destination, whether that destination is a network or host. A static IP route is a host, network, or default route that is configured manually.

    The system selects a route in order from most specific to least specific, as follows:

    1. Host (most specific)
    2. Network
    3. Default (least specific)
    An IP route connects an interface (IP address) to the larger network through a gateway. Without the route, the interface is no longer accessible outside its immediate subnet. As a result, network shares and exports associated with the interface are no longer available to clients outside of its immediate subnet.

    Each route is identified by an ID.

    The following table describes the attributes for static IP routes.

    Table 26. Static IP route attributes
    Attribute
    Description
    ID
    ID of the route.
    Interface ID
    ID of the interface the route uses to reach the gateway. The interface is associated with a SP. View interfaces explains how to view the network interface IDs.
    Route type
    Type of route. Valid values are:
    • default — Default gateway the system uses when it cannot find a route to a connected node.
    • host — Static route to a specific host.
    • net — Static route to a subnet IP address.
    Target
    IP address of the target network node based on the specified route type. Valid values are:
    • For default, there is no value, as the system will use the specified gateway IP address.
    • For host, the value is the IP address of the host.
    • For net, the value is a subnet IP address.
    Netmask
    For a subnet route, the IP address of the subnet mask.
    Gateway
    IP address of the gateway.
    Health state

    A numerical value indicating the health of the system. Valid values are:

    • Unknown (0)
    • OK (5)
    • OK BUT (7)
    • Degraded/Warning (10)
    • Minor failure (15)
    • Major failure (20)
    Health details
    Additional health information. See Appendix A, Reference, for health information details.

    Create IP routes

    Create an IP route.

    To change a route, delete it and re-create it with the new settings.
    Format
    /net/route create -if <value> -type {default | host -target <value> | net -target <value> [-netmask <value>]} [-gateway <value>]
    Action qualifier
    Qualifier
    Description
    -if
    Type the ID of the interface that the route will use to reach the gateway. View interfaces explains how to view the network interface IDs.
    The system may not use the interface you type for the route. The system determines the best interface for the route automatically.
    -type
    Type the type of route. Value is one of the following:
    • default — System uses the default gateway when it cannot find a route to a connected node.
    • host — Create a route to a host.
    • net — Create a route to a subnet.
    -target
    Type the IP address for the target network node based on the value of -type. Value is one of the following:
    • For default, the system will use the IP address specified for -gateway.
    • For host, type the IP address of a target host.
    • For net, type the IP address of a target subnet. Include the -netmask qualifier to specify the IP address of the subnet mask.
    -netmask
    For a route to a subnet, type the IP address of the subnet mask.
    -gateway
    Type the gateway IP address for the route.
    Example

    The following command creates a network route for interface if_1 to reach the 10.64.74.x subnet using gateway 10.64.74.1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route create –if IF_1 –type net –target 10.64.200.10 netmask 255.255.255.0 –gateway 10.64.74.1
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    ID = RT_1
    Operation completed successfully.
                            

    View IP routes

    View details about IP routes. You can filter on the route ID.

    The show action command explains how to change the output format.
    Format
    /net/route [ {-id <value> | -if <value>} ] show
    Object qualifier
    Qualifier
    Description
    -id
    Specifies the ID of a route.
    -if
    Specifies the network interface for which you want to return routes.
    Example

    The following command displays details of the IP routes RT_1, RT_2, and RT_3:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route show -detail
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    1:     ID           = RT_1
           Type         = net
           Target       = 10.64.74.10
           Netmask      = 255.255.255.0
           Gateway      = 10.0.0.1
           Interface    = IF_1
           Health state = OK (5)
    
    2:     ID           = RT_2
           Type         = default
           Target       =
           Netmask      =
           Gateway      = 10.64.74.2
           Interface    = IF_2
           Health state = OK (5)
    
    3:     ID           = RT_3
           Type         = host
           Target       = 10.64.74.168
           Netmask      =
           Gateway      = 10.0.0.3
           Interface    = IF_3
           Health state = OK (5)
    
                            

    Change IP routes

    Modify an existing IP route.

    Format
    /net/route set route -id <value> set [-type {default | host | net}] [-target <value> [-netmask <value>]] [-gateway <value>]
    Object qualifier
    Qualifier
    Description
    -id
    Identifies the route object.
    Action qualifier
    Qualifier
    Description
    -type
    Specify the type of route. Only one default IPv4 route instance is allowed. Valid values are (case-insensitive):
    • default — System uses the default gateway when it cannot find a more specific host or network route.
    • host — Create a route to a host.
    • net — Create a route to a subnet.
    -target
    Specify the destination IP address or a range of IP addresses. If the route type is:
    • host, the value is an IP address of the host.
    • net, the value is a subnet IP address with the following format: <IPv4 address>/[<prefix length>] or <IPv6 address>/[<prefix length>].

    Default prefix length is 24 for IPv4 address and 64 for IPv6 address.

    Valid values are:

    • For a default route, the system uses the IP address specified for -gateway.
    • For a host route, specify the IP address of a target host.
    • For a net route, specify the IP address of a target subnet. Include the -netmask qualifier to specify the IP address of the subnet mask.
    -netmask
    For a route to a subnet, type the IP address of the subnet mask.
    -gateway
    Specify the gateway IP address for the route.
    Example

    The following command changes the target IP address to 10.64.200.11, the netmask to 255.255.255.0, and the gateway to 10.64.74.2 for IP route RT_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route -id RT_1 set -target 10.64.200.11 ‑netmask 255.255.255.0 -gateway 10.64.74.2
                              Storage system address: 10.64.75.201
    Storage system port: 443
    HTTPS connection
    
    ID = RT_1
    Operation completed successfully.
    
                            

    Delete IP routes

    Delete an IP route.

    Format
    /net/route –id <value> delete
    Object qualifier
    Qualifier
    Description
    -id
    Type the ID of the route to delete.
    Example

    The following command deletes route RT_1:

    uemcli -d 10.0.0.1 -u Local/joe -p MyPassword456! /net/route –id RT_1 delete
                              Storage system address: 10.0.0.1
    Storage system port: 443
    HTTPS connection
    
    Operation completed successfully.
                            

    Manage link aggregations

    Link aggregation lets you link physical ports (for example, port 0 and port 1) on a SP to a single logical port and therefore lets you use up to four Ethernet ports on the SP. If your system has two SPs, and you link two physical ports, the same ports on both SPs are linked for redundancy. For example, if you link port 0 and port 1, the system creates a link aggregation for these ports on SP A and a link aggregation on SP B.

    Each link aggregation is identified by an ID.

    The cabling on SP A must be identical to the cabling on SP B, or you cannot configure link aggregation.

    Link aggregation has the following advantages:

    • Increases overall throughput since two physical ports are linked into one logical port.
    • Provides basic load balancing across linked ports since the network traffic is distributed across multiple physical ports.
    • Provides redundant ports so that if one port in a linked pair fails, the system does not lose connectivity.
    With link aggregation, both linked ports must be connected to the same switch and the switch must be configured to use link aggregation that uses the Link Aggregation Control Protocol (LACP). The documentation that came with your switch should provide more information on using LACP.

    The Unisphere online help provides more details on cabling the SPs to the disk-array enclosures (DAEs).

    The following table describes the attributes for link aggregation.

    Table 27. Link aggregation attributes
    Attribute
    Description
    ID
    ID of the link aggregation. The ID is a combination of the link ID and the SP that contains the linked ports.
    Ports
    IDs of the linked physical ports. The port names include the name of the SP that contains the ports.
    SP
    Name of the SP on which the ports are linked. Valid values are:
    • SPA
    • SPB
    MTU size
    Maximum transmission unit (MTU) packet size (in bytes) for the linked ports. Default is 1500 bytes per packet.
    Linux device name
    Linux network device name.
    FSN port ID
    ID of the FSN port to which the link aggregation belongs, if it is part of an FSN.
    Available MTU size
    List of available MTU sizes.
    Health state
    Health state of the link aggregation. The health state code appears in parentheses. Value is one of the following:
    • Unknown (0) — Status is unknown.
    • OK (5) — Working correctly.
    • OK BUT (7) — Lost connection, but the link aggregation is not in use.
    • Degraded/Warning (10) — Working and performing all functions, but the performance may not be optimum.
    • Minor failure (15) — Working and performing all functions, but overall performance is degraded. This condition has a minor impact on the system and should be remedied at some point, but does not