The only real difference between “mgmt” and “data” is default firewall policy associated with interface. You can always create custom policy and assign it to interface to fine tune it. The real question is - which ports need to open on LIF.
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Iluhes
Sent: Wednesday, March 04, 2015 4:13 AM
To: Parisi, Justin; Toasters
Subject: Re: showmount plugin for CMOD
Somehow my NFS lifs on one cluster are showingup under "mgmt" and on the one that showmount does not work are under "data"
This is what I wrote in previous email
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
SVM for NFS has one LIF: should it be considered "Data" or "mgmt"
Why one setup has at mgmt and one for data?
I moved one LIF from DATA to MGMT and showmount works, but should I leave it like this?
On Tuesday, March 3, 2015 6:56 PM, "Parisi, Justin" <Justin.Parisi@netapp.com> wrote:
You don’t use data LIFs for showmount plugin.
You use a vserver management LIF for it.
Management LIFs use management firewall policies, which allow http/https/ssh traffic.
::> firewall policy show -policy data
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
data
dns allow 0.0.0.0/0
http deny 0.0.0.0/0
https deny 0.0.0.0/0
mountd deny 0.0.0.0/0
ndmp allow 0.0.0.0/0
ntp deny 0.0.0.0/0
rsh deny 0.0.0.0/0
snmp deny 0.0.0.0/0
ssh deny 0.0.0.0/0
telnet deny 0.0.0.0/0
10 entries were displayed.
::> firewall policy show -policy mgmt
(system services firewall policy show)
Policy Service Action IP-List
---------------- ---------- ------ --------------------
mgmt
dns allow 0.0.0.0/0
http allow 0.0.0.0/0
https allow 0.0.0.0/0
mountd allow 0.0.0.0/0
ndmp allow 0.0.0.0/0
ntp allow 0.0.0.0/0
rsh deny 0.0.0.0/0
snmp allow 0.0.0.0/0
ssh allow 0.0.0.0/0
telnet deny 0.0.0.0/0
10 entries were displayed.
Vserver management LIF should use data protocol of “none” and a firewall policy of “mgmt”.
HTTP/HTTPS is needed to run the ZAPI calls for the tool.
From: Iluhes <iluhes@yahoo.com>
Reply-To: Iluhes <iluhes@yahoo.com>
Date: Tuesday, March 3, 2015 at 6:44 PM
To: "Toasters@teaparty.net" <Toasters@teaparty.net>
Subject: Re: showmount plugin for CMOD
it Iooks like on the cluster has ssh/http/https ports not opened the LIFS are showing up under
network interface show -firewall-policy data
And on the cluster that has ssh/http/https ports open the lifs are showing up under "mgmt"
network interface show -firewall-policy mgmt
Why and How it happened I have no idea?
Can someone recommend if that is right?
How should it fixed?
On Tuesday, March 3, 2015 5:26 PM, Iluhes <iluhes@yahoo.com> wrote:
I have installed and used showmount plug-in in the past.
But it does not work on new cluster and SVM's
I guess I forgeting a step..
I am asuming it is using ssh/http/https connection?
I see a difference in the ports between working and not
Am I correct? Do I need to enable some services?
Now working
PORT STATE SERVICE
111/tcp open rpcbind
2049/tcp open nfs
4045/tcp open lockd
10000/tcp open snet-sensor-mgmt
Working
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
2049/tcp open nfs
4045/tcp open lockd
10000/tcp open snet-sensor-mgmt