Hi Kumar, On Thu, 2015-05-14 at 17:25 +0530, Kumar Vaibhav wrote: > Hi, > > I use iscsi targets for booting my 100 diskless servers. > > They are all identified uniquely based on their IP address (BIOS get > from DHCP). > > This was working well by having one target for each host and their > access is controlled by /etc/initiators.allow. > > > So When machine boots it gets IP from DHCP and based on its IP it can > see only one target and boot with the disk associated with the target. > > But in the new LIO implementation I cannot find any way to provide IP > address based Target access control. > > Is there anyway to do this? Or any workaround for this problem? As Thomas mentioned, access control with iscsi-target to individual TargetName+TargetPortalGroupTag endpoints is done using InitiatorName and/or CHAP authentication credentials. One option for your use-case would be use NIC aliases (eg: eth0:0) with specific IP addresses that are used as network portals to individual TargetName+TargetPortalGroupTag endpoints. This can be used in combination with iptables rules to limit traffic from a specific initiator IP to individual target endpoints containing the aliased network portal IPs. HTH. --nab -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
