Chelsio Communications Terminator Series Installation And User Manual page 173

Chapter X. iSCSI PDU Offload Target
The format for ACL rule is as follows:
ACL=[iname=<initiator name>][;<sip=<source ip addresses>]
[;dip=<destination ip addresses>][;lun=<lun_list>:<permissions>]
target:
TargetName=iqn.2006-02.com.chelsio.diskarray.san1
TargetDevice=/dev/sda
PortalGroup=1@102.50.50.25:3260
PortalGroup=2@102.60.60.25:3260
# initiator "iqn.2006-02.com.chelsio.san1" is allowed
# full read-write access to this target
ACL=iname=iqn.2006-02.com.chelsio.san1
# any initiator from IP address 102.50.50.101 is allowed full
# read-write access of this target
ACL=sip=102.50.50.101
# any initiator connected via the target portal 102.60.60.25
# is allowed full read-write access to this target
ACL=dip=102.60.60.25
# initiator "iqn.2005-09.com.chelsio.san2" from 102.50.50.22
# and connected via the target portal 102.50.50.25 is allowed
# read only access of this target
ACL=iname=iqn.2006-
50.50.25;lun=ALL:R
ACL Enforcement
To toggle ACL enforcement on a per-target base, a Chelsio keyword
ACL_Enable=Yes
Setting
the initiators during login phase. And in addition, once the initiator has been authorized to
access the target, the access rights will be checked for each individual LU the initiator trying
to access.
Setting ACL_Enable=No
Chelsio Unified Wire for Linux
02.com.chelsio.san2;sip=102.50.50.22;dip=102.
enables the target to perform initiator authorization checking for all
disable the target to perform initiator authorization checking.
ACL_Enable is provided:
173