Go to main content
Oracle® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Exit Print View

Updated: July 2017
 
 

iSCSI Configuration

When you configure a LUN on the appliance you can export that volume over an Internet Small Computer System Interface (iSCSI) target. The iSCSI service allows iSCSI initiators to access targets using the iSCSI protocol.

The service supports discovery, management, and configuration using the iSNS protocol. The iSCSI service supports both unidirectional (target authenticates initiator) and bidirectional (target and initiator authenticate each other) authentication using CHAP. Additionally, the service supports CHAP authentication data management in a RADIUS database.

The system performs authentication first, and authorization second, in two independent steps.

Note -  For examples of configuring iSCSI initiators and targets, see Configuring Storage Area Network (SAN).
Table 53  iSCSI Service Properties
Property
Description
Use iSNS
Whether iSNS discovery is enabled
iSNS Server
An iSNS server
Use RADIUS
Whether RADIUS is enabled
RADIUS Server
A RADIUS server
RADIUS Server Secret
The RADIUS server's secret

If the local initiator has a CHAP name and a CHAP secret, the system performs authentication. If the local initiator does not have the CHAP properties, the system does not perform any authentication and therefore all initiators are eligible for authorization.

The iSCSI service allows you to specify a global list of initiators that you can use within initiator groups.

If your initiator cannot connect to your target:

  • Make sure the IQN of the initiator matches the IQN identified in the initiators list.

  • Check that IP address of iSNS server is correct and that the iSNS server is configured.

  • Check that the IP address of the target is correct on the initiator side.

  • Check that initiator CHAP names and secrets match on both sides.

  • Make sure that the target CHAP name and secret do not match those of any of the initiators.

  • Check that the IP address and secret of the RADIUS server are correct, and that the RADIUS server is configured.

  • Check that the initiator accessing the LUN is a member of that LUN's initiator group.

  • Check that the targets exporting that LUN are online.

  • Check that the LUN's operational status is online.

  • Check the logical unit number for each LUN.

If, during the failover / failbacks, the iSER Reduced Copy I/Os from the Red Hat client are not surviving, modify the node.session.timeo.replacement_timeout parameter in the /etc/iscsi/iscsid.conf file to 300sec.

Related Topics

  • Setting Service Properties BUI, CLI

Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next