Using ACLs In LUNs….

Access Control Lists (ACLs) restrict access to LUNs from remote systems. You can create an ACL for each initiator to enforce authentication when the initiator connects to the target. This allows you to give a specific initiator exclusive access to a specific target.

The following example uses the create command to create an ACL for an initiator. From the targetcli shell, begin by using the cd command to change to the acls directory within the <target/TGP> hierarchy.

/> cd iqn.2003-01.org.linux-iscsi.host02.x8664:sn.3abca38b994f/tpg1/acls

/iscsi/iqn.20… 94f/tpg1//acls>

The following command creates an ACL for the host03 initiator.

/iscsi/iqn.20… 94f/tpg1/acls> create iqn.2003-01.org.linux-iscsi.host02.x8664:sn.3abca38b994f:host03

Use the ls command to view the ACLs.

/iscsi/iqn.20… 94f/tpg1//acls> ls

o- acls ………………………………………. [ACLs: 2]

o- iqn.2003-01.org.linux-iscsi.host02.x8664:sn.3abca38b994f:host03 ….. [Mapped LUNs:2]

| o- mapped_lun1 ………………… [lun1 block/LUN_1 (rw)]

| o- mapped_lun2 ………………… [lun2 block/LUN_2 (rw)]