Table of Contents
The snapmirror.access option is the preferred method for controlling snapmirror access on a snapmirror source filer. See na_options(1) and na_protocolaccess (8) for information on setting the option. If the option snapmirror.access is set to "legacy", the snapmirror.allow file defines the access permissions.
The snapmirror.allow file exists on the source filer used for SnapMirror. It contains a list of allowed destination filers to which you can replicate volumes or qtrees from that filer.
The file format is line-based. Each line consists of the hostname of the allowed destination filer.
The snapmirror.checkip.enable option controls how the allow check is performed. When the option is off, which is the default, the entries in the allow file must match the hostname of the destination filer as reported by the hostname command. When the option is on, the source filer resolves the names in the snapmirror.allow to IP addresses and then checks for a match with the IP address of the requesting destination filer. In this mode, literal IPv4 addresses (e.g. 188.8.131.52), literal IPv6 addresses (e.g. fe:dc:ba:98:76:54:32:10) and fully qualified names (e.g. toaster.acme.com) may be valid entries in the allow file.
Note that the allow file entry must map to the IP address of the originating network interface on the destination filer. For example, if the request comes from the IP address of a Gbit Ethernet interface e10 which is given the name "toaster-e10", then the allow file must contain "toaster-e10" or "toaster-e10.acme.com" so the name resolves to the correct IP address.
A local snapmirror, between two volumes or qtrees on the same filer, does not require an entry in the allow file.
Table of Contents