- Use Robocopy to copy only ACLs.
- Use Secure Copy from Quest.
- Use a utility called Security Explorer from ScriptLogic.
Monday, June 12, 2006
Copying ACLs without copying data
There are a few options:
Data ONTAP 7.2 and CIFS permissions
Prior to Data ONTAP 7.2, a few issues could arise when dealing with unix/mixed qtrees and files with Unix permissions:
The solution:A new option called cifs.preserve_unix_security [on|off]
Dr. Toaster recommends: Read more in Data ONTAP 7.2 Commands: Manual Page Reference, Volume 1, search for cifs.preserve_unix_security.
- Unix permissions are lost when using Microsoft Office applications to rewrite files (the new Unix permissions are inherited from the parent folder).
- Windows file/directory Properties does not show the Security tab for unix-style qtrees.
The solution:A new option called cifs.preserve_unix_security [on|off]
Dr. Toaster recommends: Read more in Data ONTAP 7.2 Commands: Manual Page Reference, Volume 1, search for cifs.preserve_unix_security.
Tuesday, June 06, 2006
Changing RMC IP Address
The task: Changing IP address for the RMC card
The steps:
Run:
This wizard will ask for the IP of the RMC card.
The steps:
Run:
rmc setup
This wizard will ask for the IP of the RMC card.
Thursday, June 01, 2006
Configure EtherChannel trunking and VLAN tagging with Cisco 3560
The task: Configure a redundant networking setup between a NetApp filer and a Cisco switch running IOS.
The steps:
1. Pick 2 or more switch ports you would like to trunk together.
2. Configure the switch ports to use 802.1q standard:
3. Make sure that the channel-group mode is set to on and not desired which is the default.
4. Configure the filer to use a multi vif, and then configure VLAN tagged interfaces on top of the vif:
Note: In this example VLAN id 101 is used.
From /etc/rc:
Dr. Toaster Recommends:
The steps:
1. Pick 2 or more switch ports you would like to trunk together.
2. Configure the switch ports to use 802.1q standard:
conf t
interface gigabitEthernet 0/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
no ip address
3. Make sure that the channel-group mode is set to on and not desired which is the default.
4. Configure the filer to use a multi vif, and then configure VLAN tagged interfaces on top of the vif:
Note: In this example VLAN id 101 is used.
From /etc/rc:
vif create multi vif0 e4a e5a
vlan create -g vif0 101
ifconfig vif0-101 ... ...
...
Dr. Toaster Recommends:
- Avoid using VLAN id 1 - The filer expects tagging of all Ethernet frames, yet some switches are configured to not tag VLAN id 1.
- Naming conventions - I advise calling the trunks single0 and multi0 according to their type, and use names such as vif0 for any top-level trunk names.
Some customers prefer to call the interfaces by their tasks, for example iscsi or exchange.
Subscribe to:
Posts (Atom)