Servers will access iSCSI storage by communicating with iSCSI storage nodes in the server farm through 7100-Series ports configured with the server[iSCSI] policy role. This policy will allow forwarding of all TCP traffic on the iSCSI port 3260 with a CoS that provides low latency and high speed. It will also provide a bilateral set of rules that allow administrators to SSH to the switch on TCP port 22 and a destination rule to allow the node to SSH to another device.
The server[iSCSI] role is configured with:
Create the server[iSCSI] role on the Data Center Server Switch with a default action of deny all (PVID 0):
iSCSI(rw)->set policy profile 12 name “server[iSCSI]” pvid-status enable pvid 0
Allow the server farm storage nodes to communicate on TCP source port 3260 with a CoS 12 that prioritizes the traffic for low latency and high speed.
iSCSI(rw)->set policy rule 1 tcpsourceportIP 3260 mask 16 forward cos 12
Allow administrator access to the device using SSH on TCP source port 22 and the node to SSH to another device on TCP destination port 22.
set policy rule 1 tcpsourceportIP 22 mask 16 forward set policy rule 1 tcpsourceportIP 22 mask 16 forward
Apply this profile to ports tg.1.10-15.
set policy rule admin-profile port tg.1.10-15 mask 16 port-string tg.1.10-15 admin-pid 1
This completes the policy configuration for this school example.