https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156166#M35237 <P>Hi,</P> <P>&nbsp;</P> <P>Before troubleshooting,&nbsp; first thing I want to ask :</P> <P>Is the export-policy enabled? (By-default it is disabled for cifs)&nbsp;</P> <P>&nbsp;</P> <P>According to the KB below:<BR /><STRONG><EM>Since 8.2, export policies have no effect&nbsp; on CIFS, </EM></STRONG>and only CIFS ACLs and share level permissions determine access. If you want <STRONG>ipbased</STRONG> (export policy based) access restrictions for cifs to apply, modify the corresponding advanced level cifs vserver option with cifs option modify on the cluster.</P> <P>&nbsp;</P> <P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_do_export-policies_work_in_clustered_Data_ONTAP%3F" target="_blank" rel="noopener">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_do_export-policies_work_in_clustered_Data_ONTAP%3F</A></P> <P>&nbsp;</P> <P>Go to advance level:</P> <P>&nbsp;</P> <P>::&gt; set adv<BR />Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.<BR />Do you want to continue? {y|n}: y</P> <P>&nbsp;</P> <P><STRONG>Check the current policy first:</STRONG></P> <P>::*&gt; vserver cifs options show -vserver &lt;vserver name&gt; -fields is-exportpolicy-enabled<BR />vserver is-exportpolicy-enabled<BR />------- - ----------------------<BR />&lt;vserver name&gt; false</P> <P>&nbsp;</P> <P><STRONG>Enable it:</STRONG></P> <P>::*&gt; vserver cifs options modify -vserver &lt;vserver name&gt; -is-exportpolicy-enabled true</P> <P>&nbsp;</P> <P>Once enabled, give it a try.</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 12 May 2020 14:43:16 GMT Ontapforrum 2020-05-12T14:43:16Z https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156164#M35236 <P>Hey,</P> <P>I have a cluster running ontap 9.7P1.</P> <P>For the sake of testing I created a custom service-policy which allows data-core for all ips (0.0.0.0/0)</P> <P>and data-cifs with 1.1.1.0/24 in order to block anyone from accessing the svm via cifs (again, just for testing).</P> <P>I assigned the data lif to this new service-policy and even brought it down and up but I can still access \\ the svm (and I'm not part of this ip segment).</P> <P>I also tried to change the data-core service to 1.1.1.0/24 just to try and it didn't help also.</P> <P>anyone has an idea?</P> <P>thanks in advance <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 04 Jun 2025 11:10:23 GMT https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156164#M35236 SuperTeam 2025-06-04T11:10:23Z https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156166#M35237 <P>Hi,</P> <P>&nbsp;</P> <P>Before troubleshooting,&nbsp; first thing I want to ask :</P> <P>Is the export-policy enabled? (By-default it is disabled for cifs)&nbsp;</P> <P>&nbsp;</P> <P>According to the KB below:<BR /><STRONG><EM>Since 8.2, export policies have no effect&nbsp; on CIFS, </EM></STRONG>and only CIFS ACLs and share level permissions determine access. If you want <STRONG>ipbased</STRONG> (export policy based) access restrictions for cifs to apply, modify the corresponding advanced level cifs vserver option with cifs option modify on the cluster.</P> <P>&nbsp;</P> <P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_do_export-policies_work_in_clustered_Data_ONTAP%3F" target="_blank" rel="noopener">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_do_export-policies_work_in_clustered_Data_ONTAP%3F</A></P> <P>&nbsp;</P> <P>Go to advance level:</P> <P>&nbsp;</P> <P>::&gt; set adv<BR />Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.<BR />Do you want to continue? {y|n}: y</P> <P>&nbsp;</P> <P><STRONG>Check the current policy first:</STRONG></P> <P>::*&gt; vserver cifs options show -vserver &lt;vserver name&gt; -fields is-exportpolicy-enabled<BR />vserver is-exportpolicy-enabled<BR />------- - ----------------------<BR />&lt;vserver name&gt; false</P> <P>&nbsp;</P> <P><STRONG>Enable it:</STRONG></P> <P>::*&gt; vserver cifs options modify -vserver &lt;vserver name&gt; -is-exportpolicy-enabled true</P> <P>&nbsp;</P> <P>Once enabled, give it a try.</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 12 May 2020 14:43:16 GMT https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156166#M35237 Ontapforrum 2020-05-12T14:43:16Z https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156170#M35238 <P>Thanks, I'll try that out</P> Tue, 12 May 2020 14:55:38 GMT https://community.netapp.com/t5/ONTAP-Discussions/network-interface-service-policy-doesn-t-work-or-misconfigured/m-p/156170#M35238 SuperTeam 2020-05-12T14:55:38Z