ONTAP Discussions

network interface service-policy doesn't work or misconfigured?



I have a cluster running ontap 9.7P1.

For the sake of testing I created a custom service-policy which allows data-core for all ips (

and data-cifs with in order to block anyone from accessing the svm via cifs (again, just for testing).

I assigned the data lif to this new service-policy and even brought it down and up but I can still access \\ the svm (and I'm not part of this ip segment).

I also tried to change the data-core service to just to try and it didn't help also.

anyone has an idea?

thanks in advance 🙂





Before troubleshooting,  first thing I want to ask :

Is the export-policy enabled? (By-default it is disabled for cifs) 


According to the KB below:
Since 8.2, export policies have no effect  on CIFS, and only CIFS ACLs and share level permissions determine access. If you want ipbased (export policy based) access restrictions for cifs to apply, modify the corresponding advanced level cifs vserver option with cifs option modify on the cluster.




Go to advance level:


::> set adv
Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y


Check the current policy first:

::*> vserver cifs options show -vserver <vserver name> -fields is-exportpolicy-enabled
vserver is-exportpolicy-enabled
------- - ----------------------
<vserver name> false


Enable it:

::*> vserver cifs options modify -vserver <vserver name> -is-exportpolicy-enabled true


Once enabled, give it a try.




Thanks, I'll try that out

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner