Skip to main content
NetApp Knowledge Base

Is it possible to disable SMB2 and keep SMB3 enabled in ONTAP?

Views:
1,771
Visibility:
Public
Votes:
3
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Answer

  • It is not possible to just disable SMB2 and keep SMB3 enabled in ONTAP
  • Attempt to disable SMB2 (with SMB1 disabled by default from ONTAP 9.3) on SVM will fail with below error
::> cifs options modify -vserver svm -smb2-enabled false
Error: command failed: Cannot disable SMB2 protocol on Vserver "svm" because other versions of the SMB protocol are already disabled or being disabled.
 
NOTE:
  • One way to allow only SMB3 client connections is by enabling encryption on the shares. 
  • Only SMB3 clients support SMB encryption
  • SMB clients ( SMB1 , SMB2 ) that do not support encryption cannot connect to a SMB server or share that requires encryption.
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.