HPE Community
HPE EVA Storage
1820706 Members
2640 Online
109627 Solutions
New Discussion юеВ

disabling telnet on Brocade fibre switch

 
SOLVED
Go to solution
ben horan
Frequent Advisor

тАО03-31-2008 09:29 AM

тАО03-31-2008 09:29 AM

disabling telnet on Brocade fibre switch

We would like to disable telnet on our Brocade (OS 5.3.0a) fabric and use ssh for security. I ran the command

"ipfilter --addrule blockTelnet -sip any -dp 23 -proto tcp -act deny"

and after activating this filter I could no longer access the switch via telnet, ssh or web access!!

How can i disable just telnet access itself?

0 Kudos
5 REPLIES 5
IBaltay
Honored Contributor

тАО03-31-2008 10:19 AM

тАО03-31-2008 10:19 AM

Re: disabling telnet on Brocade fibre switch

Hi,
if you use configure, there is an option telnetd which is on by default. If you switch it off it only disables the telnet
the pain is one part of the reality
0 Kudos
ben horan
Frequent Advisor

тАО04-01-2008 06:33 AM

тАО04-01-2008 06:33 AM

Re: disabling telnet on Brocade fibre switch

the configure command works for turning off telnet prior to OS 5.3.0, however we have 4 switches running OS 5.3.0.

there must be a method for disabling telnet for 5.3.0 and above OS levels
0 Kudos
Juan B.S.R.
Trusted Contributor

тАО04-01-2008 06:57 AM

тАО04-01-2008 06:57 AM

Solution

Re: disabling telnet on Brocade fibre switch

Hi.
The ipfilter command in the release notes for FabricOS 5.3.0 is not absolutely correct.

I think that the best way is to clone the default policy (default_ipv4) and then replace the rule for Telnet.
Take a look to the following command secuence.
I hope this can help you

#ipfilter --clone BlockTelnet -from default_ipv4
#ipfilter --show (write down the rule number for Telnet)
#ipfilter --delrule BlockTelnet -rule 2
#ipfilter --addrule blockTelnet -rule 2 -sip any -dp 23 -proto tcp -act deny
#ipfilter --save BlockTelnet
#ipfilter --activate BlockTelnet
ben horan
Frequent Advisor

тАО04-01-2008 07:02 AM

тАО04-01-2008 07:02 AM

Re: disabling telnet on Brocade fibre switch

Juan, you bet me to it! Had just tried this out and yes i can confirm it works fine!
0 Kudos
ben horan
Frequent Advisor

тАО04-01-2008 07:05 AM

тАО04-01-2008 07:05 AM

Re: disabling telnet on Brocade fibre switch

Policy rules must be created for each -dp (i.e. 23 for telnet, 22 for ssh). Easiest way is to clone the default policy and then update the clone as required before activating it.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.