Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

161

162

163

164

165

166

167

168

169

170

Fabric OS Administrator’s Guide 119

53-1001336-02

Telnet protocol

The snmpConfig command

Use the snmpConfig --set command to change either the SNMPv3 or SNMPv1 configuration. You

can also change access control, MIB capability, and system group.

For details on Brocade MIB files, naming conventions, loading instructions, and information about

using the Brocade SNMP agent, see the Fabric OS MIB Reference.

Telnet protocol

Telnet is enabled by default. To prevent passing clear text passwords over the network when

connecting to the switch, you can block the Telnet protocol using an IP Filter policy. For more

information on IP Filter policies, refer to “IP Filter policy” on page 141.

ATTENTION

Before blocking Telnet, make sure you have an alternate method of establishing a connection with

the switch.

Blocking Telnet

If you create a new policy using commands with just one rule, all the missing rules have an implicit

deny and you lose all IP access to the switch, including Telnet, SSH, and management ports.

1. Connect to the switch and log in as admin.

2. Clone the default policy by typing the ipFilter

--clone command.

switch:admin> ipfilter --clone BlockTelnet -from default_ipv4

3. Save the new policy by typing the ipFilter --save command.

switch:admin> ipfilter --save BlockTelnet

4. Verify the new policy exists by typing the ipFilter --show command.

switch:admin> ipfilter --show

5. Add a rule to the policy, by typing the ipFilter --addrule command.

switch:admin> ipfilter --addrule BlockTelnet -rule 1 -sip any -dp 23 -proto

tcp -act deny

ATTENTION

The rule number assigned has to precede the default rule number for this protocol. For

example, in the defined policy, the Telnet rule number is 2, therefore to effectively block Telnet,

the rule number to assign must be 1.

If you choose not to use 1, you will need to delete the telnet rule number 2 after adding this

rule. Refer to “Deleting a rule to an IP Filter policy” on page 145 for more information on

deleting IP filter rules.

6. Save the new ipfilter policy by typing the ipfilter --save command.

7. Verify the new policy is correct by typing the ipFilter

--show command.

8. Activate the new ipfilter policy by typing the ipfilter

--activate command.