HTTP is only used for the distribution and installation of the Cisco Fabric Manager software. It is not used for communication between the Cisco Fabric Manager and Cisco MDS 9000 Family switches.
AFAIK the internal flash isn't large enough to hold the FM software anymore and since about half a year or so you need to download FM from the internet (Powerlink of Cisco).
There are various ways to secure the HTTP service but there is no way to completely stop the HTTP service without going to the Linux level. Here are possible things to consider:
1) Using Access Control Lists via the Access-List list command 2) Using HTTPs instead of HTTP 3) Creating a separate VLAN for limited hosts to the switch 4) Creating Firewall rules to block the use of HTTP
emcers
63 Posts
0
October 21st, 2008 09:00
HTTP is only used for the distribution and installation of the Cisco Fabric Manager software. It is not used for communication between the Cisco Fabric Manager and Cisco MDS 9000 Family switches.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_1_x/1_3/fm/configuration/guide/GetStart.html
And I believe we can use the IP-ACL feature to disable HTTP and WWW, by denying port 143 and port 80.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/fm/configuration/guide/ipacl.html
RRR
4 Operator
•
5.7K Posts
0
October 28th, 2008 12:00
AranH1
2.2K Posts
0
October 28th, 2008 12:00
emcers
63 Posts
0
November 25th, 2008 16:00
ConnectrixHelpe
259 Posts
0
November 26th, 2008 07:00
There are various ways to secure the HTTP service but there is no way to completely stop the HTTP service without going to the Linux level. Here are possible things to consider:
1) Using Access Control Lists via the Access-List list command
2) Using HTTPs instead of HTTP
3) Creating a separate VLAN for limited hosts to the switch
4) Creating Firewall rules to block the use of HTTP
Thank you.