Connectrix - B Series Brocade: How to disable Telnet on a Brocade Fabric OS
Summary: How to disable Telnet on a Brocade FOS 6.x switch.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
How to disable Telnet on a Brocade FOS 6.x switch.
Set ipfilter
Set ipfilter
Cause
Deny telnet
Resolution
First, we must identify the rule number for Telnet.
Issue
Example below:
From this example, you can see that from the default policy the telnet rule is rule 2. Once the rule number for telnet has been identified follow the below procedure to disable Telnet. Assuming in the below output that the rule for telnet is 2, if the telnet rule is different as found in the above change the rule number in the below commands.
1.Copy default ipfilter policies
2.Delete current telnet policy for cloned policies
3.Add new Telnet policy
4.Save policies
5.Activate new policies
Issue
ipfilter --show
Example below:
ipfilter --show Name: default_ipv4, Type: ipv4, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit <<<<<<<< Telnet Rule 3 any tcp 897 permit 4 any tcp 898 permit 5 any tcp 111 permit 6 any tcp 80 permit 7 any tcp 443 permit 8 any udp 161 permit 9 any udp 111 permit 10 any udp 123 permit 11 any tcp 600 - 1023 permit 12 any udp 600 - 1023 permit Name: default_ipv6, Type: ipv6, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit <<<<<Telnet Rule 3 any tcp 897 permit 4 any tcp 898 permit 5 any tcp 111 permit 6 any tcp 80 permit 7 any tcp 443 permit 8 any udp 161 permit 9 any udp 111 permit 10 any udp 123 permit 11 any tcp 600 - 1023 permit 12 any udp 600 - 1023 permit
From this example, you can see that from the default policy the telnet rule is rule 2. Once the rule number for telnet has been identified follow the below procedure to disable Telnet. Assuming in the below output that the rule for telnet is 2, if the telnet rule is different as found in the above change the rule number in the below commands.
1.Copy default ipfilter policies
Ipfilter --clone ipv4_no_telnet -from default_ipv4 Ipfilter --clone ipv6_no_telnet -from default_ipv6
Ipfilter --delrule ipv4_no_telnet -rule 2 Ipfilter --delrule ipv6_no_telnet -rule 2
Ipfilter --addrule ipv4_no_telnet -rule 2 -sip any -dp 23 -proto tcp -act deny Ipfilter --addrule ipv6_no_telnet -rule 2 -sip any -dp 23 -proto tcp -act deny
Ipfilter --save
Ipfilter --activate ipv4_no_telnet Ipfilter --activate ipv6_no_telnet
Additional Information
Example of policies with telnet disabled.
Ipfilter --show Name: ipv4_no_telnet, Type: ipv4, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 23 permit 4 any tcp 897 permit 5 any tcp 898 permit 6 any tcp 111 permit 7 any tcp 80 permit 8 any tcp 443 permit 9 any udp 161 permit 10 any udp 111 permit 11 any udp 123 permit 12 any tcp 600 - 1023 permit 13 any udp 600 - 1023 permit Name: ipv6_no_telnet, Type: ipv6, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 23 permit 4 any tcp 897 permit 5 any tcp 898 permit 6 any tcp 111 permit 7 any tcp 80 permit 8 any tcp 443 permit 9 any udp 161 permit 10 any udp 111 permit 11 any udp 123 permit 12 any tcp 600 - 1023 permit 13 any udp 600 - 1023 permit
Affected Products
Connectrix B-Series HardwareProducts
Connectrix, Connectrix B-Series HardwareArticle Properties
Article Number: 000046018
Article Type: Solution
Last Modified: 09 Oct 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.