Connectrix B 系列 Brocade:如何在Brocade Fabric操作系统上禁用Telnet
Summary: 如何在 Brocade FOS 6.x 交换机上禁用 Telnet。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
如何在 Brocade FOS 6.x 交换机上禁用 Telnet。
设置 ipfilter
设置 ipfilter
Cause
拒绝 telnet
Resolution
首先,我们必须确定 Telnet 的规则编号。
问题
下面的示例:
在此示例中,您可以看到,在默认策略中,telnet 规则是 rule 2。确定 Telnet 的规则编号后,按照以下步骤禁用 Telnet。假设在下面的输出中,telnet 的规则是 2,如果 telnet 规则与上面找到的规则不同,请更改以下命令中的规则编号。
1. 复制默认 ipfilter 策略
2. 删除克隆策略的当前 Telnet 策略
3. 添加了新的 Telnet 策略
4. 保存策略
5. 激活新策略
问题
ipfilter --show
下面的示例:
ipfilter --show Name: default_ipv4, Type: ipv4, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit <<<<<<<< Telnet Rule 3 any tcp 897 permit 4 any tcp 898 permit 5 any tcp 111 permit 6 any tcp 80 permit 7 any tcp 443 permit 8 any udp 161 permit 9 any udp 111 permit 10 any udp 123 permit 11 any tcp 600 - 1023 permit 12 any udp 600 - 1023 permit Name: default_ipv6, Type: ipv6, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit <<<<<Telnet Rule 3 any tcp 897 permit 4 any tcp 898 permit 5 any tcp 111 permit 6 any tcp 80 permit 7 any tcp 443 permit 8 any udp 161 permit 9 any udp 111 permit 10 any udp 123 permit 11 any tcp 600 - 1023 permit 12 any udp 600 - 1023 permit
在此示例中,您可以看到,在默认策略中,telnet 规则是 rule 2。确定 Telnet 的规则编号后,按照以下步骤禁用 Telnet。假设在下面的输出中,telnet 的规则是 2,如果 telnet 规则与上面找到的规则不同,请更改以下命令中的规则编号。
1. 复制默认 ipfilter 策略
Ipfilter --clone ipv4_no_telnet -from default_ipv4 Ipfilter --clone ipv6_no_telnet -from default_ipv6
Ipfilter --delrule ipv4_no_telnet -rule 2 Ipfilter --delrule ipv6_no_telnet -rule 2
Ipfilter --addrule ipv4_no_telnet -rule 2 -sip any -dp 23 -proto tcp -act deny Ipfilter --addrule ipv6_no_telnet -rule 2 -sip any -dp 23 -proto tcp -act deny
Ipfilter --save
Ipfilter --activate ipv4_no_telnet Ipfilter --activate ipv6_no_telnet
Additional Information
禁用 Telnet 的策略示例。
Ipfilter --show Name: ipv4_no_telnet, Type: ipv4, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 23 permit 4 any tcp 897 permit 5 any tcp 898 permit 6 any tcp 111 permit 7 any tcp 80 permit 8 any tcp 443 permit 9 any udp 161 permit 10 any udp 111 permit 11 any udp 123 permit 12 any tcp 600 - 1023 permit 13 any udp 600 - 1023 permit Name: ipv6_no_telnet, Type: ipv6, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 23 permit 4 any tcp 897 permit 5 any tcp 898 permit 6 any tcp 111 permit 7 any tcp 80 permit 8 any tcp 443 permit 9 any udp 161 permit 10 any udp 111 permit 11 any udp 123 permit 12 any tcp 600 - 1023 permit 13 any udp 600 - 1023 permit
Affected Products
Connectrix B-Series HardwareProducts
Connectrix, Connectrix B-Series HardwareArticle Properties
Article Number: 000046018
Article Type: Solution
Last Modified: 09 Oct 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.