Configuring the Telnet protocol
Telnet is enabled by default. To prevent users from passing clear text passwords over the network when
they connect to the switch, you can block the Telnet protocol using an IP Filter policy.
NOTE:
Before blocking Telnet, make sure you have an alternate method of establishing a connection with
the switch.
Blocking Telnet
To block Telnet:
1.
Connect to the switch and log in as admin.
Connect through some means other than Telnet: for example, through SSH.
2.
Create a policy:
ipfilter --create <policyname> -type < ipv4 | ipv6 >
where
<policyname>
Example
ipfilter --create block_telnet_v4 --type ipv4
3.
Add a rule to the policy, by typing the following command:
ipfilter --addrule <policyname> -rule <rule_number> -sip <source_IP> -dp
<dest_port> -proto <protocol> -act <deny>
where -sip option can be given as any, dp is the port number for telnet (23), and -proto is tcp.
Example
ipfilter --addrule block_telnet_v4 -rule 2 -sip any -dp 23 -proto tcp -act deny
4.
Save the new ipfilter policy by typing the following command:
ipfilter --save [policyname]
where
[policyname]
Example
ipfilter --save block_telnet_v4
5.
Activate the new ipfilter policy by typing the following command:
ipfilter --activate <policyname>
where <policyname> is the name of the policy you created in step
Example
ipfilter --activate block_telnet_v4
Unblocking Telnet
To unblock Telnet:
1.
Connect to the switch through a means other than Telnet (for example, SSH) and log in as admin.
2.
Type in the following command:
ipfilter –delete <telnet_policyname>
where <telnet_policyname> is the name of the Telnet policy.
3.
To permanently delete the policy, type the following command:
ipfilter --save
For more information on IP Filter policies, refer to
is the name of the new policy and
is the name of the policy and is optional.
"Configuring advanced security
specifies an IPv4 or IPv6 address.
-type
features" on page 99.
Fabric OS 6.x administrator guide
87