beautypg.com

Snmp security levels, Snmp configuration, Telnet protocol – Dell POWEREDGE M1000E User Manual

Page 190: Blocking telnet

background image

190

Fabric OS Administrator’s Guide

53-1002745-02

Telnet protocol

6

SNMP security levels

Use the snmpConfig

--

set seclevel command to set the security level. For more information about

using the Brocade SNMP agent, refer to the Fabric OS MIB Reference.

SNMP configuration

Use the snmpConfig

--

set command to change either the SNMPv3 or SNMPv1 configuration. You

can also change access control, MIB capability, and system group.

For details on Brocade MIB files, naming conventions, loading instructions, and information about
using the Brocade SNMP agent, refer to the Fabric OS MIB Reference.

Telnet protocol

Telnet is enabled by default. To prevent passing clear text passwords over the network when
connecting to the switch, you can block the Telnet protocol using an IP filter policy. For more
information on IP filter policies, refer to

“IP Filter policy”

on page 217.

ATTENTION

Before blocking Telnet, make sure you have an alternate method of establishing a connection with
the switch.

Blocking Telnet

If you create a new policy using commands with just one rule, all the missing rules have an implicit
deny and you lose all IP access to the switch, including Telnet, SSH, and management ports.

Use the following procedure to block Telnet access.

1. Connect to the switch and log in using an account with admin permissions.

2. Clone the default policy by typing the ipFilter

--

clone command.

switch:admin> ipfilter --clone BlockTelnet -from default_ipv4

3. Save the new policy by typing the ipFilter

--

save command.

switch:admin> ipfilter --save BlockTelnet

4. Verify the new policy exists by typing the ipFilter

--

show command.

switch:admin> ipfilter --show

5. Add a rule to the policy, by typing the ipFilter

--

addrule

command.

switch:admin> ipfilter --addrule BlockTelnet -rule 1 -sip any -dp 23 -proto
tcp -act deny