Deployment Guide
NOTE
SNMPv3 supports AES-128, AES-256, and DES protocols.
NOTE
For resolving AES-256 protocol in the USM MIB walk, the eso Consortium MIB has to be loaded.
Telnet protocol
Telnet is enabled by default. To prevent passing clear text passwords over the network when
connecting to the switch, you can block the Telnet protocol using an IP filter policy. For more
information on IP filter policies, refer to IP Filter policy on page 231.
ATTENTION
Before blocking Telnet, make sure you have an alternate method of establishing a connection with the
switch.
Blocking Telnet
If you create a new policy using commands with just one rule, all the missing rules have an implicit
deny and you lose all IP access to the switch, including Telnet, SSH, and management ports.
Use the following procedure to block Telnet access.
1. Connect to the switch and log in using an account with admin permissions.
2. Clone the default policy by typing the ipFilter --clone command.
switch:admin> ipfilter --clone BlockTelnet -from default_ipv4
3. Save the new policy by typing the ipFilter --save command.
switch:admin> ipfilter --save BlockTelnet
4. Verify the new policy exists by typing the ipFilter --show command.
switch:admin> ipfilter --show
5. Add a rule to the policy, by typing the ipFilter --addrule command.
switch:admin> ipfilter --addrule BlockTelnet -rule 1 -sip any -dp 23 -proto tcp -
act deny
ATTENTION
The rule number assigned must precede the default rule number for this protocol. For example, in
the defined policy, the Telnet rule number is 2. Therefore, to effectively block Telnet, the rule
number to assign must be 1. If you choose not to use 1, you must delete the Telnet rule number 2
after adding this rule. Refer to Deleting a rule from an IP Filter policy on page 237 for more
information on deleting IP filter rules.
6. Save the new IP filter policy by typing the ipfilter --save command.
Telnet protocol
204 Fabric OS Administrators Guide
53-1003130-01