Extreme Networks

Adam_Schappell · ‎10-25-2018

Hello, we have a requirement to have TFTP disabled on our switch... Is this possible? If so what commands can I run?

Truyen_Phan · ‎01-16-2019

Hi Adam,

TFTP is executed under the inetd process. TFTPd is disabled by default on higher releases (6.x+) which the 6720 does not support. IPfilter is not needed to block this.

Please do the following to disable tftpd. A reload will be needed to take effect.

The below will do the following:

take back up of inetd.conf
comment out tftpd in inetd.conf and put in new file via sed
overwrite inetd.conf with update file
copy inetd.conf to 2nd partition in case of partition swap in the future
reload switch

code:

sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
sw0:root> netstat -anp | grep :69
udp    0   0 0.0.0.0:69       0.0.0.0:*              1295/inetd

sw0:root> cat /etc/inetd.conf | grep tftpd
tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /etc/inetd.conf.bak
bash-2.04# cp /mnt/etc/inetd.conf /mnt/etc/inetd.conf.bak
bash-2.04# sed -e 's/^tftp/#tftp/' /etc/inetd.conf > /etc/inetd.conf.new
bash-2.04# cp /etc/inetd.conf.new /etc/inetd.conf
bash-2.04# grep tftp /etc/inetd.conf
#tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /mnt/etc/inetd.conf
bash-2.04# exit
exit
sw0# reload system

### After switch boots up ###

code:

sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
bash-2.04# netstat -anp | grep :69
bash-2.04#

View solution in original post

Ivan_Chan · ‎01-14-2019

Hi Adam,

In later version, Telnet Server cli is enhanced to allow you do that just that to disable Telnet server for both mgmt.-vrf and default-vrf as well as the active and the standby.

What version are you running? We need to check it your NOS version supports what you intend to do - earlier version does not support some of the cli commands shown below.

Below is steps to shut down telnet server for both default-vrf and mgmt.-vrf of the active for NOS 7.3.0a

Static-Lab-SM08_VDX2# sh ver
Network Operating System Software
Network Operating System Version: 7.3.0a
Copyright (c) 1995-2017 Brocade Communications Systems, Inc.
Firmware name: 7.3.0a
Build Time: 07:59:32 Sep 24, 2018
Install Time: 05:24:19 Jan 5, 2019
Kernel: 2.6.34.6
BootProm: 1.0.1
Control Processor: e500mc with 4096 MB of memory
Slot Name Primary/Secondary Versions Status
---------------------------------------------------------------------------
SW/0 NOS 7.3.0a ACTIVE*
7.3.0a
SW/1 NOS 7.3.0a STANDBY
7.3.0a
Static-Lab-SM08_VDX2#

Static-Lab-SM08_VDX2# sh telnet server status
rbridge-id 2
VRF-Name: mgmt-vrf Status: Enabled
VRF-Name: default-vrf Status: Enabled
Static-Lab-SM08_VDX2# sh ssh server status rb all
rbridge-id 2
VRF-Name: mgmt-vrf Status: Enabled
VRF-Name: default-vrf Status: Enabled
Static-Lab-SM08_VDX2# conf t
Entering configuration mode terminal
Static-Lab-SM08_VDX2(config-rbridge-id-1)# rb 2
Static-Lab-SM08_VDX2(config-rbridge-id-2)# telnet server
Possible completions:
shutdown Shutdown Telnet Server
standby Configure Standby Telnet
use-vrf Configure VRF Name
Static-Lab-SM08_VDX2(config-rbridge-id-2)# telnet server shutdown
Possible completions:

Static-Lab-SM08_VDX2(config-rbridge-id-2)# telnet server shutdown
Static-Lab-SM08_VDX2(config-rbridge-id-2)# do show telnet server status rbridge-id 2
Possible completions:

Static-Lab-SM08_VDX2(config-rbridge-id-2)# do show telnet server status rbridge-id 2
rbridge-id 2
VRF-Name: default-vrf Status: Enabled
VRF-Name: mgmt-vrf Status: Disabled

Extreme Networks

How to disable TFTP on VDX6720

How to disable TFTP on VDX6720