Extreme Networks

Adam_Schappell · ‎10-25-2018

Hello, we have a requirement to have TFTP disabled on our switch... Is this possible? If so what commands can I run?

Truyen_Phan · ‎01-16-2019

Hi Adam,

TFTP is executed under the inetd process. TFTPd is disabled by default on higher releases (6.x+) which the 6720 does not support. IPfilter is not needed to block this.

Please do the following to disable tftpd. A reload will be needed to take effect.

The below will do the following:

take back up of inetd.conf
comment out tftpd in inetd.conf and put in new file via sed
overwrite inetd.conf with update file
copy inetd.conf to 2nd partition in case of partition swap in the future
reload switch

code:

sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
sw0:root> netstat -anp | grep :69
udp    0   0 0.0.0.0:69       0.0.0.0:*              1295/inetd

sw0:root> cat /etc/inetd.conf | grep tftpd
tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /etc/inetd.conf.bak
bash-2.04# cp /mnt/etc/inetd.conf /mnt/etc/inetd.conf.bak
bash-2.04# sed -e 's/^tftp/#tftp/' /etc/inetd.conf > /etc/inetd.conf.new
bash-2.04# cp /etc/inetd.conf.new /etc/inetd.conf
bash-2.04# grep tftp /etc/inetd.conf
#tftp dgram  udp   wait  nobody /usr/sbin/in.tftpd  in.tftpd /tftpboot

bash-2.04# cp /etc/inetd.conf /mnt/etc/inetd.conf
bash-2.04# exit
exit
sw0# reload system

### After switch boots up ###

code:

sw0# unhide foscmd
Password: ******** (fibranne)
sw0# fos bash | no
bash-2.04# netstat -anp | grep :69
bash-2.04#

View solution in original post

Ivan_Chan · ‎01-14-2019

this other reply was on-hold pending moderator !!!

Adam_Schappell · ‎01-14-2019

So when I do that it shows telnet is disabled. When we run scans against it, it is showing tftp enabled. Also we are on a secure segregated network so you wont be able to login to it.

Ivan_Chan · ‎01-14-2019

if you have a free 10-15 min, we can log into your switch and check …

Here is a link for a live session.
(removed by Community Manager - let's share these via PM in the future)

Ivan_Chan · ‎01-14-2019

I don't have a switch with 4.1.3 to do a quick check …
But, the cli for NOS 6.0.1a is also different … you may want to try the same command and see what is the result.

Here is the check on NOS 6.0.1a
…
sadie# sh vers
Network Operating System Software
Network Operating System Version: 6.0.1
Copyright (c) 1995-2015 Brocade Communications Systems, Inc.
Firmware name: 6.0.1a
Build Time: 21:02:59 Sep 15, 2015
Install Time: 01:37:03 Dec 25, 2018
Kernel: 2.6.34.6
BootProm: 1.0.1
Control Processor: e500mc with 8192 MB of memory
Slot Name Primary/Secondary Versions Status
---------------------------------------------------------------------------
SW/0 NOS 6.0.1a ACTIVE*
6.0.1a
SW/1 NOS 6.0.1a STANDBY
6.0.1a
sadie# sh telnet server status
rbridge-id 1:Telnet server status:Enabled
sadie# conf t
Entering configuration mode terminal
sadie(config)# rb 1
sadie(config-rbridge-id-1)# telnet server standby enable
Possible completions:

sadie(config-rbridge-id-1)# telnet server standby enable
sadie(config-rbridge-id-1)# no telnet server standby enable
sadie(config-rbridge-id-1)# do show telnet server status
rbridge-id 1:Telnet server status:Enabled
sadie(config-rbridge-id-1)# do show ssh server status
rbridge-id 1:SSH server status:Enabled
sadie(config-rbridge-id-1)# telnet server shut
sadie(config-rbridge-id-1)# do show telnet server status
rbridge-id 1:Telnet server status:Disabled
sadie(config-rbridge-id-1)#
sadie# sh vrf
Total number of VRFs configured: 2
VrfName VrfId V4-Ucast V6-Ucast
default-vrf 1 Enabled Enabled
mgmt-vrf 0 Enabled Enabled
sadie# sh run | inc telnet
telnet server shutdown

Adam_Schappell · ‎01-14-2019

doesnt look like your reply posted again

Extreme Networks

How to disable TFTP on VDX6720

How to disable TFTP on VDX6720