Securing or unsecuring the FibreBridge bridge

Download PDF of this page

To easily disable potentially unsecure Ethernet protocols on a bridge, beginning with ONTAP 9.5 you can secure the bridge. This disables the bridge’s Ethernet ports. You can also reenable Ethernet access.

  • Securing the bridge disables telnet and other IP port protocols and services (FTP, ExpressNAV, ICMP, or QuickNAV) on the bridge.

  • This procedure uses out-of-band management using the ONTAP prompt, which is available beginning with ONTAP 9.5.

    You can issue the commands from the bridge CLI if you are not using out-of-band management.

  • The unsecurebridge command can be used to reenable the Ethernet ports.

  • In ONTAP 9.7 and earlier, running the securebridge command on the ATTO FibreBridge might not update the bridge status correctly on the partner cluster. If this occurs, run the securebridge command from the partner cluster.

Starting with ONTAP 9.8, the storage bridge command is replaced with system bridge. The following steps show the storage bridge command, but if you are running ONTAP 9.8 or later, the system bridge command is preferred.
Steps
  1. From the ONTAP prompt of the cluster containing the bridge, secure or unsecure the bridge.

    The following command secures bridge_A_1:

    cluster_A> storage bridge run-cli -bridge bridge_A_1 -command securebridge

    The following command unsecures bridge_A_1:

    cluster_A> storage bridge run-cli -bridge bridge_A_1 -command unsecurebridge
  2. From the ONTAP prompt of the cluster containing the bridge, save the bridge configuration:

    storage bridge run-cli -bridge bridge-name -command saveconfiguration

    The following command secures bridge_A_1:

    cluster_A> storage bridge run-cli -bridge bridge_A_1 -command saveconfiguration
  3. From the ONTAP prompt of the cluster containing the bridge, restart the bridge’s firmware:

    storage bridge run-cli -bridge bridge-name -command firmwarerestart

    The following command secures bridge_A_1:

    cluster_A> storage bridge run-cli -bridge bridge_A_1 -command firmwarerestart