Securing or unsecuring the FibreBridge bridge
Suggest changes
PDFs
To easily disable potentially unsecure Ethernet protocols on a bridge, beginning with ONTAP 9.5 you can secure the bridge. This disables the bridge's Ethernet ports. You can also reenable Ethernet access.
-
Securing the bridge disables telnet and other IP port protocols and services (FTP, ExpressNAV, ICMP, or QuickNAV) on the bridge.
-
This procedure uses out-of-band management using the ONTAP prompt, which is available beginning with ONTAP 9.5.
You can issue the commands from the bridge CLI if you are not using out-of-band management.
-
The
unsecurebridgecommand can be used to reenable the Ethernet ports. -
In ONTAP 9.7 and earlier, running the
securebridgecommand on the ATTO FibreBridge might not update the bridge status correctly on the partner cluster. If this occurs, run thesecurebridgecommand from the partner cluster.
|
Beginning with ONTAP 9.8, the storage bridge command is replaced with system bridge. The following steps show the storage bridge command, but if you are running ONTAP 9.8 or later, the system bridge command is preferred.
|
-
From the ONTAP prompt of the cluster containing the bridge, secure or unsecure the bridge.
The following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command securebridge
The following command unsecures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command unsecurebridge
-
From the ONTAP prompt of the cluster containing the bridge, save the bridge configuration:
storage bridge run-cli -bridge bridge-name -command saveconfigurationThe following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command saveconfiguration
-
From the ONTAP prompt of the cluster containing the bridge, restart the bridge's firmware:
storage bridge run-cli -bridge bridge-name -command firmwarerestartThe following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command firmwarerestart