Skip to main content

Enable Telnet or RSH access to the cluster

Contributors netapp-ahibbard netapp-barbe

As a security best practice, Telnet and RSH are disabled in the predefined management firewall policy (mgmt). To enable the cluster to accept Telnet or RSH requests, you must create a new management firewall policy that has Telnet or RSH enabled, and then associate the new policy with the cluster management LIF.

About this task

ONTAP prevents you from changing predefined firewall policies, but you can create a new policy by cloning the predefined mgmt management firewall policy, and then enabling Telnet or RSH under the new policy. However, Telnet and RSH are not secure protocols, so you should consider using SSH to access the cluster. SSH provides a secure remote shell and interactive network session.

Perform the following steps to enable Telnet or RSH access to the clusters:

Steps
  1. Enter the advanced privilege mode:
    set advanced

  2. Enable a security protocol (RSH or Telnet):
    security protocol modify -application security_protocol -enabled true

  3. Create a new management firewall policy based on the mgmt management firewall policy:
    system services firewall policy clone -policy mgmt -destination-policy policy-name

  4. Enable Telnet or RSH in the new management firewall policy:
    system services firewall policy create -policy policy-name -service security_protocol -action allow -ip-list ip_address/netmask
    To allow all IP addresses, you should specify -ip-list 0.0.0.0/0

  5. Associate the new policy with the cluster management LIF:
    network interface modify -vserver cluster_management_LIF -lif cluster_mgmt -firewall-policy policy-name