To easily disable potentially unsecure Ethernet protocols on a bridge, beginning with ONTAP 9.6 you can secure the bridge. This disables the bridge's Ethernet ports. You can also reenable Ethernet access.
Securing the bridge disables telnet and other IP port protocols and services (FTP, ExpressNAV, ICMP, or QuickNAV) on the bridge.
This procedure uses out-of-band management using the ONTAP prompt, which is available beginning with ONTAP 9.5.
You can issue the commands from the bridge CLI if you are not using out-of-band management.
The unsecurebridge command can be used to reenable the Ethernet ports.
- From the ONTAP prompt of the cluster containing the bridge, secure or unsecure the bridge.
The following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command securebridge
The following command unsecures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command unsecurebridge
- From the ONTAP prompt of the cluster containing the bridge, save the bridge configuration: storage bridge run-cli -bridge bridge-name -command saveconfiguration
The following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command saveconfiguration
- From the ONTAP prompt of the cluster containing the bridge, restart the bridge's firmware: storage bridge run-cli -bridge bridge-name -command firmwarerestart
The following command secures bridge_A_1:
cluster_A> storage bridge run-cli -bridge bridge_A_1 -command firmwarerestart