Didn't try Support Mode, but the commands were declined when I tried to issue them through Central as well. If @mkk has those release notes right, that solution might 'just work'. Will just be a little while before I have a maintenance window open to reboot the switches.
Original Message:
Sent: May 25, 2023 03:21 AM
From: Jochem Knoben
Subject: Aruba 2930F... Need To Disable Telnet
Hi,
I guess what has been overseen is the information about: "Aruba Central Managed".
If the switch is managed by central you cannot do changes anymore locally, unless switching to the support-mode
(CLI-command: aruba-central support-mode enable)
If you do so - you will be able to disable telnet utilizing the above mentioned cli-commands; do switch off the support-mode afterwards.
Indeed, it seems, it's not possible to disable telnet via Central GUI-mode. Pls. open a TAC-case to get this function added in Central.
Hope that Central will not show a config-conflict when you add the "no telnet-server" this way and it will stay in the config.....
/Jochem
Original Message:
Sent: May 24, 2023 06:09 PM
From: mkk
Subject: Aruba 2930F... Need To Disable Telnet
From the 16.11.0011 release notes
16.11.0007 KB To provide a secured management connection to the switch, the following improvements are made:
Disabled TELNET on default configuration (no telnetserver).
Disabled HTTP on default configuration (no webmanagement).
Enabled HTTPS on default configuration (webmanagement ssl) using the installed self-signed certificate.
Switch will redirect all HTTP request (including REST) to HTTPS, when HTTP is disabled and HTTPS is enabled
Strange "improvement" but ok, maybe we hit here something.
Original Message:
Sent: 5/24/2023 5:54:00 PM
From: Troy Jollimore
Subject: RE: Aruba 2930F... Need To Disable Telnet
Yeah, my Google-fu brought that one up as well, and I am just as confused as to where they're referring to. Couldn't find anything like 'System Information' at all. But that did get me thinking... So I went in and used the 'Old' GUI. There wasn't anything there, but I'd noticed the 'Step-by-Step' setup guide earlier. I put that into 'Advanced' mode and there they were! Checkboxes for the various access options!
So, I unchecked 'Telnet' and clicked the Save button... Then exited that menu. Then went back in... and the change refuses to save... I think I'll try again tomorrow, before I force the update through with a baseball bat! LOL... The switch is mission critical, so I won't be able to update the firmware for a bit. Might just take it up to 16.11...
Original Message:
Sent: May 24, 2023 05:40 PM
From: mkk
Subject: Aruba 2930F... Need To Disable Telnet
Maybe try this from this cli "menu".
Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1. System Information
Original Message:
Sent: 5/24/2023 5:30:00 PM
From: parnassus
Subject: RE: Aruba 2930F... Need To Disable Telnet
100% is "no telnet-server" in config mode
Original Message:
Sent: 5/24/2023 5:11:00 PM
From: Troy Jollimore
Subject: RE: Aruba 2930F... Need To Disable Telnet
Didn't think it would be THAT easy, did you?
Aruba Switch (config)# no telnet-server
Invalid input: telnet-server
Aruba Switch (config)# no telnet server
Invalid input: telnet
Aruba Switch (config)# telnet server ?
enable Enable the telnet server on the switch
Original Message:
Sent: May 24, 2023 05:03 PM
From: mkk
Subject: Aruba 2930F... Need To Disable Telnet
The command to disable Telnet is as follows
Switch(config)# no telnet-server
------------------------------
Marcel Koedijk | MVP Expert 2023 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
Original Message:
Sent: May 24, 2023 04:47 PM
From: Troy Jollimore
Subject: Aruba 2930F... Need To Disable Telnet
I've been told by a security auditor that I need to disable Telnet on a 2930F switch. Well, pooey on them, because it's enabled on TWO switches! Port scan shows 22,23, and 80 all open.
The problem is, I can't even find out where it's enabled, let alone disabled. There are no indications either way, and the 'Telnet Server Enable' command isn't in the config files.. These are managed by Aruba Central, and a Telnet session is active for 'SuperUser' on the switches... but I can't find anything there to try disabling it, either. Most commands I try are met with an 'Incorrect Command' or 'Syntax not Recognized' type response. Any ideas?