Brocade Fibre Channel Networking Community

Expand all | Collapse all

Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

Jump to Best Answer
  • 1.  Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

    Posted 07-29-2014 08:25 AM

    IBM model :IBM Flex System FC5022 16Gb SAN Scalable Switches

    or

    Brocade model : Brocade 6547 Switch Module

      When I try to reach my switch with firefox with the adress http://x.x.x.x

     

    I got this message :

     

    Interface disabled This Interface (ADRESS IP OF MY PC) has been blocked by the administrator.

     

    How can I disable the HTTPS? because with my BNA I cannot add it all my switches is http...

     

    thank you

     

     


    #FC5022
    #http
    #BrocadeFibreChannelNetworkingCommunity
    #ibm
    #PureFlex
    #https
    #6547


  • 2.  Re: Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

    Posted 07-29-2014 10:58 PM

    Hi,

     

    It looks to me as if the HTTP port 80 had been blocked within the active ipfilter policy. Please, take a look at the Active IP filter policy with command

     

    ipfilter --show

     

    And if access to port 80 is denied, change the policy. Try this first, and if does not work will try to figure out what else we could do.

     

    rgds,

    Felipon

     

     


    #BrocadeFibreChannelNetworkingCommunity
    #http


  • 3.  Re: Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

    Posted 07-30-2014 08:29 AM

    Yes is deny

    Name: default_ipv4, Type: ipv4, State: active
    Rule    Source IP                               Protocol   Dest Port   Action
    1     any                                            tcp       22     permit
    2     any                                            tcp       23       deny
    3     any                                            tcp      897     permit
    4     any                                            tcp      898     permit
    5     any                                            tcp      111     permit
    6     any                                            tcp       80       deny
    7     any                                            tcp      443     permit
    8     any                                            udp      161     permit
    9     any                                            udp      111     permit
    10    any                                            udp      123     permit
    11    any                                            tcp      600 - 1023     permit
    12    any                                            udp      600 - 1023     permit

    Name: default_ipv6, Type: ipv6, State: active
    Rule    Source IP                               Protocol   Dest Port   Action
    1     any                                            tcp       22     permit
    2     any                                            tcp       23       deny
    3     any                                            tcp      897     permit
    4     any                                            tcp      898     permit
    5     any                                            tcp      111     permit
    6     any                                            tcp       80       deny
    7     any                                            tcp      443     permit
    8     any                                            udp      161     permit
    9     any                                            udp      111     permit
    10    any                                            udp      123     permit
    11    any                                            tcp      600 - 1023     permit
    12    any                                            udp      600 - 1023     permit



    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

    Posted 07-31-2014 12:01 AM

    Hi,

     

    then, you have to permit it. Please, try the following:

     

    1.- Delete the rule that denies access to HTTP:

     

    ipfilter --delrule default_ipv4 -rule 6

     

    2.- Add a new rule that permits the HTTP access:

     

    ipfilter --addrule default_ipv4 -rule 6 -sip any -dp 80 -proto tcp -act permit

     

     

    Let us know how it goes.

    Rgds,

    Felipon


    #ipfilter
    #http
    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP

    Posted 07-31-2014 05:52 AM

    SWITCH:root> ipfilter --delrule default_ipv4 -rule 6
    Not allowed to change default policies
    SWITCH:root> ipfilter --addrule default_ipv4 -rule 6 -sip any -dp 80 -proto tcp -act permit
    Not allowed to change default policies

     

    ...


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: Switch FC5022 : Interface disabled HTTP, I need to acces it with HTTP
    Best Answer

    Posted 07-31-2014 06:52 AM

    Hi Felipon,

    thank you for your Help! I got help from a guru of Brocade and He found this solution :

    ipfilter --clone ipv4 -from default_ipv4
    ipfilter --delrule ipv4 -rule 6
    ipfilter --addrule ipv4 -rule 6 -sip any -dp 80 -proto tcp -act permit
    ipfilter --save ipv4
    ipfilter --show
    ipfilter --activate ipv4


    #BrocadeFibreChannelNetworkingCommunity