Data ONTAP Discussions

NetApp Cn1610 as common dataswitch?

I have used CN1610 switch.

Is it suitable for 10Gbps Ethernet switching purposes?

 

Thanks

5 REPLIES

Re: NetApp Cn1610 as common dataswitch?

The CN1610 is great at passing low latency traffic such as those required for cluster interconnect purposes, so it will also do a good job at other Layer2 activities.  We do this in the lab sometimes.  

 

Just be sure not to use the CN1610 for cluster interconnect and serving other types of data at the same time.  

 

Hadrian

 

 

CN1610 Cluster Switch and Nessus/IEM Scanning Issue

Running 1.2.0.7  RFC1.2       Serial Cable and Service Port are configured.  Nessus's updated plug-ins from the Security Team are now identifying the CN Switch.

I can not unplug all the Wrench cables (serviceports) because I'm remote from many of the Filers.

 

I would like to keep the current service port configurations (IP, Netmask, Gateway), but I just want to down the Service port from the Serial Console, so Nessus will no longer see the Service port as active.   I can always log in from the serial connections to "UP" the service port for future upgrades or patches.

 

What's the best way to just DOWN the service port but keep the IP configuration intack for it....?     Is this possible...?

 

serviceport protocol none   ??????

 

 

Thanks!

Mark

 

Re: CN1610 Cluster Switch and Nessus/IEM Scanning Issue

Best as I can tell, you can't disable the connectivity on the serviceport - my view is that you should lock your doors from the outside - turn off the port it uses on the upstream port.

 

But if you really wish to do it from the CN1610, "no serviceport ip" should do it - you might need to specify the IP configuration you wish to remove - I've never actually done this. "serviceport protocol none" just disables DHCP/BootP - if you're using them, you will also need to do that.

 

Hope this doesn't bite you one day!

 

 

Re: CN1610 Cluster Switch and Nessus/IEM Scanning Issue

I don't have control of the core switch and the management vLan, so I can't lock the port from the outside, so that's not an option.

 

"no serviceport ip"     ip is not a command      ipv6 is.     still running 1.2.0.7     maybe with 1.3.x.x the ip command is there, another upgrade.

Guess I need an option that is more like "config shutdown serviceport"  "configure startup serviceport".

 

The Security Team is driving us nuts with all these "false positives", and the constant undefined switch that Nessus reports back, Nessus needs to fix their plug-in.

In the meantime, I just want to leave the cable and shutdown the port without having to remember all the ip parameters every time.  Guess I'm back to "serviceport ip none".

atleast they can't scan the serial port.... so I have the CN Switch also plugged into an older Console Switch via Serial to allow me access to the CN.  too many workarounds......!

 

Thanks!

 

 

Re: CN1610 Cluster Switch and Nessus/IEM Scanning Issue

Unfortunately as this is a single purpose device, it doesn't have the full feature set you'd find on a general purpose switch, so I suspect it is not possible to actually disable the IP configuration on the serviceport. Maybe just set it to something fake instead.

Forums