Here is a handy guide to help you enable and disable the SLP service on VMware ESXi. Our VMware Support team is here to lend a hand with your queries and issues.

How to disable/enable the SLP service on VMware ESXi

If are one of the unfortunate to have fallen victim to the recent attacks against ESXi servers, we have your back.

The new wave of attacks exploiting the VMware Bug has put everyone on alert. Our experts are here to help you out in this scenario.

While deploying the required patches is the best way to stay clear, our experts offer a temporary workaround solution. However, please note that this particular workaround only applies to ESXi. It should not be used with any other VMware products.

Furthermore, this specific workaround prevents CIM clients that rely on Service Location Protocol Daemon to find CIM servers via port 27 from locating the service. We do not need to reboot the ESXi host in order to disable or enable the service.

Now, let’s take a look at how we can disable the SLP service.

How to disable the SLP service

1. First, log in to the ESXi hosts via SSH.
2. Next, we have to stop the SLP service on the ESXi host. However, we cannot stop it, if the service is not in use. Hence, we have to use the following command to check the current operational status of the SLP service with this command:

   esxcli system slp stats get

   If SLP is in service, we can stop it with the following command:

   /etc/init.d/slpd stop
3. Then, we have to run this command to disable the SLP service:

   esxcli network firewall ruleset set -r CIMSLP -e 0

After the above steps, we can check if the change persists across reboots with this command: chkconfig slpd off

Furthermore, we can check if the modification is applied across reboots with this command: chkconfig --list | grep slpd

How to enable the SLP service

Similarly, we can enable the SLP service with these steps:

1. First, we have to run this command in order to enable the ruleset of the SLP service:

   esxcli network firewall ruleset set -r CIMSLP -e 1
2. Next, we have to change the current startup information of SLP service with this command:

   chkconfig slpd on
3. After that, we can check if the modification has been applied with this command:

   chkconfig --list | grep slpd
4. Then, we can start the SLP service as seen below:

   /etc/init.d/slpd start

Alternatively, we can accomplish this via the vCenter GUI with these steps:

1. First, log in to the vCenter and select ESXi host.
2. Then choose Services on the left side under Configure and look for SLP in the list.
3. In case SLP is missing, we can use the process detailed at the beginning of the article, else choose SLDP and click Stop. Then click Ok.
4. Next, choose Edit Startup Policy and click Start and stop with host before clicking Ok.
5. Finally, the SLP daemon is enabled.

We can also disable SLP via vCenter GUI.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

To sum up, our Support Techs demonstrated how to disable/enable the SLP service on VMware ESXi.