Frequently Asked Questions

« Previous
How do I change the Mac computer name, host name and NetBIOS-name?
Next »
How does the reinstallation of Windows computers work at BMC-IT?

windows ubuntu macos xibo network zenworks android storage



33. How do I configure IPMI for remote management?

See also: Who is responsible for the network in the BMC server room?

It is generally recommended to not expose the management interface for servers to the Internet. Not only does some computers come pre-configured with a default login and password, but the embedded software may have vulnerabilities that are not patched as fast as normal operating systems or in some cases are not patched at all.

Most servers with IPMI can change the IPMI out-of-band communication to go via a dedicated network. This is usually done in BIOS. Use a dedicated network or dedicated VLAN for this. In order to not let the servers expose them selves to each other use the Private VLAN (protected ports) feature in the switches. Read about Private VLAN in Wikipedia.

This is how to get the current settings in Linux:

ipmitool lan print

Change to using DHCP instead of Static:

ipmitool lan set 1 ipsrc dhcp

Setting the LAN MAC Address:

ipmitool lan set 1 macaddr 00:25:90:12:34:56

Supermicro

Some Supermicro servers come pre-configured with failover IPMI meaning that the out-of-band communication for IPMI will share the same network connection as the server is normally using.

This is quite unsafe and will expose IPMI with default login and password via the normal network. This can be changed when running with these commands in Linux:

Dedicated:

ipmitool raw 0x30 0x70 0x0c 0x01 0x00

Shared with LAN1:

ipmitool raw 0x30 0x70 0x0c 0x01 0x01

Failover:

ipmitool raw 0x30 0x70 0x0c 0x01 0x02

Even with correct router filters the management interface is not protected from traffic originating in the same VLAN. I addition to router filters blocking all traffic (except to clients using the management console) also set up local firewall in the management interface, for example by following these instructions.


 

This entry ipmi was last modified 2018-03-20

   

This documentation is covered by GNU Free Documentation License.