TIP: If you have an IPMI motherboard and constantly pull an internal IP on WAN
-
This post is deleted! -
@SunCatalyst:
i work in one of the top 100 corporations in america. we test more servers in a year (and crush 99% of them) than most people will ever see in there complete lifetime. all of the stuff we test is all Xeon based servers from many manufacturers.
apparently you didnt read "bios bug OR a configuration error". could be EITHER or BOTH. if you dont know what your doing with IPMI and dont
RTFM , then its your own fault.'nuff said.
Good for you, but none of that changes the fact that the ability to failover to the LOM ports is a feature that is commonly (and very intentionally) offered by current IPMI implementations, not some kind of "bios bug" nor something that only happens accidentally when you mess up your configuration. Now, obviously the OP wasn't aware that this particular feature was enabled by default on his board, and RTFM would have helped; however, it's just silly to claim that no IPMI implementation would ever behave this way in normal operation.
-
this took a year to bite me! I've been running pfsense on a C2558F for the last year with the igb0 interface attached to my cable modem. The other day I lost internet and couldn't figure out why only this interface couldn't get a real internet IP assigned. ipmi failover hit me today while listening to TechSNAP.
What a random turn of events, lol
-
But why on earth would anybody leave the IPMI port configured as DHCP?
If pfSense is the DHCP server, but it's not booted up yet, one might end up not being able to connect to IPMI either, since it's got no valid internal IP. In most cases just setting a normal internal IP address to IPMI, and connecting the port to a switch will save from situations like this… -
I leave all my IPMI ports configured to DHCP with no problems, yet. IPMI network config is very sticky, meaning, it will hang unto its DHCP settings until you completely disconnect all power to the motherboard. AFAIK, even the DHCP lease time expiring doesn't force IPMI to query the DHCP server.
I can have pfsense shutdown and still access the IPMI interface. However, I have yet to try disconnecting the power cord when my pfSense box is shutdown to see what happens when IPMI issue a DHCP request when power is restored.
-
And the "advantage" of this setup is exactly what? Prey that it doesn't break in the worst possible moment?
-
Yep, It solved the issue that pfSense won't get WAN IP address from my bridged cable modem (WAN was assigned to igb0) after a shut down. This problem was puzzled me for several days until I saw this post. and now it works. Thanks.
-
But why on earth would anybody leave the IPMI port configured as DHCP?
If pfSense is the DHCP server, but it's not booted up yet, one might end up not being able to connect to IPMI either, since it's got no valid internal IP. In most cases just setting a normal internal IP address to IPMI, and connecting the port to a switch will save from situations like this…This is exactly what I did when I put my system together. I set the bmc ip statically to get 192.168.1.2 and I have had no problems whatsoever.
-
But why on earth would anybody leave the IPMI port configured as DHCP?
I consider, any IPMI interface must have his own static IP address.
We have all connected to the management VLAN to get a dedicated contact. -
We have dozens of SuperMicro servers and they all do this by default, you must switch to only use the dedicated IPMI interface.
If you are using the nic in a virtualization environment, it will be wide open as well.
-
We have dozens of SuperMicro servers and they all do this by default, you must switch to only use the dedicated IPMI interface.
Yep, they do. On the ones we sell, as part of the installation process that "feature" gets disabled so it only uses the dedicated IPMI port. It wants to use what most people assign as the WAN port as its fallback, which is potentially a very serious security issue if we didn't configure it more sensibly.
-
Honestly, there are so many bugs/security issues with Supermicro's IPMI interfaces that I wanted to just disable them all anyway.
-
Honestly, there are so many bugs/security issues with Supermicro's IPMI interfaces that I wanted to just disable them all anyway.
In our company we had not only one times a problem with this boards or their IPMI LAN Port
and friends of mine connect them to Aten KVM Switches up to >100 devices with any kind of problem!For sure I will consider that this ports must be configured as well as all new boards are arriving.
-
@BlueKobold:
In our company we had not only one times a problem with this boards or their IPMI LAN Port
Maybe you just don't know about the problem.
https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_July_2014
https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013
