DHCP will not assign IP to iDrac

Krieger · Jan 17, 2021, 4:21 AM

Hey all,

Just got my first pfsense router up and running. It is on a dell r320. The way I have it set up is WAN is on bge0, and lan is on bge1. The idrac for this machine is on bge1 as well, so LAN side, not WAN side.

I also have a unifi switch, and in the unifi controller I can see the mac address of the idrac, but there is no IP associated. If I set a static IP for the idrac, it will appear briefly in the unifi controller, and then disappear. My other two servers (r720, r720xd) both have DHCP assigned idrac and they work fine.

I'm not sure if there is something that needs to be tweaked so I can get a DHCP lease for the idrac on the same adapter as LAN. I read that sometimes there are loopback problems. However, my friend just set up an identical server (r320) and has not encountered the same problem.

Any idea where I can start with this?

Thanks

DaddyGo · Jan 17, 2021, 4:30 PM

@krieger said in DHCP will not assign IP to iDrac:

I'm not sure if there is something that needs to be tweaked so I can get a DHCP lease for the idrac on the same adapter as LAN.

Hi,

if you have configured the iDrac network (POST + F2), you should get an IP from the LAN DHCP server without any problems

https://www.dell.com/support/kbdoc/en-us/000176998/configuring-initial-idrac7-network-settings?lwp=rt

BTW:
what does the DHCP log show?

+++edit:

try this too:

MAC - IP bind (MAC iDrac + pfSense LAN DHCP static mappings)

and could be a packet capture on the LAN - UDP 67

Krieger · Jan 17, 2021, 4:30 PM

@daddygo iDrac is set for DHCP, it does not get an IP. Shows as 0.0.0.0. I'm going to try the MAC-IP bind, that might help.

johnpoz · Jan 17, 2021, 4:32 PM

Do you see pfsense seeing a discover for it.. Can not assign an IP if does not see a discover.. This would be in the dhcpd log on pfsense.

Setting a reservation isn't going to do anything - if pfsense never sees the discover.

Krieger · Jan 17, 2021, 5:31 PM

@johnpoz It does not see the discover. I think the issue is coming from pfsense lan and iDrac being on the same interface seeing as I don't have a dedicated card. Not sure why this is happening though seeing as my buddy has an identical setup (same server, cpu, ram, install, etc.) and he doesn't have an issue.

johnpoz · Jan 17, 2021, 6:05 PM

@krieger said in DHCP will not assign IP to iDrac:

pfsense lan and iDrac being on the same interface

Huh?

https://www.dell.com/support/manuals/en-us/poweredge-r320/r320ownersmanual/technical-specifications?guid=guid-94ca846e-ec6f-4b2f-a3de-dd38f8722fad&lang=en-us

login-to-view

How about you post a picture of what you think is your idrac interface.

login-to-view

Krieger · Jan 17, 2021, 6:24 PM

@johnpoz I currently do not have a dedicated idrac card. You need an iDrac enterprise license and the dedicated card in order to use item 3 in the picture. With iDrac express, it communicates on one of the ports in item 7. This is why you see (optional).

You can read the difference between iDrac express and enterprise here: https://kb.netapp.com/Advice_and_Troubleshooting/Flash_Storage/SF_Series/What_is_the_difference_between_iDRAC_Express_and_iDRAC_Enterprise_and_how_to_configure%3F

You can see there is no dedicated idrac card in this picture.

login-to-view

DaddyGo · Jan 17, 2021, 7:12 PM

@krieger said in DHCP will not assign IP to iDrac:

I'm going to try the MAC-IP bind, that might help.

you said (above) you see the MAC address of iDrac

+++edit:
plenty of servers work so that the IPMI is either redirected to a dedicated interface or LOM...
ergo shouldn't be a problem if you have IPMI on LAN as well

++edit2:

by the way, I remember from my Dell era that both the express and enterprise versions require an iDrac card

the difference is that the enterprise ver. requires a license and has a dedicated port... (MGMT) like Cisco UCS series

~~the express version does not have a dedicated port so it communicates through LOM~~

sorry

https://www.ebay.com/itm/New-Dell-2827M-Remote-Access-Card-iDRAC7-Express-R320-R420-R520-T320-T420-81RK6-/301089149895

login-to-view

Krieger · Jan 17, 2021, 7:29 PM

@daddygo Here is the mac address as can be seen on my unifi controller dashboad. Switch 24 port 11 is the same port on the switch as my pfsense lan.

login-to-view

As you can see it does not have an IP.

Here are the iDrac settings. The MAC as shown in iDrac is the same as the MAC shown in unifi. As you can see, DHCP is enabled.

login-to-view

Here is what I could find in logs. The MAC address in the logs is slightly different. Instead of 90:B1:1C:46:99:EB, it is 90:B1:1C:46:99:EA

login-to-view

johnpoz · Jan 17, 2021, 7:44 PM

So you have pfsense running on this nic as VM? What I would do is make sure drac is using the other port of the nic. Which is odd that you show nic lom2 selected but it says lom1 ins active?

But if you put your drac on the other physical port.. Than what your pfsense is using then dhcp should work.

And yes the mac of the drac would have to be different than just the nic mac..

Krieger · Jan 17, 2021, 7:47 PM

@johnpoz Pfsense is on bare metal. There are only 2 nics on this machine right now. bge0(LOM1) is WAN. bge1(LOM2) is LAN. If I assign iDrac to LOM1(bge0) then I will be exposing it on my WAN, no bueno.

DaddyGo · Jan 19, 2021, 4:07 PM

@krieger said in DHCP will not assign IP to iDrac:

Here is the mac address as can be seen on my unifi controller dashboad. Switch 24 port 11 is the same port on the switch as my pfsense lan.

MAC addresses are thus normal on the same port -:EA for LAN and :EB for BMC (small difference)
because the DHCP server is running on this physical port (LAN), pfSense cannot assign itself an IP address to a BMC (IPMI) on the same physical port, -since there are two MACs on one physical port

set a dedicated IP to the BMC, with setup iDrac F2
(the LAN port on pfSense is upstream when viewed from the switch - that is why UNIFI sees the MAC address of the BMC - the opposite cannot be true)

or but this is not a good solution (!) with the UNIFI DHCP server (if any... and L2+ or L3 capable the switch) assign only one IP to the BMC (in same range), but then you will have two servers on a subnet....
-I say not a good solution

+++edit:

The BMC, IPMI, etc usually assume out-of-band solutions for security reasons!!!

johnpoz · Jan 19, 2021, 4:31 PM

@daddygo said in DHCP will not assign IP to iDrac:

The BMC, IPMI, etc usually assume out-of-band solutions for security reasons!!!

Exactly... Which is why if you do not have a dedicated port for this.. And your going to leverage one of the 2 ports you have.. Then 1 should be used for ipmi, and the other for whatever your normal traffic is on.

You would never put your ipmi stuff on the same network as normal devices.. This should be on your management vlan..

DaddyGo · Jan 19, 2021, 4:39 PM

@johnpoz said in DHCP will not assign IP to iDrac:

You would never put your ipmi stuff on the same network as normal devices..

Or on a separate internal network configured for MGMT (on different subnet), otherwise if someone penetrate into the LAN, from there is only one "spit" way to access network management

DaddyGo · Jan 19, 2021, 4:48 PM

@johnpoz said in DHCP will not assign IP to iDrac:

Then 1 should be used for ipmi, and the other for whatever your normal traffic is on.

otherwise, this solution exists, called shared LOM

we use the Cisco UCS series this way, but the CIMC is on a VLAN - ALWAYS!!!

https://community.cisco.com/t5/unified-computing-system/ucs-cimc-shared-lom/td-p/1981952

and

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/gui/config/guide/1-2-1/b_Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1/Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1_chapter8.html