DHCP will not assign IP to iDrac
-
@krieger said in DHCP will not assign IP to iDrac:
pfsense lan and iDrac being on the same interface
Huh?
https://www.dell.com/support/manuals/en-us/poweredge-r320/r320ownersmanual/technical-specifications?guid=guid-94ca846e-ec6f-4b2f-a3de-dd38f8722fad&lang=en-us
How about you post a picture of what you think is your idrac interface.
-
@johnpoz I currently do not have a dedicated idrac card. You need an iDrac enterprise license and the dedicated card in order to use item 3 in the picture. With iDrac express, it communicates on one of the ports in item 7. This is why you see (optional).
You can read the difference between iDrac express and enterprise here: https://kb.netapp.com/Advice_and_Troubleshooting/Flash_Storage/SF_Series/What_is_the_difference_between_iDRAC_Express_and_iDRAC_Enterprise_and_how_to_configure%3F
You can see there is no dedicated idrac card in this picture.
-
@krieger said in DHCP will not assign IP to iDrac:
I'm going to try the MAC-IP bind, that might help.
you said (above) you see the MAC address of iDrac
+++edit:
plenty of servers work so that the IPMI is either redirected to a dedicated interface or LOM...
ergo shouldn't be a problem if you have IPMI on LAN as well++edit2:
by the way, I remember from my Dell era that both the express and enterprise versions require an iDrac card
the difference is that the enterprise ver. requires a license and has a dedicated port... (MGMT) like Cisco UCS series
the express version does not have a dedicated port so it communicates through LOMsorry
https://www.ebay.com/itm/New-Dell-2827M-Remote-Access-Card-iDRAC7-Express-R320-R420-R520-T320-T420-81RK6-/301089149895
-
@daddygo Here is the mac address as can be seen on my unifi controller dashboad. Switch 24 port 11 is the same port on the switch as my pfsense lan.
As you can see it does not have an IP.
Here are the iDrac settings. The MAC as shown in iDrac is the same as the MAC shown in unifi. As you can see, DHCP is enabled.
Here is what I could find in logs. The MAC address in the logs is slightly different. Instead of 90:B1:1C:46:99:EB, it is 90:B1:1C:46:99:EA
-
So you have pfsense running on this nic as VM? What I would do is make sure drac is using the other port of the nic. Which is odd that you show nic lom2 selected but it says lom1 ins active?
But if you put your drac on the other physical port.. Than what your pfsense is using then dhcp should work.
And yes the mac of the drac would have to be different than just the nic mac..
-
@johnpoz Pfsense is on bare metal. There are only 2 nics on this machine right now. bge0(LOM1) is WAN. bge1(LOM2) is LAN. If I assign iDrac to LOM1(bge0) then I will be exposing it on my WAN, no bueno.
-
@krieger said in DHCP will not assign IP to iDrac:
Here is the mac address as can be seen on my unifi controller dashboad. Switch 24 port 11 is the same port on the switch as my pfsense lan.
MAC addresses are thus normal on the same port -:EA for LAN and :EB for BMC (small difference)
because the DHCP server is running on this physical port (LAN), pfSense cannot assign itself an IP address to a BMC (IPMI) on the same physical port, -since there are two MACs on one physical portset a dedicated IP to the BMC, with setup iDrac F2
(the LAN port on pfSense is upstream when viewed from the switch - that is why UNIFI sees the MAC address of the BMC - the opposite cannot be true)or but this is not a good solution (!) with the UNIFI DHCP server (if any... and L2+ or L3 capable the switch) assign only one IP to the BMC (in same range), but then you will have two servers on a subnet....
-I say not a good solution+++edit:
The BMC, IPMI, etc usually assume out-of-band solutions for security reasons!!!
-
@daddygo said in DHCP will not assign IP to iDrac:
The BMC, IPMI, etc usually assume out-of-band solutions for security reasons!!!
Exactly... Which is why if you do not have a dedicated port for this.. And your going to leverage one of the 2 ports you have.. Then 1 should be used for ipmi, and the other for whatever your normal traffic is on.
You would never put your ipmi stuff on the same network as normal devices.. This should be on your management vlan..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz said in DHCP will not assign IP to iDrac:
You would never put your ipmi stuff on the same network as normal devices..
Or on a separate internal network configured for MGMT (on different subnet), otherwise if someone penetrate into the LAN, from there is only one "spit" way to access network management
-
@johnpoz said in DHCP will not assign IP to iDrac:
Then 1 should be used for ipmi, and the other for whatever your normal traffic is on.
otherwise, this solution exists, called shared LOM
we use the Cisco UCS series this way, but the CIMC is on a VLAN - ALWAYS!!!
https://community.cisco.com/t5/unified-computing-system/ucs-cimc-shared-lom/td-p/1981952
and
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/sw/gui/config/guide/1-2-1/b_Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1/Cisco_UCS_C-Series_Servers_Integrated_Management_Controller_Configuration_Guide_1_2_1_chapter8.html
