TIP: If you have an IPMI motherboard and constantly pull an internal IP on WAN
-
I leave all my IPMI ports configured to DHCP with no problems, yet. IPMI network config is very sticky, meaning, it will hang unto its DHCP settings until you completely disconnect all power to the motherboard. AFAIK, even the DHCP lease time expiring doesn't force IPMI to query the DHCP server.
I can have pfsense shutdown and still access the IPMI interface. However, I have yet to try disconnecting the power cord when my pfSense box is shutdown to see what happens when IPMI issue a DHCP request when power is restored.
-
And the "advantage" of this setup is exactly what? Prey that it doesn't break in the worst possible moment?
-
Yep, It solved the issue that pfSense won't get WAN IP address from my bridged cable modem (WAN was assigned to igb0) after a shut down. This problem was puzzled me for several days until I saw this post. and now it works. Thanks.
-
But why on earth would anybody leave the IPMI port configured as DHCP?
If pfSense is the DHCP server, but it's not booted up yet, one might end up not being able to connect to IPMI either, since it's got no valid internal IP. In most cases just setting a normal internal IP address to IPMI, and connecting the port to a switch will save from situations like this…This is exactly what I did when I put my system together. I set the bmc ip statically to get 192.168.1.2 and I have had no problems whatsoever.
-
But why on earth would anybody leave the IPMI port configured as DHCP?
I consider, any IPMI interface must have his own static IP address.
We have all connected to the management VLAN to get a dedicated contact. -
We have dozens of SuperMicro servers and they all do this by default, you must switch to only use the dedicated IPMI interface.
If you are using the nic in a virtualization environment, it will be wide open as well.
-
We have dozens of SuperMicro servers and they all do this by default, you must switch to only use the dedicated IPMI interface.
Yep, they do. On the ones we sell, as part of the installation process that "feature" gets disabled so it only uses the dedicated IPMI port. It wants to use what most people assign as the WAN port as its fallback, which is potentially a very serious security issue if we didn't configure it more sensibly.
-
Honestly, there are so many bugs/security issues with Supermicro's IPMI interfaces that I wanted to just disable them all anyway.
-
Honestly, there are so many bugs/security issues with Supermicro's IPMI interfaces that I wanted to just disable them all anyway.
In our company we had not only one times a problem with this boards or their IPMI LAN Port
and friends of mine connect them to Aten KVM Switches up to >100 devices with any kind of problem!For sure I will consider that this ports must be configured as well as all new boards are arriving.
-
@BlueKobold:
In our company we had not only one times a problem with this boards or their IPMI LAN Port
Maybe you just don't know about the problem.
https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_July_2014
https://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Security_Updates_November_2013