Follow

Frequently Asked Questions: Setting Up IPMI

 

Frequently Asked Questions: Setting Up IPMI

  1. Q: What is IPMI?

    A: IPMI stands for Intelligent Platform Management Interface. It is in essence a web server that runs internally on your motherboard, powered by a separate chip known as the baseboard management controller (BMC). The BMCs in SuperMicro motherboards run a lightweight, proprietary build of Linux, and will operate independently from the OS.

  2. Q: Why should I use IPMI?

    A: IPMI replaces several existing monitoring utilities with a unified interface, and adds functionality that would normally require purchasing additional hardware. And because it operates independently from the OS, the features will usually be accessible even while the OS is hung or powered off.

    Common usage cases for IPMI include:

    • IP-based KVM Over LAN
        • Full keyboard, mouse, and video, as well as macros
        • Virtual storage capabilities, allowing remote boot from .iso files
        • Allows access to BIOS configuration and other pre-boot environments
    • IP-based Serial Over LAN
        • Full serial console to CLI-based operating systems
    • Web-based Administration
        • Sensor readings, power control, and event logging
        • SNMP and Active Directory integration available
    • CLI-based Administration
      • Sensor readings, power control, and event logging through SSH
      • Advanced scripting capabilities available with third-party utilities
  3. Q: I’m concerned about the security implications of a web server constantly running in the background by default. Can I turn it off? Can you advise best practices?

    A: IPMI is deeply integrated into the motherboard hardware, so there is no way to completely disable IPMI. The motherboard relies on the BMC for temperature monitoring, setting fan speeds, and logging serious hardware issues such as a faulty DIMM.

    The easiest way to limit access to IPMI is to isolate it from your production VLAN, or leave the Ethernet cables on the motherboard unplugged. Beyond that, you can also change the default password, add user accounts, and close off ports on the firewall. SuperMicro has provided their recommended best practices in the following document:

    BMC Security Best Practices

  4. Q: Which port do I plug in to allow external access to IPMI?

    A: IPMI will function over one of two ports on the motherboard integrated NIC, and utilizes a failover option to determine which interface it will use. The first port is the dedicated IPMI port, which usually sits by itself above a few USB ports on the motherboard. If this dedicated port is not plugged in, it fails over to the secondary port, known as LAN 1. The LAN 1 port sits to the bottom left of the 2-port or 4-port integrated motherboard NICs.

    Note that when IPMI is in the failover mode, it broadcasts two MAC addresses over the single LAN 1 port. You can change this behavior by logging into the IPMI web interface, where you can select a single interface to use for IPMI regardless of which port is plugged in.

  5. Q: How do I know if IPMI is working?

    A: Most motherboards have an IPMI heartbeat LED that blinks slowly after IPMI has initialized. Other than that, the interface should respond to pings, and will have HTTP and HTTPS web interfaces running on ports 80 and 443 by default.

    If you receive any errors during POST regarding IPMI initialization failure, contact Support immediately.

  6. Q: How can I check the IP address that IPMI is using?

    A: The motherboard will list the IP address in the BIOS, usually under IPMI > Set LAN Configuration. By default we leave DHCP turned off and set 0.0.0.0 as the static IP before shipping, for security reasons. This can be changed from the BIOS as well, or you can change the settings from your operating system.

    To check IP addressing for IPMI from within your operating system, you can use IPMICFG from SuperMicro. Download it here:

    ftp://ftp.supermicro.com/utility/IPMICFG/

    Then run the following command:

    ipmicfg -m

    Additional commands for setting an IP address manually are available in the included user guide in the download.

    If running Linux or UNIX with ipmitool installed, you can also check IP address settings with the following command:

    ipmitool lan print

  7. Q: What is the default username and password for IPMI?

    A: Both the username and password are “ADMIN”, case-sensitive.

  8. Q: What are the currently available utilities for managing SuperMicro IPMI?

    A: The web interface does not require additional software, so it is always available as soon as you plug in power and network to the system. Other utilities can be either graphical or command line based, and the requirements and capabilities can vary greatly. For recommendations on how best to utilize IPMI in your infrastructure, you should contact your Sales representative.

  9. Q: Does IPMI support SNMP?

    A: Yes, and some applications, such as Nagios, also offer SuperMicro specific plugins for common hardware details.

  10. Q: I can’t seem to get a connection to IPMI, regardless of the IP address settings being used. Do I need to open certain ports on my firewall?

    A: IPMI needs additional ports opened to access various services. The ports will vary depending on your motherboard’s BMC hardware.

    For WPCM450 and AST2400 BMC:

    • HTTP: 80 (TCP)
    • HTTPS: 443 (TCP)
    • IPMI/RCMP: 623 (UDP) *SMC Crash Dump Utility requires this port
    • Remote console: 5900/5901 (TCP)
    • Virtual media: 623 (TCP)
    • SMASH: 22 (TCP)
    • WS-MAN: 8889 (TCP)

    For SH7757 and SH7758 BMC:

    • IPMI/RCMP: 623 (UDP) *SMC Crash Dump Utility requires this port
    • Non-SSL ports:
      • HTTP: 80 (TCP)
      • KVM: 7578 (TCP)
      • CD Media: 5120 (TCP)
      • FD Media: 5122 (TCP)
      • HD Media: 5123 (TCP)
      • Telnet: Port 23 (TCP)
    • SSL ports:
      • Web: 443 (TCP)
      • KVM: 7582 (TCP)
      • CD Media: 5124 (TCP)
      • FD Media: 5126 (TCP)
      • HD Media: 5127 (TCP)
      • SSH: Port 22 (TCP

 

 

 

 

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk