Tripp Lite B092-016

To Next Page

To Previous Page

233

Chapter 15: Advanced Conﬁguration

-H <address> RemoteserveraddresscanbeanIPaddressorhostname.Thisoptionisrequiredforlan and lanplus

interfaces.

-I <interface> SelectsIPMIinterfacetouse.Supportedinterfacesthatarecompiledinandvisibleintheusagehelp

output.

-L <privlvl> Forcesessionprivilegelevel.CanbeCALLBACK,USER,OPERATOR,ADMIN.DefaultisADMIN.

-m <local_address> SetthelocalIPMBaddress.Thedefaultis0x20andthereshouldbenoneedtochangeitfornormal

operation.

-o <oemtype> SelectOEMtypetosupport.Thisusuallyinvolvesminorhacksinplaceinthecodetoworkaround

quirksinvariousBMCsfromvariousmanufacturers.Use-o listtoseealistofcurrentsupportedOEM

types.

-p <port> RemoteserverUDPporttoconnectto.Defaultis623.

-P <password> Remoteserverpasswordisspeciedonthecommandline.Ifsupported,itwillbeobscuredinthe

process list. Note! Specifying the password as a command line option is not recommended.

-t <target_address> BridgeIPMIrequeststotheremotetargetaddress.

-U <username> Remoteserverusername,defaultisNULLuser.

-v Increase verbose output level. This option may be speciﬁed multiple times to increase the level of

debugoutput.Ifgiventhreetimes,youwillgethexdumpsofallincomingandoutgoingpackets.

-V Displayversioninformation.

Ifnopasswordmethodisspecied,thenipmitoolwillprompttheuserforapassword.Ifnopasswordisenteredattheprompt,

theremoteserverpasswordwilldefaulttoNULL.

SECURITY

The ipmitooldocumentationhighlightsthatthereareseveralsecurityissuestobeconsideredbeforeenablingtheIPMILAN

interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform

information.Toreducevulnerability,itisstronglyadvisedthattheIPMILANinterfaceonlybeenabledin'trusted'environments

where system security is not an issue or where there is a dedicated secure 'management network' or access has been provided

through an Console Server.

Further,itisstronglyadvisedthatyoushouldnotenableIPMIforremoteaccesswithoutsettingapassword,andthatthe

password should not be the same as any other password on that system.

When an IPMI password is changed on a remote machine with the IPMIv1.5 laninterface,thenewpasswordissentacrossthe

network as clear text. This could be observed and then used to attack the remote system. It is thus recommended that IPMI

password management only be done over IPMIv2.0 lanplus interface or the system interface on the local station.

ForIPMIv1.5,themaximumpasswordlengthis16characters.Passwordslongerthan16characterswillbetruncated.

ForIPMIv2.0,themaximumpasswordlengthis20characters;longerpasswordsaretruncated.

Tripp Lite B092-016 - Page 233