6.7.1. Procedure – Configuring the IPMI interface from the console

Purpose: 

To modify the network configuration of IPMI from the console of PSM, complete the following steps.

Prerequisites: 

PSM is accessible using the IPMI interface only if the IPMI interface is physically connected to the network. For details on connecting the IPMI interface, see Procedure 3.1, Installing the PSM hardware in The Balabit’s Privileged Session Management, Shell Control Box 5 F3 Installation Guide.

Warning

IPMI searches for available network interfaces during boot. Make sure that IPMI is connected to the network through the dedicated Ethernet interface before PSM is powered on.

It is not necessary for the IPMI interface to be accessible from the Internet, but the administrator of PSM must be able to access it for support and troubleshooting purposes in case vendor support is needed. The following ports are used by the IPMI interface:

  • Port 623 (UDP): IPMI (cannot be changed)

  • Port 5123 (UDP): floppy (cannot be changed)

  • Port 5901 (TCP): video display (configurable)

  • Port 5900 (TCP): HID (configurable)

  • Port 5120 (TCP): CD (configurable)

  • Port 80 (TCP): HTTP (configurable)

Steps: 

  1. Use the local console (or SSH) to log in to PSM as root.

  2. Choose Shells > Boot shell.

  3. Check the network configuration of the interface:

    # ipmitool lan print

    This guide assumes that channel 1 is used for LAN. If your setup differs, adjust the following commands accordingly.

  4. Configure the interface. You can use DHCP or configure a static IP address manually.

    Use an IPv4 address.

    • To use DHCP, enter the following command:

      # ipmitool lan set 1 ipsrc dhcp

    • To use static IP, enter the following command:

      # ipmitool lan set 1 ipsrc static

      Set the IP address:

      # ipmitool lan set 1 ipaddr <IPMI-IP>

      Set the netmask:

      # ipmitool lan set 1 netmask <IPMI-netmask>

      Set the IP address of the default gateway:

      # ipmitool lan set 1 defgw ipaddr <gateway-IP>

  5. Configure IPMI to use the dedicated Ethernet interface.

    • On the N1000, T1, T4, and T10 appliances, issue the following command:

      # ipmitool raw 0x30 0x70 0xc 1 0

    • On the 1000d, and 10000 appliances, issue the following command:

      # ipmitool raw 0x30 0x70 0xc 1 1 0

  6. Verify the network configuration of IPMI:

    # ipmitool lan print 1

    Use a browser to connect to the reported network address.

  7. Change the default password:

    1. Log in to the IPMI web interface using the default login credentials (username: ADMIN, password: ADMIN or changeme, depending on your hardware).

      Note

      The login credentials are case sensitive.

    2. Navigate to Configure > Users.

    3. Select ADMIN, and choose Modify User.

    4. Change the password, and save the changes with Modify.