本文详细介绍了如何使用IPMITool命令配置BMC(Baseboard Management Controller),包括设置用户ID、密码、通道权限、LAN参数等,以增强BMC的安全性和适应特定环境需求。
1. ipmitool命令配置
The BMC can be configured to support multiple users and passwords for all channels except the Open channel. Typically the same user and same password should work for all the BMC channels. Instructions to set up password control for other channels are not included here as they are less commonly used. The instructions in this section are for LAN channel only.
User IDs and privilege levels are unique for each channel. To see the current user IDs in use and related information for the LAN channel (0x1):
# ipmitool user list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 USERID true false true ADMINISTRATORNote that on all IBM BMCs, the default userid 2 is USERID with a password of PASSW0RD with a zero (0) instead of an O.
To change the name of userid 2 do the following:
# ipmitool user set name 2 <New User ID>Set a new password for userid 2:
# ipmitool user set password 2 ipmitool user set password 2 <New Password>You can also use a null user for anonymous login. Change the password for the null user (userid 1) on the LAN channel:
# ipmitool lan set 1 password <New Password>You can see the users you have set up and find the new name (user ID) for userid 2 user. The null user is not listed using this command when it is disabled in the BMC BIOS settings:
# ipmitool user list 1Now that you have the users configured, set up the BMC LAN channel parameters to secure it for your situation by setting its IP address, netmask, and snmp public community string:
# ipmitool lan set 1 ipaddr <Your IP address for the BMC>
# ipmitool lan set 1 netmask <Your Subnet Mask>
# ipmitool lan set 1 snmp <Your SNMP>There may be other LAN parameters you want to set. You can use the help to see the possibilities:
# ipmitool lan set helpCheck your LAN parameter settings with the following command. This shows output from the test environment:
# ipmitool lan print
Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback :
: User : MD2 MD5 PASSWORD
: Operator : MD2 MD5 PASSWORD
: Admin : MD2 MD5 PASSWORD
: OEM :
IP Address Source : BIOS Assigned Address
IP Address : 192.168.0.3
Subnet Mask : 255.255.255.0
MAC Address : 00:14:5e:1b:c6:c1
SNMP Community String : public
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 2.0 seconds
Default Gateway IP : 192.168.0.1
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
Cipher Suite Priv Max : aaaaaaaaaaaaaaa
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
扫一扫
3万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
