ipmi - can't ping or remotely connect

Question

I've tried configuring the IPMI controller to accept remote connections, but I can't even ping it.

Here is its status:

#/usr/local/bin/ipmitool lan print 2

Set in Progress         : Set Complete
Auth Type Support       : NONE PASSWORD
Auth Type Enable        : Callback :
                        : User     : NONE PASSWORD
                        : Operator : PASSWORD
                        : Admin    : PASSWORD
                        : OEM      :
IP Address Source       : Static Address
IP Address              : 192.168.1.112
Subnet Mask             : 255.255.255.0
MAC Address             : 00:a0:a5:67:45:25
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Enabled
Gratituous ARP Intrvl   : 8.0 seconds
Default Gateway IP      : 192.168.1.1
Default Gateway MAC     : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3
Cipher Suite Priv Max   : uaaaXXXXXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM

# /usr/local/bin/ipmitool user list 2

ID  Name             Enabled Callin  Link Auth  IPMI Msg   Channel Priv Limit
1                    true    false   true       true       USER
2   admin            true    false   true       true       ADMINISTRATOR

# /usr/local/bin/ipmitool channel getaccess 2 2
Maximum User IDs     : 5
Enabled User IDs     : 2

User ID              : 2
User Name            : admin
Fixed Name           : No
Access Available     : callback
Link Authentication  : enabled
IPMI Messaging       : enabled
Privilege Level      : ADMINISTRATOR

# /usr/local/bin/ipmitool channel info 2
Channel 0x2 info:
  Channel Medium Type   : 802.3 LAN
  Channel Protocol Type : IPMB-1.0
  Session Support       : multi-session
  Active Session Count  : 0
  Protocol Vendor ID    : 7154
  Volatile(active) Settings
    Alerting            : disabled
    Per-message Auth    : disabled
    User Level Auth     : disabled
    Access Mode         : always available
  Non-Volatile Settings
    Alerting            : disabled
    Per-message Auth    : disabled
    User Level Auth     : disabled
    Access Mode         : always available

# /usr/local/bin/ipmitool chassis status
System Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : unknown
Last Power Event     :
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false

# arp
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.112            ether   00:A0:A5:67:45:25   C                     bond0

# /usr/local/bin/ipmitool -I lan -H 192.168.1.112 -U admin -P admin chassis power status
Error: Unable to establish LAN session
Unable to get Chassis Power Status

In summary. It exists on the ARP list so arp's are being broadcast. I can't ping it and can't connect to it. Can anyone spot any glaring mistakes in the configuration?

Many thanks, Fidel

Is that machine on the internet? Brutally speaking: Fix your routing. This is a private IP - could well be the problem. — TomTom, Sep 04 '12 at 19:35
Thanks Tom, the machine is on a local lan. The ipmi queries and commands will also come from the local lan. Cheers — Fidel, Sep 05 '12 at 07:51
Fidel, does your IPMI has a separate NIC interface or share it? — Serhiy, Sep 06 '12 at 20:17
To expand on Serhiy's comment: if it a shared NIC then ipmitool cannot be run on the the server itself. You must run it from a remote server. — Mark Wagner, Sep 06 '12 at 20:49
Thanks Serhiy, Mark. I have tried from another server and still get the same issue. I can see the IPMI machine in the arp table but still can't ping or connect. This is the info from the manual: "The CP6014 provides IPMI Over LAN support over the 2 Ethernet connections of the backplane PICMG 2.16 interface. The 82571EB chip connected to the backplane PICMG 2.16 interface is also connected to the IPMC. The IPMI Over LAN solution is compatible with the IPMI 1.5 and IPMI 2.0 specification and support both RMCP and RMCP+ payload type.". Cheers, — Fidel, Sep 07 '12 at 07:56
Can you post a packet dump while you try to ping it and ipmiping it? — MikeyB, Sep 07 '12 at 14:02
When I use 'tcpdump icmp' I can see the requests but no replies. This is from either the local computer or the remote computer. As for ipmitool, unfortunately I can't install it because one of its dependencies (libgcrypt) fails to build — Fidel, Sep 07 '12 at 16:42
Mikey, I finally got ipmiping to compile. It actually worked! I got ipmiping responses from the BMC (though only 50% were successfully replied to) I suspect the network is mega-congested with an ESB we use. I was able to issue a 'chassis power off' and powered the server down. Now, I can't seem to ipmiping the machine when it's off. Any ideas? — Fidel, Sep 07 '12 at 17:28
Could it be an issue of tagged vs. untagged VLANs: is the switch configured for a tagged port, but the device untagged? I would also check speed, duplex status on the switch. — jftuga, Sep 07 '12 at 20:38
With 50% packet drops and bond0 as interface - this looks as if you bonded two interfaces together and only one if it is connected? — Nils, Sep 07 '12 at 21:03
Fidel, can add your server brand (or motherboard specs if it is not a brand name) to your question? For example "HP Proliant DL180 G5". — Serhiy, Sep 11 '12 at 21:21
Hi Serhiy, it's a Kontron CP6014. User Guide is here: http://www.rtsoft.ru/upload/pdfcat/CP6014_Manuals.pdf — Fidel, Sep 13 '12 at 07:31

score 10 · Answer 1 · answered Sep 11 '12 at 08:14

10

As other people already stated, it may be a networking problem. You are supposed to be able to ping the BMC by default.

However, it could also be a more insidious issue caused by the BMC not taking the new configuration in account.

Try to reset the BMC: mc reset cold

I have experienced this problem on many Dell IDRAC-stuffed machines, and the reset always fixed it.

answered Sep 11 '12 at 08:14

zecrazytux

639
3
7

Thanks tux, I'm able to send instructions like "chassis power down" now but I can't tell it to power up. There aren't impiping responses when it's off – Fidel Sep 13 '12 at 07:34
Can be due to the power saving mode, see http://lists.us.dell.com/pipermail/linux-poweredge/2009-February/038653.html – zecrazytux Sep 13 '12 at 08:20

score 5 · Answer 2 · edited Oct 23 '12 at 14:30

5

In my experience it is necessary to set the default gateway MAC address in order to establish connectivity from the outside of your network. Also, if you are using link aggregation and have a shared port for the BMC, it brings other problems. On some switches it's possible to circumvent the load sharing algorithm for a MAC or IP address and direct the traffic to a specific port.

edited Oct 23 '12 at 14:30

Scott Pack

14,717
10
51
83

answered Oct 23 '12 at 09:27

Milan

51
1

1

Milan, tell me more about the link aggregation and shared port. I'm also having issues similar to this. Can you not use link aggregation and shared ipmi? – hookenz Jan 29 '13 at 07:14

score 2 · Answer 3 · answered Feb 28 '16 at 12:07

2

If your BMC shares the interface with the motherboard, make sure your network module is loaded with "CrcStripping=0".

answered Feb 28 '16 at 12:07

Per Jessen

21
1

keithpjolley · Answer 4 · 2019-12-10T15:35:16.507

2

Just ran into this same problem and the issue was that ipmi was configured with an incorrect '802.1q VLAN ID.' ipmi started working immediately after running this command:

sudo ipmitool lan set 1 vlan id off

edited Dec 10 '19 at 15:35

answered Dec 09 '19 at 23:11

keithpjolley

123
5

BTW, in the original question the vlan id is already "Disabled." Just trying to help others that end up here in the future. – keithpjolley Dec 10 '19 at 15:39

score 1 · Answer 5 · answered Jul 01 '16 at 17:53

I had a similar issue where I could arping the IPMI BMC and see it in my arp table, but could not ping it.

The issue was that the BMC thought it was on a /31 network and was sending all replies to a non-existent default gateway. The solution is to change the default gateway in the IPMI config or add that gateway address to your client's NIC.

score 0 · Answer 6 · answered Sep 07 '12 at 20:08

Could easily be a firewall issue on the target server (or inbetween). For example, do you see traffic arrive on UDP/623 (ipmi port) at the target server? Do you have iptables running, or SELinux, and if so, have you tried turning up logging to see what's going on?

One thing you can do to eliminate ipmi is to stop the listener service, then run a temporary listener like nc (netcat) and see if you can connect to it from a client (you can use netcat again here too). Start local and then expand outwards.

ipmi - can't ping or remotely connect

6 Answers6

Linked