6

I would like to know if it is possible to disable ipmi over lan via ipmitool.

Setting the IP to 0.0.0.0 as stated here http://support.unitrends.com/ikm/questions.php?questionid=642 did not do what I hoped for. In fact it did nothing.

  • ipmitool -I lanplus -H hostname -U user -a lan set 1 ipaddr 0.0.0.0

Ipmitool is the only ipmi management utility available on that jumphost.

I would alternatively be interested in ways to disable impi over lan via ssh on hp hosts.

For those that came here from google, here is how to disable ipmi over lan via ssh on dell hosts: connect via ssh to the idrac, open racadm and use it to disable this service. Documentation can be found here: http://web.mit.edu/cron/documentation/dell-server-admin/en/idrac1/chap09.htm

Feel free to post if you know something remotely connected :)

Thank you!

Benedikt Haug
  • 111
  • 1
  • 1
  • 5
  • Why do you want to disable IPMI/ILO? Do any of the HP servers you're referring to have dedicated ILO ports? – ewwhite Mar 17 '15 at 13:57
  • 1
    We don't need it. It is provided by the deployment scheme which we can't control, so we would like to disable it. Yes it uses a dedicated ILO port. – Benedikt Haug Mar 17 '15 at 14:00

2 Answers2

3

Here is another way to disable lan channel :

ipmitool lan set 1 access off
Victor
  • 61
  • 2
  • 8
1
ipmitool raw 0x6 0x40 0x01 0x40 0x44
ipmitool raw 0x6 0x40 0x01 0x80 0x84

The above command is "Set Channel Access" IPMI . Here we disable the IPMI messaging payload for channel 1 (byte-3).

Second command will disable volatile settings (LAN access will be disabled till next BMC reboot) First command will disable non-volatile settings (LAN access will remain disabled across BMC reboots)

rajaganesh87
  • 111
  • 5
  • 7
    Whilst this may theoretically answer the question, please [provide context](http://serverfault.com/help/how-to-answer) around the command so others will have some idea what it is and should do. – HBruijn May 28 '15 at 10:30
  • 1
    How do you enable it back and if i try it on other channel it fails how do i disable other channel such as 0x7 ? – resultsway Jan 24 '17 at 18:16
  • @resultsway I'm not sure which channel is associated with 0x07 in your server. The different physical channels can be numbered with different logical numbers. If you have atleast one channel with admin access, you can use that to enable all other channels. if you have OS with IPMI driver enabled, use KCS/System Interface to send IPMI commands – rajaganesh87 Feb 03 '17 at 04:42