Configuring and using IPMI LAN for remote access - previously published as KB 2971
Use IPMI LAN commands to access the firmware even if the OS is down.
IPMI is a firmware level interface that allows remote management of a server locally or through a network interface. The IPMI LAN firmware supports remote access regardless of the OS. It has the ability to remotely reboot a frozen server, monitor for hardware failures, access the firmware sensors, firmware log, and also supports accessing the console over IPMI LAN, even during boot.
Unitrends systems do not have the IPMI LAN interface enabled by default, and it should not be enabled without also changing the default IPMI user password.
IPMI is equipped on Unitrends Appliances Generation 5 and higher that are FULL DEPTH 1u and higher rack appliances. Half-rack systems and desktop systems do not include this feature.
To use IPMI, a unique IP unused by other services and NOT one of the unitrends Appliance's production IPs must be selected for configuration.
This article will guide through three methods of enabling IPMI LAN on the Unitrends system, accessing the IPMI web user interface, installing the ipmiutil client utility, running some commonly used commands and provide additional resources for advanced users.
On systems with physical IPMI ports optionally connect the IPMI interface to a non-production network segment if you wish this access to be independently secured. The IPMI port is commonly covered by a small plastic cap which is easily removed. This may also be connected in parallel to ETH0 to provide redundancy of access to the IPMI interface. IPMI's separate IP will be used across both ETH0 and the optional IPMI connection for redundancy.
Even if the OS is hung or not accessible, the system can be remotely diagnosed and/or restarted with IPMI LAN.
Enable IPMI LAN access using one of the following three methods:
- Enable IPMI LAN on the appliance via local access, in one of these methods (Unitrends Backup Console Interface, bios menu or using the ipmiutil command utility) :
Hint: IPMI LAN only needs to be enabled using one method. If you choose option a, you do not need to perform option b or c.
a) Enable IPMI LAN from the Unitrends Backup Console Interface:
- If you cannot access the appliance's physical or virtual console screen, optionally use an SSH client such as PuTTY to access the Unitrends system at the command line level. Note: Ensure you have the OS password to access the Unitrends system’s command line. The OS password may differ from the password used to access the User Interface. Access the Unitrends Backup Console Interface by typing the command 'dpuconfig'
Unitrends Backup Console Interface 1. Network Setup 2. Console Access Password Setup 3. Firewall Settings 4. Advanced Options Please enter choice:
- Next select option 1. Network Setup
- Choose option 3. Configure IPMI LAN
- Type 'Y' to change the current IPMI configuration.
Current IPMI IP address: 0.0.0.0 Current IPMI Netmask: 0.0.0.0 Current IPMI Gateway: 0.0.0.0 Edit IPMI configuration? [n/Y]:
- Set the IPMI LAN IP address, netmask, gateway and ADMIN password following the on-screen prompts.
- Skip to step 2.
b) Enable IPMI LAN from the BIOS menu
- Reboot and press DEL during the boot cycle to enter the BIOS menu
- Select Advanced then IPMI to access the IPMI menu
- For specific details, see IPMI-LAN Configuration from BIOS for Remote Management.
- Skip to step 2.
- Use an SSH client such as PuTTY to access the Unitrends system at the command line level. Note: Ensure you have the OS password to access the Unitrends system’s command line. The OS password may differ from the password used to access the User Interface.
- Run the ipmiutil command below to specify the ip address, account, password and to prompt the user for the IPMI LAN remote password.
# ipmiutil lan –e –l <<IPMI LAN ip address>> –u ADMIN –p <<password>> –y 2
Hint: If ipmiutil option –y is not available (version < 2.9.1), you should run the following command to set the IPMI LAN port to failover mode. See the Notes section of this article for more information on failover, shared or dedicated configurations.
# ipmiutil smcoem lanport failover
Now, you can connect a browser to the IP (e.g. http ://<<ip address>) to use the SuperMicro IPMI web UI. This includes a KVM Console function. This requires a KVM Java plugin which will install on the browser.
Connecting to the IPMI interface
- You can also run ipmi commands from the ipmiutil client utility from a client system (e.g. Windows).
b) Run the installer package to install the client utility.
Hint: For Windows, look for the latest .msi installer under IPMIUTIL FILES on the left of the page.
- Run Common ipmiutil commands from
Open an elevated command prompt (as Administrator) to run ipmiutil commands.
- Get the sensors:
ipmiutil sensor –c –N <<ip address>> –U ADMIN –P <<password>>
- Get the firmware log (SEL):
ipmiutil sel -e –N <<ip address>> –U ADMIN –P <<password>>
- Power cycle the unit: WARNING: do this only when the unitrends OS is not running.
ipmiutil reset -c –N <<ip address>> –U ADMIN –P <<password>>
- Start a Serial-Over-LAN console session (must configure a serial console first):
ipmiutil sol -a –N <<ip address>> –U ADMIN –P <<password>>
- Access the IPMI Web User Interface
- For advanced user, see the ipmiutil user guide for additional options and command line arguments.
To disable IPMI LAN and set its IP to 0.0.0.0 run this command:
ipmiutil lan –d
ipmiutil lan -d
- IPMI has three options - Failover, Shared (or On-Board), and Dedicated.
- To disable IPMI LAN and set its IP to 0.0.0.0 run this:
ipmiutil lan –d
See http://ipmiutil.sourceforge.net/docs/UserGuide for a detailed User Guide
See http://ipmiutil.sourceforge.net for binaries, source, and other files.
IPMI-LAN Configuration from BIOS for Remote Management
IPMI - disabling IPMI LAN for DHCP
IPMI DHCP traffic
IPMI KVM console mouse correction
Diagnosing memory errors with IPMI
Red LED on the front of my Unitrends appliance is lit - diagnosing it with IPMI
Unitrends Security: IPMI Port Vulnerabilities