nanog mailing list archives

Re: ipmi access

From: Chris Adams <cma () cmadams net>
Date: Mon, 2 Jun 2014 08:28:33 -0500

Once upon a time, shawn wilson <ag4ve.us () gmail com> said:

So, kinda the same idea - just put IPMI on another network and use ssh
forwards to it. You can have multiple boxes connected in this fashion
but the point is to keep it simple and as secure as possible (and IPMI
security doesn't really count here :) ).


For basic IPMI, SSH forwards will work, but some of the web/Java based
KVM-over-IP on IPMI BMCs tend to not work well with that.

For IPMI things like power control and serial-over-LAN, I put the IPMI
on a separate VLAN (most semi-recent BMCs can handle a VLAN tag) and
then just use "ipmitool" on a Linux system connected to the same VLAN
(no port-forwarding or VPN required).  I only use a VPN-type setup when
I need to use a KVM console.

-- 
Chris Adams <cma () cmadams net>

Current thread:

ipmi access Randy Bush (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)
  - Re: ipmi access Paul S. (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)
    - Re: ipmi access Paul S. (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Andrew Latham (Jun 02)
    - Re: ipmi access coy . hile (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Chris Adams (Jun 02)
    - Re: ipmi access Jimmy Hess (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Peter Kristolaitis (Jun 02)
  - Re: ipmi access charles (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Jared Mauch (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
  - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Blake Hudson (Jun 02)

(Thread continues...)