nanog mailing list archives

Re: ipmi access

From: Jack Bates <jbates () paradoxnetworks net>
Date: Mon, 02 Jun 2014 09:29:41 -0500

I keep 2 vpn servers. ACL's at router to ipmi vlan, plus whateveradditional security ipmi happens to have.

I'm of the belief that vpn servers should be redundant. Kinda silly tolose one and not have access to your network. :)


Jack

On 6/2/2014 7:10 AM, Randy Bush wrote:

so how to folk protect yet access ipmi?  it is pretty vulnerable, so 99%
of the time i want it blocked off.  but that other 1%, i want kvm
console, remote media, and dim sum.

currently, i just block the ip address chunk into which i put ipmi at
the border of the rack.  when i want access, i reconfig the acl.  bit of
a pita.

anyone care to share better idea(s)?  thanks.

randy

Current thread:

Re: ipmi access, (continued)
- - - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
    - Re: ipmi access Robert Drake (Jun 04)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Chris Adams (Jun 02)
- Re: ipmi access Jack Bates (Jun 02)
- Re: ipmi access Brian Dickson (Jun 02)