Network Card User Manual

ManualsBrandsIntel ManualsNetwork CardMPCMM0001

191

192

193

194

195

196

197

198

199

200

192 MPCMM0001 Chassis Management Module Software Technical Product Specification

RMCP

returned by the Get Channel Authentication Capabilities command. The response packet will

contain a challenge string and a Session ID.

3. The RMCP client activates the session by issuing an Activate Session request. The Activate

Session packet is typically authenticated. For message-digest algorithms, the packet includes a

signature (AuthCode) that is a hash of the challenge, the Session ID, the password, and the

message data using one of the supported algorithms from the Get Channel Authentication

Capabilities command. The client also sets the initial value for the outbound sequence number

that it wants the RMCP server to use for packets it sends to the console.

4. The RMCP server returns a response confirming that the Session has been successfully

activated. It also returns the Session ID to be used for the remainder of the session, and the

initial inbound session sequence number that it wants the RMCP client to use for subsequent

messages it sends to the RMCP server for that session. The Activate Session response is also

authenticated (signed) in the same manner as the request. This allows the RMCP client to

validate that it has a correct Session ID. Note that IPMI does not support switching

authentication algorithms ‘mid stream’. The algorithm used with the Activate Session

command is the algorithm that will be used for subsequent authenticated messages for the

session. The exception to this is that the ‘none’ authentication type is allowed if options such

as ‘Per-Message Authentication’ and/or ‘User Authentication’ are disabled.

5. At this point the session is active. The RMCP client can send a Close Session request to

terminate an active session. The RMCP server will return the Close Session response to

acknowledge the client request.

During a session-active phase:

• Administrator-level requests must be sent as secured (authenticated) messages using the

authentication type that was requested in the Activate RMCP Session message request.

• Authentication type cannot be changed. Secured messages with authentication type other than

that requested in the Activate RMCP Session message request will be silently discarded.

• The RMCP server sends the response using the same authentication type that was used in the

request.

• The RMCP server implements a session-active phase expiration timer. The server will

terminate the session if it does not receive any valid secured message request for a time since

last valid secured message request was received. The client, in this case, should reestablish the

session initiating with the Activate RMCP Session message-request. The following table

shows the RMCP Session Timers.

20.6 RMCP Port Numbers

RMCP messages are sent via UDP datagrams over Ethernet. The RMCP server communicates on

management port 623 (26Fh) for handling RMCP requests.

A secondary port 664 (298h) is used when encryption is necessary.

Table 87. RMCP Session Timers

RMCP Session Phase Time-out Interval

Activation 120 Seconds

Active Session 120 Seconds