Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.20 with Dell OpenManage 5.2
51525354555657585960
60 Configuring and Using the DRAC 5 Command LIne Console
Enabling IP Filtering
Below is an example command for IP filtering setup.
See "Using RACADM" for more information about RACADM and RACADM commands.
NOTE: The following RACADM commands block all IP addresses except 192.168.0.57)
To restrict the login to a single IP address (for example, 192.168.0.57), use the full mask, as shown below.
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255
To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through
192.168.0.215), select all but the lowest two bits in the mask, as shown below:
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a netmask, where all most
significant bits are 1’s (which defines the subnet in the mask) with a transition of all 0’s in the
lower-order bits.
Use the desired range’s base address as the value of
cfgRacTuneIpRangeAddr
. The 32-bit binary value
of this address should have zeros in all the low-order bits where there are zeros in the mask.
IP Blocking
IP blocking dynamically determines when excessive login failures occur from a particular IP address and
blocks (or prevents) the address from logging into the DRAC 5 for a preselected time span.
The IP blocking parameter uses cfgRacTuning group features that include:
The number of allowable login failures (
cfgRacTuneIpBlkFailcount
)
The timeframe in seconds when these failures must occur (
cfgRacTuneIpBlkFailWindow
)
The amount of time in seconds when the "guilty" IP address is prevented from establishing a session
after the total allowable number of failures is exceeded (
cfgRacTuneIpBlkPenaltyTime
)
As login failures accumulate from a specific IP address, they are "aged" by an internal counter. When the
user logs in successfully, the failure history is cleared and the internal counter is reset.
NOTE: When login attempts are refused from the client IP address, some SSH clients may display the following
message: ssh exchange identification: Connection closed by remote host.
See "DRAC 5 Property Database Group and Object Definitions" for a complete list of cfgRacTune
properties.