IBM Support

HMC's BMC / IPMI IP access control and port control

How To


Summary

For customer environments that require IP access control to the BMC for restricting access when using the 7063-CR1 HMC.

Environment

7063-CR1 HMCs
Any HMC Version or Release
Any BMC or PNOR firmware level

Steps

There are 10 slots available for IP Access Control rules. The order configured is important for establishing the rules correctly.
How to configure IP access:
1) Log in to the BMC GUI as ADMIN
2) Go to the "Configuration" tab
3) Select "IP Access Control".
4) Add a check mark for "Enable IP Access Control" and confirm the action when prompted.
NOTE: The port control is also located under the "Configuration" tab. 
A common setup used for IP access control is to limit access to a single IP or a small range. Here is an example of allowing a single IP for a remote system with IP address 192.168.1.1.
5) Add Rule 1: 192.168.1.1/32 and set to "Allow".
6) Add Rule 2: 0.0.0.0/0 and set to "Drop".
Rule in effect: blocks all IP addresses that are not IP 192.168.1.1.
By comparison:
7) Add Rule 1: 0.0.0.0/0 and set to "Drop".
8) Add Rule 2: 192.168.1.1/32 and set to "Allow". 
Rule in effect: Blocks all access to the IPMI, because Rule 1 takes precedence over Rule 2 and blocks all IP addresses, even though Rule 2 is set to allow the single IP for access.
The rules can also be used to allow all or a subset of 192 IP address ranges, while blocking all other traffic.
BMC Gui steps

image 6474
Check mark "Enable IP Access Control"
image 6476
Click add to add a rule:
image 6477
Add the rule for allow and click Save:
image 6475
Add the rule for drop and click Save:
image 6479

Additional Information

This is access control. Ensure the right ip or ip range is being specified in the right rule order, otherwise the unintended consequence is remote users will lose all access.

Document Location

Worldwide

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SGGSNP","label":"Hardware Management Console V9"},"ARM Category":[{"code":"a8m0z000000bowEAAQ","label":"Hardware Management Console"}],"ARM Case Number":"TS003873159","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
02 November 2021

UID

ibm16243114

Page Feedback