I've tried configuring the IPMI controller to accept remote connections, but I can't even ping it.
Here is its status:
#/usr/local/bin/ipmitool lan print 2
Set in Progress : Set Complete
Auth Type Support : NONE PASSWORD
Auth Type Enable : Callback :
: User : NONE PASSWORD
: Operator : PASSWORD
: Admin : PASSWORD
: OEM :
IP Address Source : Static Address
IP Address : 192.168.1.112
Subnet Mask : 255.255.255.0
MAC Address : 00:a0:a5:67:45:25
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Enabled
Gratituous ARP Intrvl : 8.0 seconds
Default Gateway IP : 192.168.1.1
Default Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max : uaaaXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
# /usr/local/bin/ipmitool user list 2
ID Name Enabled Callin Link Auth IPMI Msg Channel Priv Limit
1 true false true true USER
2 admin true false true true ADMINISTRATOR
# /usr/local/bin/ipmitool channel getaccess 2 2
Maximum User IDs : 5
Enabled User IDs : 2
User ID : 2
User Name : admin
Fixed Name : No
Access Available : callback
Link Authentication : enabled
IPMI Messaging : enabled
Privilege Level : ADMINISTRATOR
# /usr/local/bin/ipmitool channel info 2
Channel 0x2 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : multi-session
Active Session Count : 0
Protocol Vendor ID : 7154
Volatile(active) Settings
Alerting : disabled
Per-message Auth : disabled
User Level Auth : disabled
Access Mode : always available
Non-Volatile Settings
Alerting : disabled
Per-message Auth : disabled
User Level Auth : disabled
Access Mode : always available
# /usr/local/bin/ipmitool chassis status
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : unknown
Last Power Event :
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
# arp
Address HWtype HWaddress Flags Mask Iface
192.168.1.112 ether 00:A0:A5:67:45:25 C bond0
# /usr/local/bin/ipmitool -I lan -H 192.168.1.112 -U admin -P admin chassis power status
Error: Unable to establish LAN session
Unable to get Chassis Power Status
In summary. It exists on the ARP list so arp's are being broadcast. I can't ping it and can't connect to it. Can anyone spot any glaring mistakes in the configuration?
Many thanks, Fidel
As other people already stated, it may be a networking problem. You are supposed to be able to ping the BMC by default.
However, it could also be a more insidious issue caused by the BMC not taking the new configuration in account.
Try to reset the BMC: mc reset cold
I have experienced this problem on many Dell IDRAC-stuffed machines, and the reset always fixed it.
In my experience it is necessary to set the default gateway MAC address in order to establish connectivity from the outside of your network. Also, if you are using link aggregation and have a shared port for the BMC, it brings other problems. On some switches it's possible to circumvent the load sharing algorithm for a MAC or IP address and direct the traffic to a specific port.
If your BMC shares the interface with the motherboard, make sure your network module is loaded with "CrcStripping=0".
Just ran into this same problem and the issue was that ipmi was configured with an incorrect '802.1q VLAN ID.' ipmi started working immediately after running this command:
sudo ipmitool lan set 1 vlan id off
I had a similar issue where I could
arping
the IPMI BMC and see it in my arp table, but could not ping it.The issue was that the BMC thought it was on a /31 network and was sending all replies to a non-existent default gateway. The solution is to change the default gateway in the IPMI config or add that gateway address to your client's NIC.
Could easily be a firewall issue on the target server (or inbetween). For example, do you see traffic arrive on UDP/623 (ipmi port) at the target server? Do you have iptables running, or SELinux, and if so, have you tried turning up logging to see what's going on?
One thing you can do to eliminate ipmi is to stop the listener service, then run a temporary listener like nc (netcat) and see if you can connect to it from a client (you can use netcat again here too). Start local and then expand outwards.