IPMI Tool against XClarity and iDrac

[ryan.odwyer]

Hi,

It seems there is no obvious method to set the interface for the IPMI lookup to use in HM, running 13.80

HP ILO and SuperMicro are ok with IPMI Tool as it stands.

It seems that iDrac and Lenovo XClarity support IPMI but they need an interface defined in the tool.

IPMI Tool works to lookup IPMI but needs this flag set in the command line: "-I lanplus" once that interface to use is added to the IPMItool cmd line then all IPMI commands work ok.

Is there a way to set HM to use that extra command line so it can lookup IPMI against Dell and Lenovo servers?

I could run IPMItool as a manual script, but then there is a lot of parsing that I would need to do from the output and Cygwin emulation along with ipmi tool would need to be on every system.

thanks,
Ryan

[KS-Soft]

Do you have some specifications regarding this "lanplus interface"?
I just rechecked IPMI specifications v2.0, there are 600 pages with "interface" keyword but 0 pages with "lanplus" word.

From other sources - Lanplus interface communicates with the BMC over an Ethernet LAN connection using UDP over IPv4 and IPv6. The LANPlus interface uses the RMCP+ protocol.
Sounds like HostMonitor is using lanplus,

Regards
Alex

[ryan.odwyer]

Thanks Alex,

Not sure about the specification but it seems to be needed anytime that ipmitool is used to interact with Dell or Lenovo IPMI.

https://download.lenovo.com/pccbbs/thinkservers/lenovo_grantley_snmp_mib_ug_v1.2.pdf

https://www.dell.com/support/manuals/en-au/integrated-dell-remote-access-cntrllr-8-with-lifecycle-controller-v2.00.00.00/idrac8_ug_pub-v1/sol-using-ipmi-protocol?guid=guid-a0398212-10dc-4377-8e63-1e26d8acdae6&lang=en-us

If I add the IPMI Health test all I get back is: RMA 301: Host Error (OSR): no matching cipher suite.

Setting the Auth mode to SHA1 doesn't change the error.

I can get all the readings using the IPMItool on the command line but only when I add the "-I lanplus"

thanks

[KS-Soft]

Hard to find correct manuals and specs. Looks like we will spend week(s) trying to find all necessary information and then implement this option in 1-2 days
So we will not be able to do this right now, added task for version 14

Regards
Alex

[KS-Soft]

There is no "lanplus" definition in IPMIv2 specifications but looks like lanplus is synonym for IPMIv2 over RCMP+ protocol.
-I lan = IPMIv1.5, RCMP protocol
-I lanplus = IPMIv2, RCMP+ protocol

HostMonitor supports RCMP+/IPMIv2.
May be problem not in "interface" (it should be called "IPMIv2 protocol" instead of confusing "lanplus interface"). May be problem in ciphers?
What exactly integrity and encryption protocols enabled on your servers?

RAKP-HMAC-SHA1?
RAKP-HMAC-SHA256?
RAKP-HMAC-MD5?
RAKP-none?

AES-CBC-128 encryption?
xRC4 encryption?
no encryption?

Regards
Alex

[ryan.odwyer]

Thanks Alex,

Everything is default on the config for the Dell and Lenovo, there aren't any options to change ciphers that I can see.

I'll do some digging and maybe a config setting can be changed by IPMItool on the command line and not the Dell/Lenovo GUI.

[KS-Soft]

"Default" means nothing to me. As I see iDrac supports various integrity, authentication and encryption protocols, question is what exactly combination is used on specific server (this may depends on firmware version as well).

[KS-Soft]

PS You can get "no matching cipher suite" error when you forget to set user record for target server in Connection Manager
https://www.ks-soft.net/hostmon.eng/mframe.htm#profiles.htm#conmgr

[KS-Soft]

We tested old Dell with iDRAC 6, IPMIv2 (lanplus), HostMonitor works in Auth modes None and SHA1.
Please check
1) you set correct user name and password for target servers using Connection Manager
2) check list of cipher modes enabled on your servers

Regards
Alex

[KS-Soft]

We added more ciphers in new version. You may contact support by e-mail and try new version with your servers

Regards
Alex