IPMI Tool against XClarity and iDrac

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
Posts: 4
Joined: Tue Jun 30, 2020 8:34 am

IPMI Tool against XClarity and iDrac

Post by ryan.odwyer »


It seems there is no obvious method to set the interface for the IPMI lookup to use in HM, running 13.80

HP ILO and SuperMicro are ok with IPMI Tool as it stands.

It seems that iDrac and Lenovo XClarity support IPMI but they need an interface defined in the tool.

IPMI Tool works to lookup IPMI but needs this flag set in the command line: "-I lanplus" once that interface to use is added to the IPMItool cmd line then all IPMI commands work ok.

Is there a way to set HM to use that extra command line so it can lookup IPMI against Dell and Lenovo servers?

I could run IPMItool as a manual script, but then there is a lot of parsing that I would need to do from the output and Cygwin emulation along with ipmi tool would need to be on every system.

Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

Do you have some specifications regarding this "lanplus interface"?
I just rechecked IPMI specifications v2.0, there are 600 pages with "interface" keyword but 0 pages with "lanplus" word.

From other sources - Lanplus interface communicates with the BMC over an Ethernet LAN connection using UDP over IPv4 and IPv6. The LANPlus interface uses the RMCP+ protocol.
Sounds like HostMonitor is using lanplus,

Posts: 4
Joined: Tue Jun 30, 2020 8:34 am

Post by ryan.odwyer »

Thanks Alex,

Not sure about the specification but it seems to be needed anytime that ipmitool is used to interact with Dell or Lenovo IPMI.

https://download.lenovo.com/pccbbs/thin ... g_v1.2.pdf

https://www.dell.com/support/manuals/en ... lang=en-us

If I add the IPMI Health test all I get back is: RMA 301: Host Error (OSR): no matching cipher suite.

Setting the Auth mode to SHA1 doesn't change the error.

I can get all the readings using the IPMItool on the command line but only when I add the "-I lanplus"

Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

Hard to find correct manuals and specs. Looks like we will spend week(s) trying to find all necessary information and then implement this option in 1-2 days :roll:
So we will not be able to do this right now, added task for version 14

Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

There is no "lanplus" definition in IPMIv2 specifications but looks like lanplus is synonym for IPMIv2 over RCMP+ protocol.
-I lan = IPMIv1.5, RCMP protocol
-I lanplus = IPMIv2, RCMP+ protocol

HostMonitor supports RCMP+/IPMIv2.
May be problem not in "interface" (it should be called "IPMIv2 protocol" instead of confusing "lanplus interface"). May be problem in ciphers?
What exactly integrity and encryption protocols enabled on your servers?


AES-CBC-128 encryption?
xRC4 encryption?
no encryption?

Posts: 4
Joined: Tue Jun 30, 2020 8:34 am

Post by ryan.odwyer »

Thanks Alex,

Everything is default on the config for the Dell and Lenovo, there aren't any options to change ciphers that I can see.

I'll do some digging and maybe a config setting can be changed by IPMItool on the command line and not the Dell/Lenovo GUI.
Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

"Default" means nothing to me. As I see iDrac supports various integrity, authentication and encryption protocols, question is what exactly combination is used on specific server (this may depends on firmware version as well).
If I add the IPMI Health test all I get back is: RMA 301: Host Error (OSR): no matching cipher suite.
Setting the Auth mode to SHA1 doesn't change the error.
SHA1 authentication should be supported by all IPMI servers.
May be encryption does not match...

Error exactly the same or different?
Can you disable encryption? Integrity check? Keep just authentication.

Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

PS You can get "no matching cipher suite" error when you forget to set user record for target server in Connection Manager
https://www.ks-soft.net/hostmon.eng/mfr ... htm#conmgr
Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

We tested old Dell with iDRAC 6, IPMIv2 (lanplus), HostMonitor works in Auth modes None and SHA1.
Please check
1) you set correct user name and password for target servers using Connection Manager
2) check list of cipher modes enabled on your servers

Posts: 12869
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA

Post by KS-Soft »

We added more ciphers in new version. You may contact support by e-mail and try new version with your servers

Post Reply