Users Guide
80 Configuring and Using the DRAC 5 Command Line Console
To restrict logins to a small set of four adjacent IP addresses (for example,
192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the
mask, as shown below:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.252
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
•Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a
netmask, where all most significant bits are 1’s (which defines the subnet
in the mask) with a transition of all 0’s in the lower-order bits.
• Use the desired range’s base address as the value of
cfgRacTuneIpRangeAddr
. The 32-bit binary value of this address should
have zeros in all the low-order bits where there are zeros in the mask.
IP Blocking
IP blocking dynamically determines when excessive login failures occur from
a particular IP address and blocks (or prevents) the address from logging into
the DRAC 5 for a preselected time span.
The IP blocking parameter uses cfgRacTuning group features that include:
• The number of allowable login failures ("cfgRacTuneIpBlkFailcount" on
page 323)
• The timeframe in seconds when these failures must occur
("cfgRacTuneIpBlkFailWindow" on page 324)
• The amount of time in seconds when the "guilty" IP address is prevented
from establishing a session after the total allowable number of failures is
exceeded ("cfgRacTuneIpBlkPenaltyTime" on page 324)