Users Guide

Configuring Security Features 213
IP filtering compares the IP address of an incoming login to the IP address
range that is specified in the following cfgRacTuning properties:
cfgRacTuneIpRangeAddr
cfgRacTuneIpRangeMask
The cfgRacTuneIpRangeMask property is applied to both the incoming
IP address and to the cfgRacTuneIpRangeAddr properties. If the results of
both properties are identical, the incoming login request is allowed to access
the DRAC 5. Logins from IP addresses outside this range receive an error.
The login proceeds if the following expression equals zero:
cfgRacTuneIpRangeMask & (
<incoming_IP_address>
^
cfgRacTuneIpRangeAddr)
where & is the bitwise AND of the quantities and ^ is the bitwise
exclusive-OR.
See "DRAC 5 Property Database Group and Object Definitions" for a
complete list of cfgRacTune properties.
Table 11-15. IP Address Filtering (IpRange) Properties
Property Description
cfgRacTuneIpRangeEnable Enables the IP range checking feature.
cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern,
depending on the 1’s in the subnet mask.
This property is bitwise AND’d with
cfgRacTuneIpRangeMask to determine the upper
portion of the allowed IP address. Any IP address that
contains this bit pattern in its upper bits is allowed to
establish a DRAC 5 session. Logins from IP addresses
that are outside this range will fail. The default values
in each property allow an address range from
192.168.1.0 to 192.168.1.255 to establish a DRAC 5
session.
cfgRacTuneIpRangeMask Defines the significant bit positions in the IP address.
The subnet mask should be in the form of a netmask,
where the more significant bits are all 1’s with a single
transition to all zeros in the lower-order bits.