Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller Version 2.05.05.05

• IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified

range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are

denied.

• When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected

time span. If you unsuccessfully log in up to two times, you are allowed to log in again only after 30 seconds. If you unsuccessfully log

in more than two times, you are allowed to log in again only after 60 seconds.

As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user successfully logs in, the

failure history is cleared and the internal counter is reset.

NOTE: When login attempts are prevented from the client IP address, few SSH clients may display the message: ssh

exchange identification: Connection closed by remote host.

NOTE: If you are using Dell Deployment Toolkit (DTK), see the

Dell Deployment Toolkit User’s Guide

for the privileges.

Configure IP Filtering Using iDRAC Web Interface

You must have Configure privilege to perform these steps.

To configure IP filtering:

1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network > Network.

The Network page is displayed.

2. Click Advanced Settings.

The Network Security page is displayed.

3. Specify the IP filtering settings.

For more information about the options, see iDRAC Online Help.

4. Click Apply to save the settings.

Configuring IP Filtering Using RACADM

You must have Configure privilege to perform these steps.

To configure IP filtering, use the following RACADM objects:

• With config command:

• cfgRacTuneIpRangeEnable

• cfgRacTuneIpRangeAddr

• cfgRacTuneIpRangeMask

• With set command, use the objects in the iDRAC.IPBlocking group:

• RangeEnable

• RangeAddr

• RangeMask

The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the

cfgRacTuneIpRangeAddr or RangeAddr property. If the results are identical, the incoming login request is allowed to access iDRAC.

Logging in from IP addresses outside this range results in an error.

The login proceeds if the following expression equals zero:

• Using legacy syntax: cfgRacTuneIpRangeMask & (<incoming-IP-address> ^ cfgRacTuneIpRangeAddr)

• Using new syntax: RangeMask & (<incoming-IP-address> ^ RangeAddr)

where, & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR.

Examples for IP Filtering

• The following RACADM commands block all IP addresses except 192.168.0.57:

• Using config command:

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255

Configuring iDRAC