Users Guide
• IP filtering limits the IP address range of the clients accessing iDRAC. It compares the IP address of an incoming login to the specified
range and allows iDRAC access only from a management station whose IP address is within the range. All other login requests are
denied.
• When repeated login failures occur from a particular IP address, it prevents the address from logging in to iDRAC for a preselected
time span. If you unsuccessfully log in up to two times, you are allowed to log in again only after 30 seconds. If you unsuccessfully log
in more than two times, you are allowed to log in again only after 60 seconds.
As login failures accumulate from a specific IP address, they are registered by an internal counter. When the user successfully logs in, the
failure history is cleared and the internal counter is reset.
NOTE: When login attempts are prevented from the client IP address, few SSH clients may display the message: ssh
exchange identification: Connection closed by remote host.
NOTE: If you are using Dell Deployment Toolkit (DTK), see the OpenManage Deployment Toolkit User's Guide available
at www.dell.com/openmanagemanuals for the privileges.
Configure IP filtering using iDRAC web interface
You must have Configure privilege to perform these steps.
To configure IP filtering:
1. In iDRAC Web interface, go to iDRAC Settings > Connectivity > Network > Network Settings > Advanced Network Settings.
The Network page is displayed.
2. Click Advanced Network Settings.
The Network Security page is displayed.
3. Specify the IP filtering settings using IP Range Address and IP Range Subnet Mask.
For more information about the options, see iDRAC Online Help.
4. Click Apply to save the settings.
Federal Information Processing Standards — FIPS is a set of standards used by the United States government agencies and
contractors. FIPS Mode is intended to meet the requirements of FIPS 140-2 level 1. For more information about FIPS, refer to the FIPS
User Guide for iDRAC and CMC.
NOTE:
Enabling FIPS Mode resets iDRAC to the default settings.
Configuring IP filtering using RACADM
You must have Configure privilege to perform these steps.
To configure IP filtering, use the following RACADM objects in the iDRAC.IPBlocking group:
• RangeEnable
• RangeAddr
• RangeMask
The RangeMask property is applied to both the incoming IP address and to the RangeAddr property. If the results are identical, the
incoming login request is allowed to access iDRAC. Logging in from IP addresses outside this range results in an error.
The login proceeds if the following expression equals zero:
RangeMask & (<incoming-IP-address> ^ RangeAddr)
Examples for IP Filtering
The following RACADM commands block all IP addresses except 192.168.0.57:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255
To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two
bits in the mask:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.212
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.252
80
Configuring iDRAC