[172167] in North American Network Operators' Group
Re: ipmi access
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Jun 2 10:17:28 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <m21tv7v7fn.wl%randy@psg.com>
From: Jared Mauch <jared@puck.nether.net>
Date: Mon, 2 Jun 2014 07:14:50 -0700
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
My IPMI (super micro) you can put v6 and v4 filters into for protecting the i=
p space from trusted sources. Has my home static ip ranges and a few interme=
diary ranges that I also have access to.
> On Jun 2, 2014, at 5:10 AM, Randy Bush <randy@psg.com> wrote:
>=20
> so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
> of the time i want it blocked off. but that other 1%, i want kvm
> console, remote media, and dim sum.
>=20
> currently, i just block the ip address chunk into which i put ipmi at
> the border of the rack. when i want access, i reconfig the acl. bit of
> a pita.
>=20
> anyone care to share better idea(s)? thanks.
>=20
> randy
