[172168] in North American Network Operators' Group
Re: ipmi access
daemon@ATHENA.MIT.EDU (Jack Bates)
Mon Jun 2 10:30:05 2014
X-Original-To: nanog@nanog.org
Date: Mon, 02 Jun 2014 09:29:41 -0500
From: Jack Bates <jbates@paradoxnetworks.net>
To: nanog@nanog.org
In-Reply-To: <m21tv7v7fn.wl%randy@psg.com>
Errors-To: nanog-bounces@nanog.org
I keep 2 vpn servers. ACL's at router to ipmi vlan, plus whatever
additional security ipmi happens to have.
I'm of the belief that vpn servers should be redundant. Kinda silly to
lose one and not have access to your network. :)
Jack
On 6/2/2014 7:10 AM, Randy Bush wrote:
> so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
> of the time i want it blocked off. but that other 1%, i want kvm
> console, remote media, and dim sum.
>
> currently, i just block the ip address chunk into which i put ipmi at
> the border of the rack. when i want access, i reconfig the acl. bit of
> a pita.
>
> anyone care to share better idea(s)? thanks.
>
> randy
