Enabling Additional Idrac6 Security Options - Dell IDRAC6 User Manual

Enabling Additional iDRAC6 Security Options

To prevent unauthorized access to your remote system, the iDRAC6 provides
the following features:
• IP address filtering (IPRange) — Defines a specific range of IP addresses
that can access the iDRAC6.
• IP address blocking — Limits the number of failed login attempts from a
specific IP address
These features are disabled in the iDRAC6 default configuration. Use the
following subcommand or the Web-based interface to enable these features:
racadm config -g cfgRacTuning -o <object_name> <value>
Additionally, use these features in conjunction with the appropriate session
idle time-out values and a defined security plan for your network.
The following subsections provide additional information about
these features.
IP Filtering (IpRange)
IP address filtering (or IP Range Checking) allows iDRAC6 access only
from clients or management workstations whose IP addresses are within a
user-specific range. All other logins are denied.
IP filtering compares the IP address of an incoming login to the IP address
range that is specified in the following cfgRacTuning properties:
• cfgRacTuneIpRangeAddr
• cfgRacTuneIpRangeMask
The cfgRacTuneIpRangeMask property is applied to both the incoming
IP address and to the cfgRacTuneIpRangeAddr properties. If the results of
both properties are identical, the incoming login request is allowed to access
the iDRAC6. Logins from IP addresses outside this range receive an error.
The login proceeds if the following expression equals zero:
cfgRacTuneIpRangeMask & (<incoming_IP_address> ^
cfgRacTuneIpRangeAddr)
where & is the bitwise AND of the quantities and ^ is the bitwise
exclusive-OR.
Configuring Security Features
357