Enabling Additional iDRAC6 Security Options

To prevent unauthorized access to your remote system, the iDRAC6 provides the following features:

IP address filtering (IPRange) — Defines a specific range of IP addresses that can access the iDRAC6.

IP address blocking — Limits the number of failed login attempts from a specific IP address

These features are disabled in the iDRAC6 default configuration. Use the following subcommand or the Web-based interface to enable these features:

racadm config -g cfgRacTuning -o <object_name> <value>

Additionally, use these features in conjunction with the appropriate session idle time-out values and a defined security plan for your network.

The following subsections provide additional information about these features.

IP Filtering (IpRange)

IP address filtering (or IP Range Checking) allows iDRAC6 access only from clients or management workstations whose IP addresses are within a user-specific range. All other logins are denied.

IP filtering compares the IP address of an incoming login to the IP address range that is specified in the following cfgRacTuning properties:

cfgRacTuneIpRangeAddr

cfgRacTuneIpRangeMask

The cfgRacTuneIpRangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr properties. If the results of both properties are identical, the incoming login request is allowed to access the iDRAC6. Logins from IP addresses outside this range receive an error.

The login proceeds if the following expression equals zero:

cfgRacTuneIpRangeMask & (<incoming_IP_address> ^ cfgRacTuneIpRangeAddr)

where & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR.

Configuring Security Features

357

Page 357
Image 357
Dell IDRAC6 manual Enabling Additional iDRAC6 Security Options, IP Filtering IpRange, 357