racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255

To restrict logins to a small set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the mask, as shown below:

racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.212 racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.252

IP Filtering Guidelines

Use the following guidelines when enabling IP filtering:

Ensure that cfgRacTuneIpRangeMask is configured in the form of a netmask, where all most significant bits are 1’s (which defines the subnet in the mask) with a transition of all 0’s in the lower-order bits.

Use the range base address you prefer as the value for cfgRacTuneIpRangeAddr. The 32-bit binary value of this address should have zeros in all the low-order bits where there are zeros in the mask.

IP Blocking

IP blocking dynamically determines when excessive login failures occur from a particular IP address and blocks (or prevents) the address from logging into the iDRAC6 for a preselected time span.

The IP blocking parameter uses cfgRacTuning group features that include:

The number of allowable login failures

The timeframe in seconds when these failures must occur

The amount of time in seconds when the guilty IP address is prevented from establishing a session after the total allowable number of failures is exceeded

Configuring Security Features

359

Page 359
Image 359
Dell IDRAC6 manual IP Filtering Guidelines, IP Blocking, 359