RMCP

returned by the Get Channel Authentication Capabilities command. The response packet will contain a challenge string and a Session ID.

3.The RMCP client activates the session by issuing an Activate Session request. The Activate Session packet is typically authenticated. For message-digest algorithms, the packet includes a signature (AuthCode) that is a hash of the challenge, the Session ID, the password, and the message data using one of the supported algorithms from the Get Channel Authentication Capabilities command. The client also sets the initial value for the outbound sequence number that it wants the RMCP server to use for packets it sends to the console.

4.The RMCP server returns a response confirming that the Session has been successfully activated. It also returns the Session ID to be used for the remainder of the session, and the initial inbound session sequence number that it wants the RMCP client to use for subsequent messages it sends to the RMCP server for that session. The Activate Session response is also authenticated (signed) in the same manner as the request. This allows the RMCP client to validate that it has a correct Session ID. Note that IPMI does not support switching authentication algorithms ‘mid stream’. The algorithm used with the Activate Session command is the algorithm that will be used for subsequent authenticated messages for the session. The exception to this is that the ‘none’ authentication type is allowed if options such as ‘Per-Message Authentication’ and/or ‘User Authentication’ are disabled.

5.At this point the session is active. The RMCP client can send a Close Session request to terminate an active session. The RMCP server will return the Close Session response to acknowledge the client request.

During a session-activephase:

Administrator-level requests must be sent as secured (authenticated) messages using the authentication type that was requested in the Activate RMCP Session message request.

Authentication type cannot be changed. Secured messages with authentication type other than that requested in the Activate RMCP Session message request will be silently discarded.

The RMCP server sends the response using the same authentication type that was used in the request.

The RMCP server implements a session-active phase expiration timer. The server will terminate the session if it does not receive any valid secured message request for a time since last valid secured message request was received. The client, in this case, should reestablish the session initiating with the Activate RMCP Session message-request. The following table shows the RMCP Session Timers.

Table 87. RMCP Session Timers

RMCP Session Phase

Time-out Interval

 

 

Activation

120 Seconds

 

 

Active Session

120 Seconds

 

 

20.6RMCP Port Numbers

RMCP messages are sent via UDP datagrams over Ethernet. The RMCP server communicates on management port 623 (26Fh) for handling RMCP requests.

A secondary port 664 (298h) is used when encryption is necessary.

192MPCMM0001 Chassis Management Module Software Technical Product Specification

Page 192
Image 192
Intel MPCMM0001 manual Rmcp Port Numbers, Rmcp Session Timers, Rmcp Session Phase Time-out Interval