[CentOS] C7, ipmi, NIC2, still fighting

Fri Jul 13 12:34:26 UTC 2018
Jonathan Billings <billings at negate.org>

On Thu, Jul 12, 2018 at 07:27:58PM -0500, Chris Adams wrote:
> > Default Gateway IP      :
> > Default Gateway MAC     : 00:25:90:0a:42:87
> No, that does not look right.  You have configured the gateway of the
> IPMI to be the host OS side of the NIC.  You can't do that... in a lot
> of systems I've seen, the IPMI side of the NIC can't even talk to the
> host OS on the network.

>From previous emails, I gather that mark can't find the way to set
which interface the IPMI BMC uses, so he's setting the BMC's IP
settings to use one of the NICs as a gateway.  This is not how you
make that setting (it won't work) but I can see where he's coming

In my experience, it's either hard-wired to a particular interface.
This should be documented, otherwise you need another computer on the 
same network or connected with a crossover cable to figure it out.

Sometimes you can set the interface that IPMI uses in the BIOS or
through 'ipmitool'. 

For Dell hardware, the ipmitool command that ships with CentOS7 has an
'ipmitool delloem lan set <mode>' which lets you choose which
interface to use.

# ipmitool delloem lan set

   lan set <Mode>
      sets the NIC Selection Mode :
          on iDRAC12g OR iDRAC13g  :
              dedicated, shared with lom1, shared with lom2,shared with lom3,shared
              with lom4,shared with failover lom1,shared with failover lom2,shared
              with failover lom3,shared with failover lom4,shared with Failover all
              loms, shared with Failover None).
          on other systems :
              dedicated, shared, shared with failover lom2,
              shared with Failover all loms.

If I'm using a system with a shared setup, I don't set up networking
on that interface at all.  At least with Dells, even if you set up an
IP on the interface, it can't talk to the BMC from the OS using the
shared interface.  Ping doesn't work, 'ipmitool -I lanplus' doesn't
work, http doesn't work.  You need to connect from another host.  I
have a private management network that we use for IPMI/iLO systems,
because those BMC interfaces are known to be an attack vector.

Hopefully, this is enough information to explain that you need to find
out which interface your IPMI device is using, and to use appropriate
IP settings, and to *NOT* use the IP/MAC from any OS interfaces as
your IPMI device's gateway.

Jonathan Billings <billings at negate.org>