Intelligent Platform Management Interface (IPMI)¶

The Netgate 8300 appliance includes a baseboard management controller (BMC) for out-of-band (OOB) access via Intelligent Platform Management Interface (IPMI). Administrators can use this interface to control the hardware itself, such as power on/off, access a serial over LAN (SOL) console, mount virtual media for installation, see hardware status events, and more.

Accessing IPMI ¶

To access IPMI via its web-based GUI, navigate to the IP address of the BMC using a web browser, e.g. https://10.10.10.89. It can also be accessed using ipmitool over the network.

By default, the dedicated IPMI network port (P11) is configured to be a DHCP client but it can be manually configured with a static address.

The address of the BMC set to DHCP can be determined in a few different ways:

Enter the BIOS when powering on the device and navigate to Server Mgmt > BMC Network Configuration. That screen displays the current network information for the BMC.
From the installed Operating System, run ipmitool lan print 2 to output the current BMC/IPMI network configuration for the dedicated IPMI network port.
Check the DHCP server leases to see which lease was allocated to the BMC.

Tip

The MAC address of the BMC is printed on the device label for reference.

Default IPMI Credentials ¶

The default IPMI username is root and the default password is root.

In compliance with privacy legislation, the Username and Password to access the IPMI port on the Netgate 8300 must be changed on first access.

The IPMI web interface will present a screen to change the password immediately upon the first login using the default credentials.

../_images/marbella-ipmi-forced-pw-change.png — IPMI Web Console forcing a password change on first login¶

To change the password:

Navigate to the IPMI address using a web browser
Log in to the IPMI Web Console with the default credentials.
Enter the following items on the Change Password form:

Old Password
The current default password (root).

New Password
The new password to set. If the password is acceptable, the field will be outlined in green. If the password is invalid, the field will be outlined in red.

See also

For a list of password requirements, see the next section. The IPMI Web Console will also print the requirements if a user attempts to set a password it considers too weak.

Confirm Password
The same password as in the New Password field. If the passwords match, the field will be outlined in green. If the passwords do not match, the field will be outlined in red.
Click Update Password

IPMI Password Requirements ¶

IPMI user account passwords must meet the following criteria:

Minimum of 6 characters long
Contains only printable ASCII characters
Cannot contain the account name (Case insensitive)
Meets at least 3 of following criteria:
- Contains uppercase characters (A through Z)
- Contains lowercase characters (a through z)
- Contains numbers (0 through 9)
- Contains special characters (e.g., $, &)

Changing the IPMI Password ¶

The IPMI password for Netgate 8300 appliances can be changed either through the browser-based IPMI console or by using the ipmitool utility directly in pfSense® software.

Using IPMI Web Console¶

To change the IPMI password in the web console:

Navigate to the IPMI address using a web browser
Log in to the IPMI console with the current credentials

Log Into IPMI¶

Note

If the username is not known, see the next section for information on how to use ipmitool to view the current user list.
Navigate to Configuration > Users

Configuration > Users¶
Select the user to modify by clicking on its row in the list

This is likely the root user or another user with Administrator privileges, typically the user in the second slot (User ID 2).
Click Modify User

Modify User¶
Set the form fields as follows:

User Name
Change the username from the default root to a personalized name

This is optional, but a best practice.

Change Password
Click to enable the slider

Password
Enter the new Password

If the password is acceptable, the field will be outlined in green. If the password is invalid, the field will be outlined in red.

See also

For a list of password requirements, see the previous section.

Confirm Password
Enter the new password again in Confirm Password

If the passwords match, the field will be outlined in green. If the passwords do not match, the field will be outlined in red.

Modify User Form¶
Click Modify
Click Confirm on the alert that says “Modified user successfully.”

Click Confirm¶

Using the ipmitool Utility¶

If the IPMI web interface is unavailable or the current password is unknown, the ipmitool utility packaged with pfSense software can change the password.

These commands may be performed in the GUI at Diagnostics > Command Prompt or at a console or SSH shell prompt as the root user.

Load the IPMI kernel module
```
# kldload ipmi
```

List the current IPMI users

# ipmitool user list

Note

Netgate 8300 appliances use the user name root by default.

The command prints a list of users, for example:

ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
                  true    false      false      NO ACCESS
 root             true    false      true       ADMINISTRATOR
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                  true    false      false      NO ACCESS
                 true    false      false      NO ACCESS
                 true    false      false      NO ACCESS
                 true    false      false      NO ACCESS
                 true    false      false      NO ACCESS
                 true    false      false      NO ACCESS
                 true    false      false      NO ACCESS

Warning

Usernames are case-sensitive.

Reset the password for a user

The default root user is User ID 2, and the example below sets the password for this user to NETGATE.
```
# ipmitool user set password 2 NETGATE
```
Warning

This password is for example purposes only. Use a secure password.

If successful, the output will be:
```
Set User Password command successful (user 2)
```
Unload the IPMI kernel module
```
# kldunload ipmi
```

Reset IPMI Network Configuration ¶

The ipmitool utility can also change or reset the network configuration of the IPMI interface if it cannot be reached over the network.

These commands may be performed in the GUI at Diagnostics > Command Prompt or at a console or SSH shell prompt as the root user.

Note

The dedicated IPMI port (P11) is on IPMI network channel 2.

Load the IPMI kernel module
```
# kldload ipmi
```
Set the IPMI IP address and subnet mask

The following commands configure the IP address of the IPMI interface and its corresponding subnet mask in dotted quad notation.

This example sets the IPMI IP address to 172.31.123.5/24:
```
# ipmitool lan set 2 ipaddr 172.31.123.5
# ipmitool lan set 2 netmask 255.255.255.0
```
Set the IPMI gateway IP address

To communicate with IPMI outside of its configured subnet, the IPMI interface must have a default gateway set.

This example sets the default gateway to 172.31.123.1.
```
# ipmitool lan set 2 defgw ipaddr 172.31.123.1
```
Enable IPMI access on the interface
```
# ipmitool lan set 2 access on
```
Unload the IPMI kernel module
```
# kldunload ipmi
```

Re-arm the Chassis Intrusion Switch ¶

The chassis on Netgate 8300 has an intrusion detection function which can be reset via IPMI. See Re-arm the Chassis Intrusion Switch for details.

Intelligent Platform Management Interface (IPMI)¶

Accessing IPMI¶

Default IPMI Credentials¶

IPMI Password Requirements¶

Changing the IPMI Password¶