ipmi - can't ping or remotely connect

ipmi ipmitool bmc

42,506

Solution 1

As other people already stated, it may be a networking problem. You are supposed to be able to ping the BMC by default.

However, it could also be a more insidious issue caused by the BMC not taking the new configuration in account.

Try to reset the BMC: mc reset cold

I have experienced this problem on many Dell IDRAC-stuffed machines, and the reset always fixed it.

Solution 2

In my experience it is necessary to set the default gateway MAC address in order to establish connectivity from the outside of your network. Also, if you are using link aggregation and have a shared port for the BMC, it brings other problems. On some switches it's possible to circumvent the load sharing algorithm for a MAC or IP address and direct the traffic to a specific port.

Solution 3

Just ran into this same problem and the issue was that ipmi was configured with an incorrect '802.1q VLAN ID.' ipmi started working immediately after running this command:

sudo ipmitool lan set 1 vlan id off

Solution 4

If your BMC shares the interface with the motherboard, make sure your network module is loaded with "CrcStripping=0".

Solution 5

I had a similar issue where I could arping the IPMI BMC and see it in my arp table, but could not ping it.

The issue was that the BMC thought it was on a /31 network and was sending all replies to a non-existent default gateway. The solution is to change the default gateway in the IPMI config or add that gateway address to your client's NIC.

View more solutions

42,506

Fidel

Updated on September 18, 2022

Comments

Fidel almost 2 years

I've tried configuring the IPMI controller to accept remote connections, but I can't even ping it.

Here is its status:

#/usr/local/bin/ipmitool lan print 2

Set in Progress         : Set Complete
Auth Type Support       : NONE PASSWORD
Auth Type Enable        : Callback :
                        : User     : NONE PASSWORD
                        : Operator : PASSWORD
                        : Admin    : PASSWORD
                        : OEM      :
IP Address Source       : Static Address
IP Address              : 192.168.1.112
Subnet Mask             : 255.255.255.0
MAC Address             : 00:a0:a5:67:45:25
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Enabled
Gratituous ARP Intrvl   : 8.0 seconds
Default Gateway IP      : 192.168.1.1
Default Gateway MAC     : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3
Cipher Suite Priv Max   : uaaaXXXXXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM

# /usr/local/bin/ipmitool user list 2

ID  Name             Enabled Callin  Link Auth  IPMI Msg   Channel Priv Limit
1                    true    false   true       true       USER
2   admin            true    false   true       true       ADMINISTRATOR

# /usr/local/bin/ipmitool channel getaccess 2 2
Maximum User IDs     : 5
Enabled User IDs     : 2

User ID              : 2
User Name            : admin
Fixed Name           : No
Access Available     : callback
Link Authentication  : enabled
IPMI Messaging       : enabled
Privilege Level      : ADMINISTRATOR

# /usr/local/bin/ipmitool channel info 2
Channel 0x2 info:
  Channel Medium Type   : 802.3 LAN
  Channel Protocol Type : IPMB-1.0
  Session Support       : multi-session
  Active Session Count  : 0
  Protocol Vendor ID    : 7154
  Volatile(active) Settings
    Alerting            : disabled
    Per-message Auth    : disabled
    User Level Auth     : disabled
    Access Mode         : always available
  Non-Volatile Settings
    Alerting            : disabled
    Per-message Auth    : disabled
    User Level Auth     : disabled
    Access Mode         : always available

# /usr/local/bin/ipmitool chassis status
System Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : unknown
Last Power Event     :
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false

# arp
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.112            ether   00:A0:A5:67:45:25   C                     bond0

# /usr/local/bin/ipmitool -I lan -H 192.168.1.112 -U admin -P admin chassis power status
Error: Unable to establish LAN session
Unable to get Chassis Power Status

In summary. It exists on the ARP list so arp's are being broadcast. I can't ping it and can't connect to it. Can anyone spot any glaring mistakes in the configuration?

Many thanks, Fidel

TomTom almost 12 years

Is that machine on the internet? Brutally speaking: Fix your routing. This is a private IP - could well be the problem.
Fidel almost 12 years

Thanks Tom, the machine is on a local lan. The ipmi queries and commands will also come from the local lan. Cheers
Serhiy almost 12 years

Fidel, does your IPMI has a separate NIC interface or share it?
MastaJeet almost 12 years

To expand on Serhiy's comment: if it a shared NIC then ipmitool cannot be run on the the server itself. You must run it from a remote server.
Fidel almost 12 years

Thanks Serhiy, Mark. I have tried from another server and still get the same issue. I can see the IPMI machine in the arp table but still can't ping or connect. This is the info from the manual: "The CP6014 provides IPMI Over LAN support over the 2 Ethernet connections of the backplane PICMG 2.16 interface. The 82571EB chip connected to the backplane PICMG 2.16 interface is also connected to the IPMC. The IPMI Over LAN solution is compatible with the IPMI 1.5 and IPMI 2.0 specification and support both RMCP and RMCP+ payload type.". Cheers,
Steve Townsend almost 12 years

Can you post a packet dump while you try to ping it and ipmiping it?
Fidel almost 12 years

When I use 'tcpdump icmp' I can see the requests but no replies. This is from either the local computer or the remote computer. As for ipmitool, unfortunately I can't install it because one of its dependencies (libgcrypt) fails to build
Fidel almost 12 years

Mikey, I finally got ipmiping to compile. It actually worked! I got ipmiping responses from the BMC (though only 50% were successfully replied to) I suspect the network is mega-congested with an ESB we use. I was able to issue a 'chassis power off' and powered the server down. Now, I can't seem to ipmiping the machine when it's off. Any ideas?
jftuga almost 12 years

Could it be an issue of tagged vs. untagged VLANs: is the switch configured for a tagged port, but the device untagged? I would also check speed, duplex status on the switch.
Nils almost 12 years

With 50% packet drops and bond0 as interface - this looks as if you bonded two interfaces together and only one if it is connected?
Serhiy almost 12 years

Fidel, can add your server brand (or motherboard specs if it is not a brand name) to your question? For example "HP Proliant DL180 G5".

Fidel almost 12 years

Thanks tux, I'm able to send instructions like "chassis power down" now but I can't tell it to power up. There aren't impiping responses when it's off
zecrazytux almost 12 years

Can be due to the power saving mode, see lists.us.dell.com/pipermail/linux-poweredge/2009-February/…
hookenz over 11 years

Milan, tell me more about the link aggregation and shared port. I'm also having issues similar to this. Can you not use link aggregation and shared ipmi?
keithpjolley over 4 years

BTW, in the original question the vlan id is already "Disabled." Just trying to help others that end up here in the future.