Filter
Top Products
Configuring Security Features 359
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.255
To restrict logins to a small set of four adjacent IP addresses (for example,
192.168.0.212 through 192.168.0.215), select all but the lowest two bits in the
mask, as shown below:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.252
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
• Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a
netmask, where all most significant bits are 1’s (which defines the subnet
in the mask) with a transition of all 0’s in the lower-order bits.
• Use the range base address you prefer as the value for
cfgRacTuneIpRangeAddr
. The 32-bit binary value of this address should
have zeros in all the low-order bits where there are zeros in the mask.
IP Blocking
IP blocking dynamically determines when excessive login failures occur from
a particular IP address and blocks (or prevents) the address from logging into
the iDRAC6 for a preselected time span.
The IP blocking parameter uses cfgRacTuning group features that include:
• The number of allowable login failures
• The timeframe in seconds when these failures must occur
• The amount of time in seconds when the
guilty
IP address is prevented
from establishing a session after the total allowable number of failures is
exceeded