HPE Community
BladeSystem - General
1753923 Members
8595 Online
108810 Solutions
New Discussion юеВ

Re: c7000 networking / ILO configuration

 
Ernst_H
Occasional Contributor

тАО08-02-2021 10:04 AM - last edited on тАО08-08-2021 09:37 PM by

тАО08-02-2021 10:04 AM - last edited on тАО08-08-2021 09:37 PM by

c7000 networking / ILO configuration

Dear all,

 

a newbie in the field of c7000 systems тАУ me тАУ has some fundamental questions regarding ILO / networking.

I have the following situation: I got two c7000 enclosures populated with various blades running in the basement of our building, so physical access if necessary is not a big deal. The OA are connected to the institute network (128.128.x.x/23) using static IP configuration. I can connect to them flawlessly an have performed also firmware updates, so this is working without any problems.

BUT: our IT department complains about the fact that on the network port(s) in the server rack to which the OA(s) is(are) connected, not only the MAC of the OA are visible, but also the MACs of the ILOs which are in the corresponding enclosure (so the OA acts like as a switch). This should be turned off, if possible.

So this is the situation I would like to have (if this is technical possible and makes senseтАж):

  • The OA MAC should be the only one which appears on the network port connected to the institute network
  • The MACs of the ILOs should not be visible on this port!
  • The ILOs should not request IPs via DHCP from the institute network (128.131.x.x) nor should they have static IP addresses within this range.
  • I donтАЩt want to completely turn off the ILOs, as I like to monitor the blades / interconnects via the OA from my office and I want to use the connection for firmware updates via the enclosure (and this requires an ILO connection, right?)
  • The preferred configuration of the ILOs would be an automatic one (that means the OA working as an тАЬDHCPтАЭ only (!) within the enclosure) or, if this is not possible, I can configure the ILOs manually. But IтАЩd really like to avoid this.

And now there are some questions:

  • Can I achieve this / is this possible and how would be the preferred way to configure the OAs / ILOs?
  • As for the automatic configuration of ILOs I read about тАЬEBIPAтАЭ, which I think would do the job. But on the one hand I read, тАЬIf you use DHCP servers on your management network, do not use EBIPA for management IP address assignments.тАЭ (http://bladesystem.helpmax.net/en/first-time-setup-wizard/enclosure-bay-ip-addressing/). And of course on the 128.131.x.x. network a DHCP server is running. On the other hand, I donтАЩt think, that this would solve the тАЬMAC is visible though the OA management portтАЭ problemтАж
  • Is it possible / necessary to have an тАЬinternalтАЭ network within the enclosure for the ILOs (blades & interconnects), I read about тАЬvirtual networks VLANsтАЭ, could this be a solution?
  •  An option I was thinking about is using my HP Procurve switch as a тАЬMAC filterтАЭ. If I would connect the OAs not directly to the network ports at the patch field but have the switch in between, I might use the option "MAC Address lockoutтАЭ, which тАУ according to the manual тАЬPrevents configured particular MAC addresses from connecting to the network". This should also avoid DHCP request passed to the DHCP server for 128.131.x.x., right?

 

Maybe these problems were тАЬalready solved 100 timesтАЭ, however, I was not able to find any substantial information about it тАУ maybe I was using wrong search terms. If this is the case, please point me in the right direction тАУ However, any help / suggestions are really appreciated.

 

Thanks for your precious time,

 

Best

 

Ernst

 

0 Kudos
Reply
2 REPLIES 2
AmRa
HPE Pro

тАО08-08-2021 09:32 PM

тАО08-08-2021 09:32 PM

Re: c7000 networking / ILO configuration

Enclosure Bay IP Addressing (EBIPA)

The First Time Setup Wizard Enclosure Bay IP Addressing screens allow you to configure IPv4 and IPv6 fixed addresses forOnboard Administrator enclosure bays. The Onboard Administrator EBIPA feature helps you provision a fixed IP addressbased on bay number, which preserves the IP address for a particular bay even if a device is replaced. The managementinterface for components plugged into the bays must be set for DHCP. EBIPA can only be used if the devices are set to bootfrom DHCP. If a device is configured for static IP, then it must be manually reconfigured to DHCP to change the EBIPA IPaddress.

NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCPaddresses," meaning that each of these addresses is an IP address permanently associated with a specific bay numberindependent of the actual device currently attached to the bay.

The server blade iLO bays and interconnect module management bays can obtain IP addresses on the management network inseveral ways: dynamic IP addressing using an external DHCP server, static IP addressing, SLAAC via router advertisements(IPv6 only), or EBIPA. If your network has a DHCP service or if you want to manually assign static IP addresses one by one tothe server blades and interconnect modules, click Skip to bypass configuring Enclosure Bay IP Addressing.

EBIPA only assigns fixed DHCP IP addresses to the management interface for server iLOs and interconnect modules on themanagement network internal to the enclosure. EBIPA does not assign IP addresses for any other devices on the managementnetwork external to the enclosure and cannot be used as a DHCP server on the production network.

The server blade iLO defaults to DHCP addressing, which is obtained through the network connector of the Active OnboardAdministrator. Interconnect modules that have an internal management network connection to the Onboard Administratormight also default to DHCP addressing.

For more information, please refer HPE BladeSystem Onboard Administrator User Guide (page number 71 to 77)

https://support.hpe.com/hpesc/public/docDisplay?docId=c00705292

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
AmRa
HPE Pro

тАО08-08-2021 09:35 PM

тАО08-08-2021 09:35 PM

Re: c7000 networking / ILO configuration

Enclosure Bay IP Addressing (EBIPA):
The First Time Setup Wizard Enclosure Bay IP Addressing screens allow you to configure IPv4 and IPv6 fixed addresses for Onboard Administrator enclosure bays. The Onboard Administrator EBIPA feature helps you provision a fixed IP address based on bay number, which preserves the IP address for a particular bay even if a device is replaced. The management interface for components plugged into the bays must be set for DHCP. EBIPA can only be used if the devices are set to boot from DHCP. If a device is configured for static IP, then it must be manually reconfigured to DHCP to change the EBIPA IP address.

NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP
addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay.

The server blade iLO bays and interconnect module management bays can obtain IP addresses on the management network in several ways: dynamic IP addressing using an external DHCP server, static IP addressing, SLAAC via router advertisements (IPv6 only), or EBIPA. If your network has a DHCP service or if you want to manually assign static IP addresses one by one to the server blades and interconnect modules, click Skip to bypass configuring Enclosure Bay IP Addressing.

EBIPA only assigns fixed DHCP IP addresses to the management interface for server iLOs and interconnect modules on the management network internal to the enclosure. EBIPA does not assign IP addresses for any other devices on the management network external to the enclosure and cannot be used as a DHCP server on the production network.
The server blade iLO defaults to DHCP addressing, which is obtained through the network connector of the Active Onboard Administrator. Interconnect modules that have an internal management network connection to the Onboard Administrator might also default to DHCP addressing.

For more information, please refer HPE BladeSystem Onboard Administrator User Guide (page number 71 to 77)

https://support.hpe.com/hpesc/public/docDisplay?docId=c00705292

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.