- Community Home
- >
- Servers and Operating Systems
- >
- Integrity Servers
- >
- Re: Locking Management Processor ( MP )
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 06:48 AM
тАО02-22-2007 06:48 AM
We have a number of Itanium servers running HP-UX 11.23. The Itaniums all have an RS232 Management Processor (MP) port to which we connect a terminal. We can access any/all of the Itaniums through their MP port.
These MP's have there own IP addresses and some can currently be accessed over the LAN. Whenever our security people do a security scan with a program called Retna, certain of the MP's (the same ones that are LAN accessable with the CSP command ) kick off alarms stating that:
"A default community name is enabled in this SNMP service"
I could change the community name, but think that it would be easier and better simply to lock ALL of the MP to LAN connection. After spending some time in the MP menus, I have given up trying to disable the ports
to LAN traffic. Can anyone tell me how to disable LAN access to the MP's?
Thanks,
Darrell Tschakert
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 12:10 PM
тАО02-22-2007 12:10 PM
Re: Locking Management Processor ( MP )
If you are using the serial connection and are not using the iLO MP NIC, the most obvious course would seem to be unplugging the MP NIC from the network.
If you need access via the MP NIC, park a cheap firewall between the network and the MP would seem reasonable.
If it's specifically SNMP you're after, there is an iLO Adminstrative -> SNMP Settings page around where you can selectively disable SNMP.
There's an iLO manual around with details of this widget; the Integrated Lights-Out (iLO) Management Processor Operations Guide. I'm looking at the 3rd edition. Here's the direct path into the document: http://docs.hp.com/en/5971-4289/5971-4289.pdf
Stephen Hoffman
HoffmanLabs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 12:49 PM
тАО02-22-2007 12:49 PM
Re: Locking Management Processor ( MP )
Of course, simply disconnecting the LAN port on the MP would work too...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 06:39 PM
тАО02-22-2007 06:39 PM
Re: Locking Management Processor ( MP )
depending on the server model and firmware you can disable telnet, enable ssh and modify the snmp string away from the default.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2007 07:42 AM
тАО02-26-2007 07:42 AM
Re: Locking Management Processor ( MP )
I went to the iLO PDF file that Stephen listed. According to this documentation, it should be easy to set the Community Strings. Just login over the web, select "Administration" and then select "SNMP Settings". The problem is that the "SNMP Settings" option is not listed. Only the first six options are listed.
If I telnet into the port or login via the MP/RS232 port, I should have access to a command named "SNMP". However, this command is not available, nor does Help talk about it.
At this time, I would rather just set the SNMP strings, but there appears to be no way to do this. Any ideas?
Thanks,
Darrell Tschakert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2007 12:44 AM
тАО02-27-2007 12:44 AM
Re: Locking Management Processor ( MP )
Please post more details.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2007 01:40 AM
тАО02-27-2007 01:40 AM
Re: Locking Management Processor ( MP )
1. This is part of the opening window when I do a web login to one of the MP's:
--------------------------
Firmware Revisions:
iLO MP: E.03.15
BMC : 03.49
EFI : 03.14
System Firmware: 03.17
--------------------------
2. The Itaniums are four rx4640's and two rx2620's.
3. They all run HP-UX 11.23.
I beleive that I just updated the firmware on the MP a few months ago.
Please let me know if there is anything else that I can provide.
Thanks,
Darrell Tschakert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2007 02:54 AM
тАО02-27-2007 02:54 AM
SolutionThe release notes says about enhancements:
iLO MP E.03.30
Added the capability to disable SNMP.
Added the capability to set the SNMP Community String. The default Community String is set to "public".
Added LDAP-lite functionality.
So you need MP firmware E.03.30 (including other components):
Read and download:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=88837&swItem=ux-41801-1&prodNameId=346361&swEnvOID=54&swLang=13&taskId=135&mode=4&idx=0
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!