- Community Home
- >
- Servers and Operating Systems
- >
- Integrity Servers
- >
- Locking Management Processor ( MP )
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-22-2007 06:48 AM
02-22-2007 06:48 AM
We have a number of Itanium servers running HP-UX 11.23. The Itaniums all have an RS232 Management Processor (MP) port to which we connect a terminal. We can access any/all of the Itaniums through their MP port.
These MP's have there own IP addresses and some can currently be accessed over the LAN. Whenever our security people do a security scan with a program called Retna, certain of the MP's (the same ones that are LAN accessable with the CSP command ) kick off alarms stating that:
"A default community name is enabled in this SNMP service"
I could change the community name, but think that it would be easier and better simply to lock ALL of the MP to LAN connection. After spending some time in the MP menus, I have given up trying to disable the ports
to LAN traffic. Can anyone tell me how to disable LAN access to the MP's?
Thanks,
Darrell Tschakert
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-22-2007 12:10 PM
02-22-2007 12:10 PM
Re: Locking Management Processor ( MP )
If you are using the serial connection and are not using the iLO MP NIC, the most obvious course would seem to be unplugging the MP NIC from the network.
If you need access via the MP NIC, park a cheap firewall between the network and the MP would seem reasonable.
If it's specifically SNMP you're after, there is an iLO Adminstrative -> SNMP Settings page around where you can selectively disable SNMP.
There's an iLO manual around with details of this widget; the Integrated Lights-Out (iLO) Management Processor Operations Guide. I'm looking at the 3rd edition. Here's the direct path into the document: http://docs.hp.com/en/5971-4289/5971-4289.pdf
Stephen Hoffman
HoffmanLabs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-22-2007 12:49 PM
02-22-2007 12:49 PM
Re: Locking Management Processor ( MP )
Of course, simply disconnecting the LAN port on the MP would work too...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-22-2007 06:39 PM
02-22-2007 06:39 PM
Re: Locking Management Processor ( MP )
depending on the server model and firmware you can disable telnet, enable ssh and modify the snmp string away from the default.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-26-2007 07:42 AM
02-26-2007 07:42 AM
Re: Locking Management Processor ( MP )
I went to the iLO PDF file that Stephen listed. According to this documentation, it should be easy to set the Community Strings. Just login over the web, select "Administration" and then select "SNMP Settings". The problem is that the "SNMP Settings" option is not listed. Only the first six options are listed.
If I telnet into the port or login via the MP/RS232 port, I should have access to a command named "SNMP". However, this command is not available, nor does Help talk about it.
At this time, I would rather just set the SNMP strings, but there appears to be no way to do this. Any ideas?
Thanks,
Darrell Tschakert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-27-2007 12:44 AM
02-27-2007 12:44 AM
Re: Locking Management Processor ( MP )
Please post more details.
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-27-2007 01:40 AM
02-27-2007 01:40 AM
Re: Locking Management Processor ( MP )
1. This is part of the opening window when I do a web login to one of the MP's:
--------------------------
Firmware Revisions:
iLO MP: E.03.15
BMC : 03.49
EFI : 03.14
System Firmware: 03.17
--------------------------
2. The Itaniums are four rx4640's and two rx2620's.
3. They all run HP-UX 11.23.
I beleive that I just updated the firmware on the MP a few months ago.
Please let me know if there is anything else that I can provide.
Thanks,
Darrell Tschakert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
02-27-2007 02:54 AM
02-27-2007 02:54 AM
SolutionThe release notes says about enhancements:
iLO MP E.03.30
Added the capability to disable SNMP.
Added the capability to set the SNMP Community String. The default Community String is set to "public".
Added LDAP-lite functionality.
So you need MP firmware E.03.30 (including other components):
Read and download:
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=15351&prodSeriesId=88837&swItem=ux-41801-1&prodNameId=346361&swEnvOID=54&swLang=13&taskId=135&mode=4&idx=0
Hope this helps!
Regards
Torsten.
__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!
If you feel this was helpful please click the KUDOS! thumb below!

Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP