cancel
Showing results for 
Search instead for 
Did you mean: 

iLO discovery

SOLVED
Go to solution
Tejo Prayaga
Occasional Advisor

iLO discovery

Hi,

I was just wondering if there are any standard approaches of doing iLO discovery.
Some times I saw people doing manual discovery, involving user input of
information and stuff like that, which could be erroneous. I am looking for
a standard approach, something like an SNMP discovery, where the manager
discovers SNMP devices (even if the exact IP address not known, using ping
sweep, seed IP etc)

I am interested in getting only minimal information from the iLO like its IP
address, it's server identity say for exampl MAC addresses, server IP etc.

Also, lets assume that the iLO is setup with static IP addresses. I know
something can be done, if the ILO is setup with DHCP, then the DHCP server can
tweak to get some information out of iLO.

Appreciate your inputs on this.

Thanks
Tejo
3 REPLIES
Rob Leadbeater
Honored Contributor
Solution

Re: iLO discovery

Hi Tejo,

You could look at using a tool such as nmap from http://www.insecure.org to scan your network.

This will allow you to scan network segments quickly and can identify the services on the devices that it finds.

For example you could scan a whole subnet with a command such as:

# nmap -v -A 192.168.0.0/24

Running it against a machine which I know has an iLO card on it gives me this output:

# nmap -A 192.168.0.1

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-01-15 15:57 GMT
Interesting ports on iloabcdefghij.domain.com (192.168.0.1):
(The 1671 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh mpSSH 0.0.1 (protocol 2.0)
80/tcp open http Compaq Integrated Lights-Out http config
443/tcp open ssl OpenSSL
Device type: remote management
Running: HP embedded
OS details: HP Integrated Lights Out remote configuration Board
Service Info: Device: remote management

Nmap finished: 1 IP address (1 host up) scanned in 12.292 seconds


If you're looking to automate something, then the output from nmap can also be redirected into various file formats which can then be searched easily.

Hope this helps,

Regards,

Rob
Tejo Prayaga
Occasional Advisor

Re: iLO discovery

Hi Rob,

Appreciate the detailed response and including the actual command and output.

1)
Yes, this seems to solve the problem.

Just curious, is "nmap" an acceptable application to use in a production
network (due to security/whatever reasons). I see that "nmap" now
comes with most Linux distributions and also observed "nmap" being used as
a diagnostic/security analysis tool. Just curious, if no such issues I would
like to move ahead with "nmap"

Also, I assume that lights out mgmt boards from other vendors will also give
some such sort of output, so that we can categorize appropriately.

I haven't tried with other vendors, but will be trying soon.

2)
My other important concern is to get some information in the discovery process,
which will identify the server to which the iLO is associated. For example, mac
address, IP address or something of the server.

I agree "nmap" itself will not help in getting such kind of Info.

I am looking at any CLI commands, SNMP variable information, whatever that will
help in making an association between the iLO and the Server.

Lets say we have discovered an iLO with iP1, whose server has a nic1 with mac
address m1. Is it anyway possible to determine that this iLO (with ip1) is on
server with m1.

I hope it is clear. This will help in server management using the iLO commands.

Appreciate your time on this

Thanks
Tejo
Rob Leadbeater
Honored Contributor

Re: iLO discovery

Hi Tejo,

To answer your questions...

1) I would feel fine using nmap in production environments. As you say, the fact that it is now included in many Linux distros adds to its credibility.
To quote the man page: "While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime."

I suspect some security departments may be wary due to the software's potential use as a hacking tool. However a fundamental aspect of security is to understand those tools which hackers are using against you. nmap is likely to be being used against your public facing hosts every minute of every day. Your much better identifying problems yourself before any bad guys do...

If you are paranoid, you could ensure that all of your iLO cards are on a separate network or VLAN. I tend to do this anyway to keep things neat. For example I know that any devices starting 192.168.3.x are on my management VLAN...

2) The server name is normally reported when you first connect to the iLO CLI:

User:Administrator logged-in to ILOABCDEFGHIJ.domain.com(192.168.0.1)
iLO 1.84 pass9 at 14:48:45 May 05 2006
Server Name: SERVER01
Server Power: Off

hpiLO->

However you need to have loaded the OS iLO agents on the server to get this information - which are included in the ProLiant Support Pack.

On a machine without the PSP installed, you get:

Server Name: host is unnamed


You could also look further into using some of the DMTF SMASH CLP Commands.

For example you can get the server name (serial number) like this...:

hpiLO->

hpiLO-> cd system1
status=0
status_tag=COMMAND COMPLETED


/system1


hpiLO-> show
status=0
status_tag=COMMAND COMPLETED


/system1
Targets
firmware
bootconfig1
log1
led1
console1
oemhp_vsp1
cpu1
cpu2
memory1
memory2
memory3
memory4
slot1
slot2
powerreg_data
Properties
name=ProLiant DL360 G3
number=K02NMHQ44U
enabledstate=enabled
oemhp_powerreg=auto
Verbs
cd version exit show reset start stop


hpiLO->


Hope this helps,

Regards,

Rob