1IPMI-OEM(8) System Commands IPMI-OEM(8)
2
6 ipmi-oem - IPMI OEM utility
7
9 ipmi-oem [OPTION...] <OEMID> <OEMCOMMAND> [OEMOPTION...]
10
12 Ipmi-oem is used to execute OEM specific IPMI commands. It is intended
13 to provide a better user interface for OEM specific IPMI commands
14 rather than using ipmi-raw(8).
15 Please see SUPPORTED OEM IDS and COMMANDS below for a list of supported
17 OEM specific IPMI commands. A list of supported OEM specific commands
18 may also be generated using the --list option.
19 There are no guarantees that the below OEM commands will work on any
21 particular motherboard. OEM extensions may or may not exist on particu‐
22 lar hardware revisions and/or firmware revisions of motherboards. The
23 extensions may or may not function for other lines of motherboards from
24 the same manufacturer.
25 Listed below are general IPMI options, tool specific options, trouble
27 shooting information, workaround information, examples, and known
28 issues. For a general introduction to FreeIPMI please see freeipmi(7).
29
31 The following options are general options for configuring IPMI communi‐
32 cation and executing general tool commands.
33 -D, --driver-type=IPMIDRIVER
35 Specify the driver type to use instead of doing an auto selec‐
36 tion. The currently available outofband drivers are LAN and
37 LAN_2_0, which perform IPMI 1.5 and IPMI 2.0 respectively. The
38 currently available inband drivers are KCS, SSIF, OPENIPMI, and
39 SUNBMC.
40 --disable-auto-probe
42 Do not probe in-band IPMI devices for default settings.
43 --driver-address=DRIVER-ADDRESS
45 Specify the in-band driver address to be used instead of the
46 probed value. DRIVER-ADDRESS should be prefixed with "0x" for a
47 hex value and '0' for an octal value.
48 --driver-device=DEVICE
50 Specify the in-band driver device path to be used instead of the
51 probed path.
52 --register-spacing=REGISTER-SPACING
54 Specify the in-band driver register spacing instead of the
55 probed value.
56 -h, --hostname=IPMIHOST1,IPMIHOST2,...
58 Specify the remote host(s) to communicate with. Multiple host‐
59 names may be separated by comma or may be specified in a range
60 format; see HOSTRANGED SUPPORT below.
61 -u, --username=USERNAME
63 Specify the username to use when authenticating with the remote
64 host. If not specified, a null (i.e. anonymous) username is
65 assumed. The required user privilege will depend on the oem com‐
66 mands executed.
67 -p, --password=PASSWORD
69 Specify the password to use when authenticationg with the remote
70 host. If not specified, a null password is assumed. Maximum
71 password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
72 -P, --password-prompt
74 Prompt for password to avoid possibility of listing it in
75 process lists.
76 -k, --k-g=K_G
78 Specify the K_g BMC key to use when authenticating with the
79 remote host for IPMI 2.0. If not specified, a null key is
80 assumed. To input the key in hexadecimal form, prefix the string
81 with '0x'. E.g., the key 'abc' can be entered with the either
82 the string 'abc' or the string '0x616263'
83 -K, --k-g-prompt
85 Prompt for k-g to avoid possibility of listing it in process
86 lists.
87 --session-timeout=MILLISECONDS
89 Specify the session timeout in milliseconds. Defaults to 20000
90 milliseconds (20 seconds) if not specified.
91 --retransmission-timeout=MILLISECONDS
93 Specify the packet retransmission timeout in milliseconds.
94 Defaults to 1000 milliseconds (1 second) if not specified. The
95 retransmission timeout cannot be larger than the session time‐
96 out.
97 -a, --authentication-type=AUTHENTICATION-TYPE
99 Specify the IPMI 1.5 authentication type to use. The currently
100 available authentication types are NONE, STRAIGHT_PASSWORD_KEY,
101 MD2, and MD5. Defaults to MD5 if not specified.
102 -I, --cipher-suite-id=CIPHER-SUITE-ID
104 Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
105 identifies a set of authentication, integrity, and confidential‐
106 ity algorithms to use for IPMI 2.0 communication. The authenti‐
107 cation algorithm identifies the algorithm to use for session
108 setup, the integrity algorithm identifies the algorithm to use
109 for session packet signatures, and the confidentiality algorithm
110 identifies the algorithm to use for payload encryption. Defaults
111 to cipher suite ID 3 if not specified. The following cipher
112 suite ids are currently supported:
113 0 - Authentication Algorithm = None; Integrity Algorithm = None;
115 Confidentiality Algorithm = None
116 1 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
118 None; Confidentiality Algorithm = None
119 2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
121 HMAC-SHA1-96; Confidentiality Algorithm = None
122 3 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
124 HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
125 6 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
127 None; Confidentiality Algorithm = None
128 7 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
130 HMAC-MD5-128; Confidentiality Algorithm = None
131 8 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
133 HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
134 11 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
136 MD5-128; Confidentiality Algorithm = None
137 12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
139 MD5-128; Confidentiality Algorithm = AES-CBC-128
140 -l, --privilege-level=PRIVILEGE-LEVEL
142 Specify the privilege level to be used. The currently available
143 privilege levels are USER, OPERATOR, and ADMIN. Defaults to
144 ADMIN if not specified.
145 --config-file=FILE
147 Specify an alternate configuration file.
148 -W, --workaround-flags=WORKAROUNDS
150 Specify workarounds to vendor compliance issues. Multiple work‐
151 arounds can be specified separated by commas. See WORKAROUNDS
152 below for a list of available workarounds.
153 --debug
155 Turn on debugging.
156 -?, --help
158 Output a help list and exit.
159 --usage
161 Output a usage message and exit.
162 -V, --version
164 Output the program version and exit.
165
167 This tool requires access to the sensor data repository (SDR) cache for
168 general operation. By default, SDR data will be downloaded and cached
169 on the local machine. The following options apply to the SDR cache.
170 -f, --flush-cache
172 Flush a cached version of the sensor data repository (SDR)
173 cache. The SDR is typically cached for faster subsequent access.
174 However, it may need to be flushed and re-generated if the SDR
175 has been updated on a system.
176 -Q, --quiet-cache
178 Do not output information about cache creation/deletion. May be
179 useful in scripting.
180 --sdr-cache-directory=DIRECTORY
182 Specify an alternate directory for sensor data repository (SDR)
183 caches to be stored or read from. Defaults to the home directory
184 if not specified.
185 --sdr-cache-recreate
187 If the SDR cache is out of date or invalid, automatically recre‐
188 ate the sensor data repository (SDR) cache. This option may be
189 useful for scripting purposes.
190
192 The following options manipulate hostranged output. See HOSTRANGED SUP‐
193 PORT below for additional information on hostranges.
194 -B, --buffer-output
196 Buffer hostranged output. For each node, buffer standard output
197 until the node has completed its IPMI operation. When specifying
198 this option, data may appear to output slower to the user since
199 the the entire IPMI operation must complete before any data can
200 be output. See HOSTRANGED SUPPORT below for additional informa‐
201 tion.
202 -C, --consolidate-output
204 Consolidate hostranged output. The complete standard output from
205 every node specified will be consolidated so that nodes with
206 identical output are not output twice. A header will list those
207 nodes with the consolidated output. When this option is speci‐
208 fied, no output can be seen until the IPMI operations to all
209 nodes has completed. If the user breaks out of the program
210 early, all currently consolidated output will be dumped. See
211 HOSTRANGED SUPPORT below for additional information.
212 -F, --fanout
214 Specify multiple host fanout. A "sliding window" (or fanout)
215 algorithm is used for parallel IPMI communication so that slower
216 nodes or timed out nodes will not impede parallel communication.
217 The maximum number of threads available at the same time is lim‐
218 ited by the fanout. The default is 64.
219 -E, --eliminate
221 Eliminate hosts determined as undetected by ipmidetect. This
222 attempts to remove the common issue of hostranged execution tim‐
223 ing out due to several nodes being removed from service in a
224 large cluster. The ipmidetectd daemon must be running on the
225 node executing the command.
226 --always-prefix
228 Always prefix output, even if only one host is specified or com‐
229 municating in-band. This option is primarily useful for script‐
230 ing purposes. Option will be ignored if specified with the -C
231 option.
232
234 The following options are specific to Ipmi-oem.
235 -L, --list
237 List supported OEM IDs and Commands.
238 -v, --verbose
240 Output verbose information. Additional output will depend on
241 specific OEM ID and OEM COMMANDS specified.
242
244 The currently supported OEM IDs and COMMANDs are listed below. The spe‐
245 cial OEM ID of list may be passed into the list all supported OEM IDs
246 and Commands. The special OEM command list may be passed to any OEM ID
247 to list commands supported by that OEM ID.
248 Dell
250 get-system-info KEY
252 This OEM command can retrieve the motherboard system
253 information. Valid keys are guid, asset-tag, ser‐
254 vice-tag, chassis-service-tag, chassis-related-ser‐
255 vice-tag, board-revision, platform-model-name, or
256 mac-addresses. Command confirmed to work on Dell Pow‐
257 eredge 2900, 2950, R610, and R710 (Dell 10G and 11G Pow‐
258 eredge systems). However, specific system information
259 may not be readable or available on all systems.
260 get-nic-selection
262 This OEM command will determine the current NIC selection
263 for IPMI as dedicated, shared, shared w/ failover to
264 NIC2, or shared w/ failover to all. Dedicated indicates
265 IPMI is only available on an expansion card, shared indi‐
266 cates IPMI is available on NIC1, shared w/ failover to
267 NIC2 indicates IPMI is available on NIC1 w/ failover to
268 NIC2 on NIC1's failure, and shared w/ failover to all
269 indicates IPMI is available on NIC1 w/ failover to all
270 other NICs in the event of NIC failure. Command confirmed
271 to work on Dell Poweredge 2900, 2950, R610, and R710
272 (Dell 10G and 11G Poweredge systems).
273 set-nic-section dedi‐
275 cated|shared|shared_failover_nic2|shared_failover_all
276 This OEM command will set the current NIC selection to
277 dedicated, shared, shared_failover_nic2, or
278 shared_failover_all. (See get-nic-selection above for
279 description on inputs.) On older Poweredge systems,
280 shared_failover_nic2 may have been documented as just
281 failover. Command confirmed to work on Dell Poweredge
282 2900, 2950, R610, and R710 (Dell 10G and 11G Poweredge
283 systems).
284 get-active-lom-status
286 This OEM command will get the current NIC being used for
287 out of band management. Command confirmed to work on Dell
288 Poweredge R610 and R710 (Dell 11G Poweredge systems).
289 get-ssh-config
291 This OEM command will get the current SSH configuration
292 on the IPMI card. Command confirmed to work on Dell Pow‐
293 eredge R610 and R710 (Dell 11G Poweredge systems).
294 set-ssh-config KEY=VALUE ...
296 This OEM command will set the current SSH configuration
297 on the IPMI card. The possible keys and values are
298 ssh=enable|disable, idletimeout=seconds, and portnum‐
299 ber=num. Multiple key=value pairs may be specified. If no
300 key=value pairs are specifed, available pairs are output.
301 Some fields may be read-only on specific Poweredge sys‐
302 tems. Command confirmed to work on Dell Poweredge R610
303 and R710 (Dell 11G Poweredge systems).
304 get-telnet-config
306 This OEM command will get the current telnet configura‐
307 tion on the IPMI card. Command confirmed to work on Dell
308 Poweredge R610 and R710 (Dell 11G Poweredge systems).
309 set-telnet-config KEY=VALUE ...
311 This OEM command will set the current Telnet configura‐
312 tion on the IPMI card. The possible keys and values are
313 telnet=enable|disable, sessiontimeout=seconds, portnum‐
314 ber=num, and 7fls=enable|disable. Multiple key=value
315 pairs may be specified. If no key=value pairs are
316 specifed, available pairs are output. Some fields may be
317 read-only on specific Poweredge systems. Command con‐
318 firmed to work on Dell Poweredge R610 and R710 (Dell 11G
319 Poweredge systems).
320 get-web-server-config
322 This OEM command will get the current web server configu‐
323 ration on the IPMI card. Command confirmed to work on
324 Dell Poweredge R610 and R710 (Dell 11G Poweredge sys‐
325 tems).
326 set-web-server-config KEY=VALUE ...
328 This OEM command will set the current Web Server configu‐
329 ration on the IPMI card. The possible keys and values are
330 webserver=enable|disable, sessiontimeout=seconds, http‐
331 portnumber=num, and httpsportnumber=num. Multiple
332 key=value pairs may be specified. If no key=value pairs
333 are specifed, available pairs are output. Some fields may
334 be read-only on specific Poweredge systems. Command con‐
335 firmed to work on Dell Poweredge R610 and R710 (Dell 11G
336 Poweredge systems).
337 get-active-directory-config
339 This OEM command will get the current active directory
340 configuration on the IPMI card. Command confirmed to work
341 on Dell Poweredge R610 and R710 (Dell 11G Poweredge sys‐
342 tems).
343 set-active-directory-config
345 This OEM command will set the current Web Server configu‐
346 ration on the IPMI card. The possible keys and values are
347 activedirectory=enable|disable, timeout=seconds,
348 type=extended|standard, sso=enable|disable, and certifi‐
349 catevalidation=enable|disable. If no key=value pairs are
350 specifed, available pairs are output. Some fields may be
351 read-only on specific Poweredge systems. Command con‐
352 firmed to work on Dell Poweredge R610 and R710 (Dell 11G
353 Poweredge systems).
354 reset-to-defaults
356 This OEM command will reset the BMC configuration back to
357 default values. The command will spin until the reset is
358 confirmed to be complete. Command confirmed to work on
359 Dell Poweredge R610 and R710 (Dell 11G Poweredge sys‐
360 tems).
361 get-power-consumption-data
363 This OEM command can retrieve power consumption data.
364 Command confirmed to work on Dell Poweredge R610 and R710
365 (Dell 11G Poweredge systems).
366 reset-power-consumption-data cumulative|peak
368 This OEM command can reset the cumulative or peak power
369 consumption data (viewed via get-power-consumption-data).
370 Command confirmed to work on Dell Poweredge R610 and R710
371 (Dell 11G Poweredge systems).
372 power-supply-info
374 This OEM command can read and output power supply ratings
375 and other information. This OEM command requires access
376 to the SDR. Command confirmed to work on Dell Poweredge
377 R610 and R710 (Dell 11G Poweredge systems).
378 get-instantaneous-power-consumption-data power_supply_instance
380 This OEM command can read instantaneous power consumption
381 data. If a power supply instance number is specified,
382 only data for that instance will be gathered. Otherwise,
383 collective power consumption will be gathered. Command
384 confirmed to work on Dell Poweredge R610 and R710 (Dell
385 11G Poweredge systems).
386 get-power-head-room
388 This OEM command can read power head room. Command con‐
389 firmed to work on Dell Poweredge R610 and R710 (Dell 11G
390 Poweredge systems).
391 get-power-consumption-statistics average|max|min
393 This OEM command can read average, max, or min power con‐
394 sumption history. Command confirmed to work on Dell Pow‐
395 eredge R610 and R710 (Dell 11G Poweredge systems).
396 get-power-capacity
398 This OEM command can read the current power capacity.
399 Command confirmed to work on Dell Poweredge R610 and R710
400 (Dell 11G Poweredge systems).
401 set-power-capacity power-capacity
403 This OEM command can write the current power capacity
404 (specified in Watts). Command confirmed to work on Dell
405 Poweredge R610 and R710 (Dell 11G Poweredge systems).
406 get-power-capacity-status
408 This OEM command can determine if the current power
409 capacity is enabled or disabled. Command confirmed to
410 work on Dell Poweredge R610 and R710 (Dell 11G Poweredge
411 systems).
412 set-power-capacity-status enable|disable
414 This OEM command can configure the current power capacity
415 to be enabled or disabled. Command confirmed to work on
416 Dell Poweredge R610 and R710 (Dell 11G Poweredge sys‐
417 tems).
418 get-chassis-identify-status
420 This OEM command will retrieve the current chassis iden‐
421 tify (i.e. LED) status. Command confirmed to work on Dell
422 Poweredge 2900, 2950, R610, and R710 (Dell 10G and 11G
423 Poweredge systems).
424 get-board-id
426 This OEM command can get the board ID. Command confirmed
427 to work on Dell Xanadu II and Dell Xanadu III.
428 set-board-id ID
430 This OEM command can set the board ID. Command confirmed
431 to work on Dell Xanadu II and Dell Xanadu III.
432 get-fcb-version
434 This OEM command can get the fan control board (FCB) ver‐
435 sion number. Command confirmed to work on Dell Xanadu II
436 and Dell Xanadu III.
437 set-fcb-version majorversion minorversion
439 This OEM command can set the fan control board (FCB) ver‐
440 sion number. The majorversion and minorversion must be
441 specified in hex. Command confirmed to work on Dell
442 Xanadu II and Dell Xanadu III.
443 get-sol-inactivity-timeout
445 This OEM command will retrieve the SOL inactivity time‐
446 out. Command confirmed to work on Dell Xanadu II and Dell
447 Xanadu III.
448 set-sol-inactivity-timeout inactivity-timeout
450 This OEM command will set the SOL inactivity timeout. The
451 inactivity-timeout is one-based, max of 65535, in 1
452 minute increments (e.g. 1 = 1 minute), 0 or "none" will
453 configure no timeout. Command confirmed to work on Dell
454 Xanadu II and Dell Xanadu III.
455 Fujitsu
457 get-power-on-source
459 This OEM command will return the reason for the most
460 recent Power On. Command confirmed to work on Fujitsu
461 RX100 S5.
462 get-power-off-source
464 This OEM command will return the reason for the most
465 recent Power Off. Command confirmed to work on Fujitsu
466 RX100 S5.
467 get-remote-storage-status connection_number
469 This OEM command will return the connection and/or status
470 of remote storage. connection_number currently supports a
471 range of 0-1. Command confirmed to work on Fujitsu RX100
472 S5.
473 get-system-status
475 This OEM command will return the current system status.
476 Command confirmed to work on Fujitsu RX100 S5.
477 get-eeprom-version-info eeprom_number
479 This OEM command will return the current version info for
480 various hardware elements, including firmware, SDR, and
481 boot revision. eeprom_number currently supports a range
482 of 0-1. Command confirmed to work on Fujitsu RX100 S5.
483 get-identify-led
485 This OEM command will get the current identify LED sta‐
486 tus. Command confirmed to work on Fujitsu RX100 S5.
487 set-identify-led on|off
489 This OEM command will set the current identify LED sta‐
490 tus. Command confirmed to work on Fujitsu RX100 S5.
491 get-error-led
493 This OEM command will get the current error LED status.
494 Command confirmed to work on Fujitsu RX100 S5.
495 IBM
497 get-led
499 This OEM command will get the current LED status. Command
500 confirmed to work on IBM x3755.
501 Inventec
503 get-nic-mode
505 This OEM command will determine the current NIC mode as
506 dedicated or shared. Dedicated indicates IPMI is only
507 available on the dedicated management port. Shared indi‐
508 cates IPMI is also available on one of the primary ether‐
509 net ports. Command confirmed to work on Inventec
510 5441/5442 (Dell Xanadu II/III).
511 set-nic-mode dedicated|shared
513 This OEM command will set the current NIC mode to dedi‐
514 cated or shared. (See get-nic-mode above for description
515 on dedicated vs. shared mode.) This OEM command may
516 internally reset the BMC, making the BMC unusable for
517 awhile. Command confirmed to work on Inventec 5441/5442
518 (Dell Xanadu II/III).
519 get-mac-address
521 This command will retrieve the BMC MAC address. This is
522 actually not an OEM command, but rather the normal IPMI
523 MAC address command (identical to what is used in the
524 bmc-config(8) tool). This command is placed here for con‐
525 venience.
526 set-mac-address dedicated|shared MACADDR
528 This OEM command will set the dedicated or shared BMC MAC
529 address. (See get-nic-mode above for description on ded‐
530 icated vs. shared mode.) The BMC MAC address cannot be
531 set through the normal IPMI MAC address command (what is
532 used in the bmc-config(8) tool). The MACADDR should be
533 specified in XX:XX:XX:XX:XX:XX form. A shared BMC MAC
534 address may conflict with normal communication ethernet
535 communication on the primary ethernet port. Users may
536 wish to configuration an alternate MAC address instead.
537 After configuration of the MAC address, the BMC must be
538 reset. This may be accomplished by executing a cold-reset
539 with bmc-device(8). Command confirmed to work on Inven‐
540 tec 5441/5442 (Dell Xanadu II/III).
541 get-bmc-services
543 This OEM command will display the currently enabled BMC
544 services. Command confirmed to work on Inventec
545 5441/5442 (Dell Xanadu II/III).
546 set-bmc-services enable|disable all|kvm|http|ssh
548 This OEM command will enable or disable other BMC ser‐
549 vices besides IPMI. all can be specified to enable/dis‐
550 able all services, kvm specifies KVM and Virtual Storage,
551 http specifies HTTP and HTTPS, and ssh specifies both SSH
552 and Telnet. Command confirmed to work on Inventec
553 5441/5442 (Dell Xanadu II/III).
554 get-authentication-config
556 This OEM command will display additional OEM authentica‐
557 tion settings. (See set-authentication-config below for
558 description on outputs.) Command confirmed to work on
559 Inventec 5441/5442 (and subsequently Dell Xanadu II/III).
560 set-authentication-config KEY=VALUE ...
562 This OEM command will set additional OEM authentication
563 settings on the IPMI card. The possible keys and values
564 are maxauthenticationfailures=count, lockoutwindow=sec‐
565 onds, lockouttime=seconds, and httpsportnumber=num. max‐
566 authenticationfailures specifies the maximum number of
567 allowed authentication failures. lockoutwindow specifies
568 the window of time the authentication failure count can
569 be reached in to disable a user. lockouttime specifies
570 the time period a user is disabled if the authentication
571 failure count is reached. Setting 0 to any of the set‐
572 tings will disable the lockout feature. Each time any of
573 these settings is modified, the authentication failure
574 count of each enabled user is reset to 0. Multiple
575 key=value pairs may be specified. If no key=value pairs
576 are specifed, available pairs are output. Command con‐
577 firmed to work on Inventec 5441/5442 (and subsequently
578 Dell Xanadu II/III).
579 get-web-server-config
581 This OEM command will get the current web server configu‐
582 ration on the IPMI card. Command confirmed to work on
583 Inventec 5441/5442 (and subsequently Dell Xanadu II/III).
584 set-web-server-config KEY=VALUE ...
586 This OEM command will set the current web server configu‐
587 ration on the IPMI card. The possible keys and values are
588 webserver=enable|disable, webservertimeout=seconds, http‐
589 portnumber=num, and httpsportnumber=num. Multiple
590 key=value pairs may be specified. If no key=value pairs
591 are specifed, available pairs are output. Command con‐
592 firmed to work on Inventec 5441/5442 (Dell Xanadu
593 II/III).
594 get-power-management-config
596 This OEM command will get the current power management
597 configuration on the IPMI card. Command confirmed to work
598 on Inventec 5441/5442 (and subsequently Dell Xanadu
599 II/III).
600 set-power-management-config KEY=VALUE ...
602 This OEM command will set the current power management
603 configuration on the IPMI card. The possible keys and
604 values are dpnmpowermanagement=enable|disable, powerstag‐
605 geringacrecovery=immediate|auto|user, powerondelay=sec‐
606 onds, and maxpowerondelay=seconds. dpnmpowermanagement
607 enables or diables DPNM, Dynamic Power Node Management.
608 For powerstaggeringacrecovery, immediate specifies no
609 delay, auto generates a delay time between the minimum
610 and maximum configured, and user uses the user defined
611 time defined by powerondelay. powerondelay must be within
612 the minimum and maximum power on delay times. Multiple
613 key=value pairs may be specified. If no key=value pairs
614 are specifed, available pairs are output. Command con‐
615 firmed to work on Inventec 5441/5442 (and subsequently
616 Dell Xanadu II/III).
617 read-eeprom at24c256n
619 This OEM command will read the specified eeprom. Command
620 confirmed to work on Inventec 5441 (Dell Xanadu II) for
621 at24c256.
622 clear-eeprom at24c256n
624 This OEM command will clear the specified eeprom. If the
625 verbose option is set, progress percent will be output as
626 the clearing is being done. Command confirmed to work on
627 Inventec 5441 (and subsequently Dell Xanadu II) for
628 at24c256.
629 Quanta
631 reset-to-defaults all|user|lan|sol|serial|pef
633 This OEM command will reset certain BMC configuration
634 sections back to default values. The command will spin
635 until the reset is confirmed to be complete. Command con‐
636 firmed to work on Quanta S99Q (Dell TS12-TY). After run‐
637 ning this command, the BMC must be reset to return it to
638 functioning status. This may be accomplished by executing
639 a cold-reset with bmc-device(8).
640 get-processor-information [processor-index]
642 This OEM command will determine system processor informa‐
643 tion. By default, information about each processor will
644 be output. If a processor_index is specified, only that
645 specific processor will be output. Command confirmed to
646 work on Quanta S99Q (Dell TS12-TY).
647 Sun
649 get-led
651 This OEM command will output current LED mode. off indi‐
652 cates the LED is steady off, on indicates the LED is
653 steady on, standby indicates teh LED blinks at a 100ms
654 on, 2900ms off rate, slow indicates the LED is blinking
655 at 1Hz, and fast indicates the LED is blinking at 4Hz.
656 If the verbose option is set, sensor names will be output
657 with their entity ID and instance when appropriate. (Sim‐
658 ilar to the --entity-sensor-names options in ipmi-sensors
659 and ipmimonitoring.) Command confirmed to work on Sun
660 Fire 4140 with ILOM.
661 set-led record_id off|on|standby|slow|fast
663 This OEM command will configure LED modes. (See get-led
664 above for description on LED modes.) Command confirmed to
665 work on Sun Fire 4140 with ILOM.
666 Supermicro
668 extra-firmware-info
670 This OEM command will output additional firmware version
671 information. Command confirmed to work on Supermicro
672 H8QME.
673 reset-intrusion
675 This OEM command will reset the motherboard intrusion
676 flag after it has been triggered. For example, in ipmi-
677 sensors or ipmi-sel, you may notice a 'General Chassis
678 Intrusion' if the motherboard chassis is not open, but
679 was opened in the past. Command confirmed to work on
680 Supermicro H8QME.
681 get-bmc-services-status
683 This OEM command will determine if non-IPMI services
684 (e.g. ssh, http, https, vnc, etc.) are currently enabled
685 or disabled on the BMC. Command confirmed to work on
686 Supermicro X8DTG.
687 set-bmc-services-status enable|disable
689 This OEM command will enable or disable all non-IPMI ser‐
690 vices on the BMC. This command can be used to enable or
691 disable non-IPMI services such as ssh, http, https, and
692 vnc. Command confirmed to work on Supermicro X8DTG.
693
695 Multiple hosts can be input either as an explicit comma separated lists
696 of hosts or a range of hostnames in the general form: prefix[n-m,l-
697 k,...], where n < m and l < k, etc. The later form should not be con‐
698 fused with regular expression character classes (also denoted by []).
699 For example, foo[19] does not represent foo1 or foo9, but rather repre‐
700 sents a degenerate range: foo19.
701 This range syntax is meant only as a convenience on clusters with a
703 prefixNN naming convention and specification of ranges should not be
704 considered necessary -- the list foo1,foo9 could be specified as such,
705 or by the range foo[1,9].
706 Some examples of range usage follow:
708 foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
709 foo[7,9-10] instead of foo7,foo9,foo10
710 foo[0-3] instead of foo0,foo1,foo2,foo3
711 As a reminder to the reader, some shells will interpret brackets ([ and
713 ]) for pattern matching. Depending on your shell, it may be necessary
714 to enclose ranged lists within quotes.
715 When multiple hosts are specified by the user, a thread will be exe‐
717 cuted for each host in parallel up to the configured fanout (which can
718 be adjusted via the -F option). This will allow communication to large
719 numbers of nodes far more quickly than if done in serial.
720 By default, standard output from each node specified will be output
722 with the hostname prepended to each line. Although this output is read‐
723 able in many situations, it may be difficult to read in other situa‐
724 tions. For example, output from multiple nodes may be mixed together.
725 The -B and -C options can be used to change this default.
726 In-band IPMI Communication will be used when the host "localhost" is
728 specified. This allows the user to add the localhost into the hos‐
729 tranged output.
730
732 Most often, IPMI problems are due to configuration problems. Inband
733 IPMI problems are typically caused by improperly configured drivers or
734 non-standard BMCs. IPMI over LAN problems involve a misconfiguration of
735 the remote machine's BMC. Double check to make sure the following are
736 configured properly in the remote machine's BMC: IP address, MAC
737 address, subnet mask, username, user enablement, user privilege, pass‐
738 word, LAN privilege, LAN enablement, and allowed authentication
739 type(s). For IPMI 2.0 connections, double check to make sure the cipher
740 suite privilege(s) and K_g key are configured properly. The bmc-con‐
741 fig(8) tool can be used to check and/or change these configuration set‐
742 tings.
743 The following are common issues for given error messages:
745 "username invalid" - The username entered (or a NULL username if none
747 was entered) is not available on the remote machine. It may also be
748 possible the remote BMC's username configuration is incorrect.
749 "password invalid" - The password entered (or a NULL password if none
751 was entered) is not correct. It may also be possible the password for
752 the user is not correctly configured on the remote BMC.
753 "password verification timeout" - Password verification has timed out.
755 A "password invalid" error (described above) or a generic "session
756 timeout" (described below) occurred. During this point in the protocol
757 it cannot be differentiated which occurred.
758 "k_g invalid" - The K_g key entered (or a NULL K_g key if none was
760 entered) is not correct. It may also be possible the K_g key is not
761 correctly configured on the remote BMC.
762 "privilege level insufficient" - An IPMI command requires a higher user
764 privilege than the one authenticated with. Please try to authenticate
765 with a higher privilege. This may require authenticating to a different
766 user which has a higher maximum privilege.
767 "privilege level cannot be obtained for this user" - The privilege
769 level you are attempting to authenticate with is higher than the maxi‐
770 mum allowed for this user. Please try again with a lower privilege. It
771 may also be possible the maximum privilege level allowed for a user is
772 not configured properly on the remote BMC.
773 "authentication type unavailable for attempted privilege level" - The
775 authentication type you wish to authenticate with is not available for
776 this privilege level. Please try again with an alternate authentication
777 type or alternate privilege level. It may also be possible the avail‐
778 able authentication types you can authenticate with are not correctly
779 configured on the remote BMC.
780 "cipher suite id unavailable" - The cipher suite id you wish to authen‐
782 ticate with is not available on the remote BMC. Please try again with
783 an alternate cipher suite id. It may also be possible the available
784 cipher suite ids are not correctly configured on the remote BMC.
785 "ipmi 2.0 unavailable" - IPMI 2.0 was not discovered on the remote
787 machine. Please try to use IPMI 1.5 instead.
788 "connection timeout" - Initial IPMI communication failed. A number of
790 potential errors are possible, including an invalid hostname specified,
791 an IPMI IP address cannot be resolved, IPMI is not enabled on the
792 remote server, the network connection is bad, etc. Please verify con‐
793 figuration and connectivity.
794 "session timeout" - The IPMI session has timed out. Please reconnect.
796 If this error occurs often, you may wish to increase the retransmission
797 timeout. Some remote BMCs are considerably slower than others.
798 "device not found" - The specified device could not be found. Please
800 check configuration or inputs and try again.
801 "driver timeout" - Communication with the driver or device has timed
803 out. Please try again.
804 "message timeout" - Communication with the driver or device has timed
806 out. Please try again.
807 "BMC busy" - The BMC is currently busy. It may be processing informa‐
809 tion or have too many simultaneous sessions to manage. Please wait and
810 try again.
811 "could not find inband device" - An inband device could not be found.
813 Please check configuration or specify specific device or driver on the
814 command line.
815 Please see WORKAROUNDS below to also if there are any vendor specific
817 bugs that have been discovered and worked around.
818
820 With so many different vendors implementing their own IPMI solutions,
821 different vendors may implement their IPMI protocols incorrectly. The
822 following lists the workarounds currently available to handle discov‐
823 ered compliance issues.
824 When possible, workarounds have been implemented so they will be trans‐
826 parent to the user. However, some will require the user to specify a
827 workaround be used via the -W option.
828 The hardware listed below may only indicate the hardware that a problem
830 was discovered on. Newer versions of hardware may fix the problems
831 indicated below. Similar machines from vendors may or may not exhibit
832 the same problems. Different vendors may license their firmware from
833 the same IPMI firmware developer, so it may be worthwhile to try work‐
834 arounds listed below even if your motherboard is not listed.
835 "idzero" - This workaround option will allow empty session IDs to be
837 accepted by the client. It works around IPMI sessions that report empty
838 session IDs to the client. Those hitting this issue may see "session
839 timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
840 "unexpectedauth" - This workaround option will allow unexpected non-
842 null authcodes to be checked as though they were expected. It works
843 around an issue when packets contain non-null authentication data when
844 they should be null due to disabled per-message authentication. Those
845 hitting this issue may see "session timeout" errors. Issue observed on
846 Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
847 "forcepermsg" - This workaround option will force per-message authenti‐
849 cation to be used no matter what is advertised by the remote system. It
850 works around an issue when per-message authentication is advertised as
851 disabled on the remote system, but it is actually required for the pro‐
852 tocol. Those hitting this issue may see "session timeout" errors.
853 Issue observed on IBM eServer 325.
854 "endianseq" - This workaround option will flip the endian of the ses‐
856 sion sequence numbers to allow the session to continue properly. It
857 works around IPMI 1.5 session sequence numbers that are the wrong
858 endian. Those hitting this issue may see "session timeout" errors.
859 Issue observed on some Sun ILOM 1.0/2.0 (depends on service processor
860 endian).
861 "authcap" - This workaround option will skip early checks for username
863 capabilities, authentication capabilities, and K_g support and allow
864 IPMI authentication to succeed. It works around multiple issues in
865 which the remote system does not properly report username capabilities,
866 authentication capabilities, or K_g status. Those hitting this issue
867 may see "username invalid", "authentication type unavailable for
868 attempted privilege level", or "k_g invalid" errors. Issue observed on
869 Asus P5M2/P5MT-R/RS162-E4/RX4, Intel SR1520ML/X38ML, and Sun Fire
870 2200/4150/4450 with ELOM.
871 "intel20" - This workaround option will work around several Intel IPMI
873 2.0 authentication issues. The issues covered include padding of user‐
874 names, automatic acceptance of a RAKP 4 response integrity check when
875 using the integrity algorithm MD5-128, and password truncation if the
876 authentication algorithm is HMAC-MD5-128. Those hitting this issue may
877 see "username invalid", "password invalid", or "k_g invalid" errors.
878 Issue observed on Intel SE7520AF2 with Intel Server Management Module
879 (Professional Edition).
880 "supermicro20" - This workaround option will work around several Super‐
882 micro IPMI 2.0 authentication issues on motherboards w/ Peppercon IPMI
883 firmware. The issues covered include handling invalid length authenti‐
884 cation codes. Those hitting this issue may see "password invalid"
885 errors. Issue observed on Supermicro H8QME with SIMSO daughter card.
886 Confirmed fixed on newerver firmware.
887 "sun20" - This workaround option will work work around several Sun IPMI
889 2.0 authentication issues. The issues covered include invalid lengthed
890 hash keys, improperly hashed keys, and invalid cipher suite records.
891 Those hitting this issue may see "password invalid" or "bmc error"
892 errors. Issue observed on Sun Fire 4100/4200/4500 with ILOM. This
893 workaround automatically includes the "opensesspriv" workaround.
894 "opensesspriv" - This workaround option will slightly alter FreeIPMI's
896 IPMI 2.0 connection protocol to workaround an invalid hashing algorithm
897 used by the remote system. The privilege level sent during the Open
898 Session stage of an IPMI 2.0 connection is sometimes invalid and used
899 for hashing keys instead of the privilege level sent during the RAKP1
900 connection stage. Those hitting this issue may see "password invalid",
901 "k_g invalid", "bad rmcpplus status code", or "privilege level cannot
902 be obtained for this user " errors. Issue observed on Sun Fire
903 4100/4200/4500 with ILOM, Inventec 5441/Dell Xanadu II, Supermicro
904 X8DTH, Supermicro X8DTG, Supermicro X8DTU, and Intel S5500WBV/Penguin
905 Relion 700. This workaround is automatically triggered with the "sun20"
906 workaround.
907 "integritycheckvalue" - This workaround option will work around an
909 invalid integrity check value during an IPMI 2.0 session establishment
910 when using Cipher Suite ID 0. The integrity check value should be 0
911 length, however the remote motherboard responds with a non-empty field.
912 Those hitting this issue may see "k_g invalid" errors. Issue observed
913 on Supermicro X8DTG, Supermicro X8DTU, and Intel S5500WBV/Penguin
914 Relion 700.
915
917 On older operating systems, if you input your username, password, and
918 other potentially security relevant information on the command line,
919 this information may be discovered by other users when using tools like
920 the ps(1) command or looking in the /proc file system. It is generally
921 more secure to input password information with options like the -P or
922 -K options. Configuring security relevant information in the FreeIPMI
923 configuration file would also be an appropriate way to hide this infor‐
924 mation.
925 In order to prevent brute force attacks, some BMCs will temporarily
927 "lock up" after a number of remote authentication errors. You may need
928 to wait awhile in order to this temporary "lock up" to pass before you
929 may authenticate again.
930
932 Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
933
935 Copyright © 2008-2010 FreeIPMI Core Team
936 This program is free software; you can redistribute it and/or modify it
938 under the terms of the GNU General Public License as published by the
939 Free Software Foundation; either version 2 of the License, or (at your
940 option) any later version.
941
943 freeipmi(7), bmc-config(8), bmc-device(8), ipmi-raw(8)
944 http://www.gnu.org/software/freeipmi/
946IPMI OEM version 0.8.8 2010-07-21 IPMI-OEM(8)