Dell iDRAC7 User Manual page 71

– cfgRacTuneIpRangeMask
– cfgRacTuneIpBlkEnable
– cfgRacTuneIpBlkFailCount
– cfgRacTuneIpBlkFailWindow
• With set command, use the objects in the iDRAC.IPBlocking group:
– RangeEnable
– RangeAddr
– RangeMask
– BlockEnable
– FailCount
– FailWindow
– PenaltyTime
The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the
cfgRacTuneIpRangeAddr or RangeAddr property. If the results are identical, the incoming login request is allowed to
access iDRAC7. Logging in from IP addresses outside this range results in an error.
The login proceeds if the following expression equals zero:
• Using legacy syntax: cfgRacTuneIpRangeMask & (<incoming-IP-address> ^
cfgRacTuneIpRangeAddr)
• Using new syntax: RangeMask & (<incoming-IP-address> ^ RangeAddr)
where, & is the bitwise AND of the quantities and ^ is the bitwise exclusive-OR.
Examples for IP Filtering
• The following RACADM commands block all IP addresses except 192.168.0.57:
– Using config command:
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeAddr 192.168.0.57
racadm config -g cfgRacTuning -o cfgRacTuneIpRangeMask 255.255.255.255
– Using set command:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.57
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.255
• To restrict logins to a set of four adjacent IP addresses (for example, 192.168.0.212 through 192.168.0.215), select all
but the lowest two bits in the mask:
– Using set command:
racadm set iDRAC.IPBlocking.RangeEnable 1
racadm set iDRAC.IPBlocking.RangeAddr 192.168.0.212
racadm set iDRAC.IPBlocking.RangeMask 255.255.255.252
The last byte of the range mask is set to 252, the decimal equivalent of 11111100b.
Examples for IP blocking
• The following example prevents a management station IP address from establishing a session for five minutes if it
has failed five login attempts within a minute.
71