OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: tigs on March 14, 2016, 02:21:16 am

Title: Is this a bug? update, I still believe this is a bug
Post by: tigs on March 14, 2016, 02:21:16 am
I have a supermicro A1SRi-2758F motherboard
http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm (http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm)

It has 4 gigabit ports and 1 dedicated IMPI ports. My setup is as follows:

ethernet port 0 = WAN
LAN = bridge 0 =ethernet port 1 + 2
ethernet port 3 = un-used

IPMI port = unused

However, if I log into the opnsense GUI interface through LAN ports,  under /status/DHCP leases, I can see the IPMI port has an IP address. This IP is accessible through the bridge 0, I have full access to IPMI management interface WITHOUT pluggin into IPMI port. This is not the case with pfsense. My understanding is you have to have ethernet cable plugged into the IPMI port to access IPMI management.
Title: Re: Is this a bug?
Post by: themelon on March 14, 2016, 04:08:30 am
Not a bug.  On those boards if you do not have the dedicated IPMI interface plugged in it piggybacks the second 1g port.

I think you can disable that functionality in the BIOS but I have not actually tried in the one I have as I use the dedicated port.
Title: Re: Is this a bug?
Post by: tigs on March 17, 2016, 12:54:31 am
Not a bug.  On those boards if you do not have the dedicated IPMI interface plugged in it piggybacks the second 1g port.

I think you can disable that functionality in the BIOS but I have not actually tried in the one I have as I use the dedicated port.

Well, it is convenient to have this "feature" , I am not completely sure I understand how this could happen with only Opensense. As I mentioned in the post, if, as you mentioned this is controlled in the BIOS, I should observe the same phenomenon with pfsense as well.

With opnsense, the IPMI port is connected to the LAN network, treated as a LAN client, and being assigned a LAN IP address. This is not right for sure. It is supposed be only accessible to administrator through IPMI port, now every LAN client can access it and manage it.
Title: Re: Is this a bug? update, I still believe this is a bug
Post by: weust on March 17, 2016, 07:17:03 am
How would that not be correct?
If the IPMI has a LAN IP address, why would every client on the LAN not be able to access it?

So if you don't want LAN clients to access the IPMI, then use the actual IPMI port and stick it in a separate VLAN.
This is NOT a bug. This is your own ignorance.
Title: Re: Is this a bug? update, I still believe this is a bug
Post by: franco on March 17, 2016, 08:12:55 am
Let's keep it civil, shall we. :)

I don't understand how this can be solved in OPNsense. Isn't this a wiring / network setup issue? How are we supposed to know IPMI is even available on a port that the administrator configures? Assuming that this is a bug, we'll also need a sensible guide on how to fix it. I don't see that yet, but that's why I'm asking.