Turning off IPMI DHCP

Many SuperMicro motherboards have IPMI features that have a dual-port feature. The first two Ethernet ports on the motherboard are capable of serving the IPMI function.

IPMI served by these ports
IPMI served by these ports

If the dedicated IPMI port is not cabled, IPMI will be served off the LAN1 port (which is predictably the MGT port on LANforge machines).

Turning off IPMI is often not possible, but turning off the IPMI port DHCP is possible. There are two ways of doing this, and you might not even need to reboot your server if your IPMI driver is included in the Linux distribution you are using.

Using the Linux IPMI tools

You might have either the ipmiutils or the ipmitool package available, maybe both. Both are probably going to rely on the same drivers, however.

ipmiutil

# install
 $ sudo yum install ipmiutil
# show configuration
 $ sudo ipmiutil lan -c
# disable the LAN feature (if desired)
 $ sudo ipmiutil lan -d
# or set a fixed IP:
 $ ipmiutil lan -e -I 0.0.0.0

Setting the address of 0.0.0.0 sometimes is a shortcut for disabling the IPMI LAN features. Or you can set a normal non-routable address like 192.168.0.251. (Refer to this post.)

ipmitool

Similar commands are listed for IPMITool on this post. The “lan set 1” phrase refers to “IPMI Device 1.”

 $ sudo ipmitool lan set 1 ipsrc static
 $ sudo ipmitool lan set 1 ipaddr 192.168.0.251
 $ sudo ipmitool lan set 1 netmask 255.255.255.0
 $ sudo ipmitool lan set 1 defgw ipaddr 192.168.0.1

Configuring the BIOS

We might have a motherboard that isn’t in the driver set for these tools. This is how you’d know:
ipmi-100

In this scenario, we need to reboot and press DEL to get into the BIOS. You will likely never see two motherboards with exactly the same BIOS screen layout…but just look for IPMI and you’ll likely get to screens that look like this:

Advanced screen bios-100

Advanced – IPMI Configuration

bios-101

IPMI LAN Configuration

bios-102We can verify that this is the MAC address we’re seeing traffic from using tcpdump. Let’s also gather the MAC addresses because we’ll want those as a reference when looking at our tcpdump data.

bios-ip-103

Now we can craft a tcpdump that will show useful things:

tcpdump -eni eth1 \
    ether host 00:25:90:01:66:0a \
 or ether host 00:25:90:01:66:0b \
 or ether host 00:25:90:01:8a:ef

And we’ll see results like this:

17:35:07.814819 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548
17:35:10.874561 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548
17:35:13.945135 00:25:90:01:8a:ef > Broadcast, ethertype IPv4 (0x0800), length 590: 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:25:90:01:8a:ef, length 548

Clearly, we’re getting getting DHCP broadcasts from that port. After setting the IPMI IP in the BIOS to 0.0.0.0, those broadcasts stop.