Go to main content

Oracle® ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 3.2.x

Exit Print View

Updated: April 2018
 
 

Modifying Default Management Access Configuration Properties

Network administrators can optionally accept or modify the default management access properties shipped with Oracle ILOM. To modify the default management access properties in Oracle ILOM, see the following tables:

Table 38  Web Server Configuration Properties
User Interface Configurable Target and User Role:
  • CLI: /SP|CMM/services/

  • Web: ILOM Administration > Management Access > Web Server > Web Server Settings

  • User Role: admin (a) (required for all property modifications)

Property
Default Value
Description
HTTP Webserver (http/ securedirect=enabled servicestate=disabled)
Redirect Connection to HTTPS
Redirect Connection to HTTPS |Enabled |Disabled
When the HTTP Webserver property is set to Redirect Connection to HTTPS, the service state property for HTTPS Webserver is automatically enabled. These default property values instruct Oracle ILOM to use HTTPS to securely transmit information to the web server.
When the HTTP Webserver property is set to enabled, Oracle ILOM uses HTTP a non-encrypted protocol to transmit information to the web server.
When the HTTP Webserver property is set to disabled, the use of the transmitting information to the web server using HTTP is disabled in Oracle ILOM.
CLI Syntax for HTTP Web Server:
set /SP|CMM/services/http securedirect=enabled|disabled servicestate=disabled|enabled
HTTP Port
(http/ port=)
80
80 |User_defined
When the HTTP service state is enabled, Oracle ILOM by default, communicates with the web server using HTTP over TCP port 80. If necessary, the default port number can be changed.
CLI Syntax for HTTP Port:
set /SP|CMM/services/http port=<n>
HTTP Session Timeout
(http/ sessiontimeout=)
15 seconds
15 seconds |User_defined
The HTTP web session timeout determines how many minutes until an inactive web browser client is automatically logged out. The default HTTP web session timeout is 15 minutes. If necessary, the default session timeout value can be increased or decreased.
CLI Syntax for HTTP Session Timeout:
set /SP|CMM/services/http sessiontimeout=<n>
HTTPS Webserver (https/ servicestate=enabled)
Enabled
Enabled |Disabled
When the HTTPS Webserver property is enabled, Oracle ILOM uses the encrypted protocol HTTPS to securely transmit information. In addition, when this property is enabled, you can enable one or more of the supported encryption protocol properties (TLSv1, TLSv1.1, and TLSv1.2) based on the needs of your network environment.

Note -  An SSL certificate is required for HTTPS. Oracle ILOM includes a default certificate, or you can upload your own certificate with a matched private key. For more information, see Use of Web Server Certificates and SSH Server-Side Keys.

When the HTTPS Webserver property is set to disabled, the use of transmitting information to the web server using HTTPS is disabled in Oracle ILOM.
CLI Syntax for HTTPS Web Server:
set /SP|CMM/services/https servicestate=enabled|disabled
HTTPS Port
(https/ port=)
443
443 |User_defined
When the HTTPS service state is enabled, Oracle ILOM, by default, communicates with the web server using HTTPS over TCP port 443. If necessary, the default port number can be changed.
HTTPS Port CLI Syntax:
set /SP|CMM/services/https port=<n>
HTTPS Session Timeout
(https/sessiontimeout=)
15 seconds
15 seconds |User_defined
The HTTPS web session timeout determines how many minutes until an inactive web browser client is automatically logged out. The default HTTPS web session timeout is 15 minutes. If necessary, the default session timeout value can be increased or decreased.
CLI Syntax for HTTPS Session Timeout:
set /SP|CMM/services/https sessiontimeout=<n>
SSLv2 ( https/ sslv2=disabled)
Disabled (in older Oracle ILOM firmware versions)
Disabled |Enabled

Note -  In later versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x, 3.2.6.x and forward), the SSLv2 encryption protocol property is not available for configuration. If an older firmware version of Oracle ILOM is running on the managed device, disable the SSLv2 property and enable the TLS encryption protocol properties to ensure secure HTTPS data transmissions.

The SSLv2 property is disabled by default. If necessary, the default SSLv2 property can be enabled.
CLI Syntax for SSLv2:
set /SP|CMM/services/https sslv2=disabled|enabled
SSLv3 (https/ sslv3=enabled)
Enabled (in older Oracle ILOM firmware versions)
Disabled |Enabled (default)

Note -  Due to a security vulnerability discovered with SSLv3, the SSLv3 property is not available for configuration in later versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x, 3.2.6.x, and forward). If an older firmware version of Oracle ILOM is running on the managed device, you should disable the SSLv3 property and enable the TLS encryption protocol properties. For details about SSLv3 vulnerabilities, refer to the Oracle MOS SSLv3 Vulnerability Article.

To enable the strongest secure socket layer encryption, Oracle ILOM supports the use of SSLv3 and TLS.
CLI Syntax for SSLv3:
set /SP|CMM/services/https sslv3=enabled|disabled
TLS v1.0, v1.1, and v1.2, (https/tlsv# =enabled)
TLS v1.1 and v1.2 Enabled
Prior to firmware release 3.2.4, Oracle ILOM only supported TLS v1.0.
Enabled |Disabled
Transport Layer Security (TLS) protocols provide communication security over the Internet.
Enabled — When the TLS properties are enabled, Oracle ILOM supports the use of the enabled TSL protocol service. However, if the client does not support the enabled protocol, Oracle ILOM permits the client to negotiate and use the strongest (most-secure) client-supported protocol available.
Disabled — When a TLS property is disabled, Oracle ILOM is prevented from using the disabled TLS protocol to transmit information. As of Oracle ILOM 3.2.8, TLSv1 is disabled and TLSv1.1 and TLSv1.2 are enabled by default.
For more information about TLS encryption protocols, see Internet specifications (RFCs 2246, 4346, 5246) created and published by the Internet Engineering Task Force (IETF).

Note -  All Java versions support TLS v1.1 and v1.2. However, if a version prior to Java 7u131 is installed, you will need to manually enable TLS v1.1 and v1.2 , or update your system with a later Java version.

CLI Syntax for TLSv1:
set /SP|CMM/services/https(tlsv1=|tlsv1_1= |tlsv1_2=)enabled|disabled
Weak Ciphers (https/ weak_ciphers=disabled)
Disabled (in older Oracle ILOM firmware versions)
Disabled |Enabled

Note -  In later versions of Oracle ILOM firmware (3.2.4.x, 3.2.5.x, 3.2.6.x and forward), the weak cipher property is not available for configuration. If an older firmware version of Oracle ILOM is running on the managed device, disable the weak cipher property and enable the TLS (v1, v2, and v3) encryption protocol properties to ensure secure HTTPS data transmissions.

The Weak Ciphers property is disabled by default. It might be necessary to enable weak ciphers to support the use of older web browsers.
CLI Syntax for Weak Ciphers:
set /SP|CMM/services/https weak_ciphers=disabled|enabled
Save
Web interface – To apply changes made to properties within the Web Server Settings page, you must click Save.
Table 39  SSL Certificate and Private Key Configuration Properties for HTTPS Web Server
User Interface Configurable Target, User Role, SSL Certificate Requirement:
  • CLI: /SP|CMM/services/https/ssl

  • Web: ILOM Administration > Management Access > SSL Certificate > SSL Certificate Upload

  • User Role: admin(a) (required for all property modifications)

  • Requirement: A valid custom SSL configuration requires the uploading of both the custom certificate and a custom private key.

Property
Default Value
Description
Certificate File Status
(certstatus=)
Using Default (No custom certificate or private key loaded)
Default_Certificate |Custom_Certificate
The Certificate Status property is a read-only property. This property indicates which of the following types of SSL certificates is currently in use by the HTTPS web server:
  • Self-signed default SSL certificate and key provided with Oracle ILOM

    - or -

  • Custom trusted SSL certificate and private key provided by a trusted Certificate Authority

Note – When the default SSL certificate is in use, users connecting to the Oracle ILOM web interface for the first time are notified of the default self-signed certificate and are prompted to accept its use. Users should always verify that the certificate fingerprint appearing in the warning message matches the certificate fingerprint issued by Oracle. For more information about validating the self-signed Default SSL certificate, see Resolving Warning Messages for Self-Signed SSL Certificate
The default self-signed SSL certificate ensures that all communication between a web browser client and the Oracle ILOM SP (or CMM) is fully encrypted.
CLI Syntax to Show Certificate Status:
show /SP|CMM/https/ssl
Default SSL Certificate Key Size
(/default_cert generate_new_cert_keysize =)
3072
2048 | 3072 (default) |4096

Note -  The Default SSL Certificate Key Size is available for configuration as of Oracle ILOM firmware version 3.2.8.

By default, the Oracle ILOM Default SSL Certificate is generated with a 3072 bit key size. Optionally, you can change default key size (3072) to either 2048 or 4096.
Web interface – Click the Create Default Certificate Key Size list box and select the appropriate key size. Oracle ILOM will use the newly assigned key size the next time the Default SSL Certificate is generated.

Note -  When the Oracle ILOM properties are reset to defaults, a new Oracle ILOM self-signed SSL Default Certificate is automatically generated.

CLI Syntax to Change Default SSL Certificate Key Size:
set /SP|CMM/https/ssl/default_cert generate_new_cert_keysize=[2048|3072|4096]
The newly assigned key size applies the next time the Default SSL Certificate is generated.
Create Default SSL Certificate
(default_cert generate_new_cert_action =)
N/A
As of firmware version 3.2.8, each Oracle ILOM SP and CMM ships with a unique self-signed Default SSL Certificate. The Default SSL Certificate is used by Oracle ILOM whenever a custom SSL Certificate is not configured.
When necessary, system administrators can choose to regenerate a new self-signed Default SSL Certificate. Each generated self-signed Default SSL Certificate has a unique fingerprint value. To verify that the Default SSL Certificate is valid, ensure that the fingerprint value shown on the self-signed Default SSL Certificate warning message matches the certificate fingerprint value issued by Oracle ILOM. For more information about validating the self-signed Default SSL certificate, see Resolving Warning Messages for Self-Signed SSL Certificate

Note -  The SSL Certificate fingerprint value issued by Oracle ILOM appears on the Oracle ILOM SSL Certificate web page (ILOM Administration > Management Access > SSL Certificates) and the Oracle ILOM SSL Certificate CLI target (show /SP|CMM/services/https/ssl/default_cert fingerprint).

Note -  Oracle ILOM automatically regenerates a self-signed Default SSL Certificate when the Oracle ILOM properties are reset to defaults.

Web interface – To regenerate a new self-signed Default SSL Certificate from the web interface, click the Create button in the Default Certificate section of the Management Access > SSL Certificate page.
CLI Syntax to Create Default SSL Certificate
set /SP|CMM/https/ssl/default_cert generate_new_cert_action =true
When a new self-signed Default Certificate is generated, the Oracle ILOM web and KVMS console user connections are lost. When this occurs, log in to Oracle ILOM to confirm that a new Default SSL Certificate and fingerprint was generated.
Custom Certificate Load
(/custom_certificate)
Web interface – Click the Load Certificate button to upload the Custom Certificate file that is designated in the File Transfer Method properties.
Note. A valid custom certificate configuration requires the uploading of a custom certificate and a custom private key. Only then will the custom SSL certificate configuration apply and be persistent across system reboots and Backup and Restore operations.
CLI Syntax to Load Custom Certificate:
load_uri=file_transfer_method://host_address/file_path/custom_certificate_filename
Where file_transfer_method can include: Browser|TFTP|FTP|SCP|HTTP |HTTPS|Paste
For a detailed description of each file transfer method (excluding Paste), see Supported File Transfer Methods.
For additional information about using a custom signed SSL Certificate in Oracle ILOM, see Improve Security by Using a Trusted SSL Certificate and Private Key in Oracle ILOM Security Guide For Firmware Releases 3.x and 4.x.
Custom Certificate Remove
(/custom_certificate clear_action=true)
Web interface – Click the Remove Certificate Button to remove the Custom SSL Certificate file presently stored in Oracle ILOM. When prompted, click Yes to delete or No to cancel action.
CLI Syntax to Remove Certificate:
set /SP|CMM/services/https/ssl/custom_certificate clear_action=true
When prompted, type y to delete or n to cancel action.
Custom Private Key
(/custom_key)
Web interface – Click the Load Custom Private Key button to upload the Custom Private Key file that is designated in the File Transfer Method properties.
Note. A valid custom certificate configuration requires the uploading of a custom certificate and a custom private key. Only then will the custom SSL certificate configuration apply and be persistent across system reboots and Backup and Restore operations.
CLI Syntax to Load Custom Private Key:
load_uri=file_transfer_method://host_address/file_path/custom_key_filename
Where file_transfer_method can include: Browser|TFTP|FTP|SCP|HTTP |HTTPS|PasteFor a detailed description of each file transfer method (excluding Paste), see Supported File Transfer Methods.
For additional information about using a custom signed SSL Certificate in Oracle ILOM, see Improve Security by Using a Trusted SSL Certificate and Private Key in Oracle ILOM Security Guide For Firmware Releases 3.x and 4.x.
Custom Private Key Remove
(/custom_key clear_action=true)
Web interface – Click the Remove Custom Private Key button to remove the Custom Private Key file presently stored in Oracle ILOM. When prompted, click Yes to delete or No to cancel the action.
CLI Syntax to Remove Certificate Private Key:
set /SP|CMM/services/https/ssl/custom_key clear_action=true
When prompted, type y to delete or n to cancel the action.
Table 40  SNMP Configuration Properties
User Interface Configurable Target, User Role, and SNMP Requirement:
  • CLI: /SP|CMM/services/snmp

  • Web: ILOM Administration > Management Access > SNMP > SNMP Management

  • User Role: admin (a) (required for all property modifications)

  • Requirement: User accounts are required for SNMPv3 service; Communities are required for SNMPv1 or v2c service.

Property
Default Value
Description
State
(state=)
Enabled
Enabled |Disabled
The SNMP State property is enabled by default. When this property is enabled, and the properties for one or more user accounts or communities for SNMP are configured, the SNMP management service in Oracle ILOM is available for use.
When the SNMP State property is disabled, the SNMP port is blocked, prohibiting all SNMP communication between Oracle ILOM and the network.
CLI Syntax for SNMP State:
set /SP|CMM/services/snmp state=enabled|disabled
Port
(port=)
161
161 | User_specified.
Oracle ILOM, by default, uses UDP port 161 to transmit SNMP communication between an Oracle ILOM SP (or Oracle ILOM CMM) and the network. If necessary, the default port property number can be changed.
CLI Syntax for SNMP Port:
set /SP|CMM/services/snmp port=n
Engine ID (engineid=)
Auto-set by SNMP agent
The Engine ID property is automatically set by the Oracle ILOM SNMP agent.
This ID is unique to each Oracle ILOM SNMP enabled-system. Although the Engine ID is configurable, the ID should always remain unique across the data center for each Oracle ILOM system. Only experienced SNMP users who are familiar with SNMP v3 security should modify the SNMP Engine ID property.
Set Requests (sets=)
Disabled
Disabled |Enabled
The Set Requests property is disabled in Oracle ILOM by default.
When the Sets Requests property is disabled, the following SNMP MIBs are available for monitoring purposes:
  • SUN-HW-TRAP-MIB – Use this MIB to monitor trap notifications for hardware-related events such as faults.

  • SUN-PLATFORM-MIB – Use this MIB to poll hardware-related information such as inventory and health.

When the Set Requests property is enabled, the MIBs described above are available for monitoring purposes and the following MIBs are available for management purposes:
  • SUN-HW-CTRL-MIB – Use this MIB to configure hardware policies such as power management.

  • SUN-ILOM-CONTROL-MIB – Use this MIB to configure Oracle ILOM features such as creating users and configuring services.

CLI Syntax for Set Requests:
set /SP|CMM/services/snmp sets=disabled|enabled
Related Information:
Protocols (v1|v2c|v3)
v3, Enabled
v1|v2c|v3
Oracle ILOM, by default, enables the use of SNMP v3 and disables the use of SNMP v1 and v2c.
SNMPv1 and v2c do not support encryption and use community strings as a form of authentication. SNMPv3 uses encryption to provide a secure channel and uses individual user names and passwords that are stored securely on the SNMP management station.
If necessary, the default SNMP Protocol property value is configurable.

Note - Use SNMP v2c or v3 for monitoring purposes and keep the default property disabled for Set Requests.

CLI Syntax to Modify Default Protocol:
set /SP|CMM/services/snmp v1|v2c|v3=enabled|disabled
Save
Web interface – To apply changes made to properties within the SNMP Management page, you must click Save.
SNMP Communities (/communities)
Community Name |Permission= Read-only (ro)| Read-write (rw)
SNMP communities apply only to SNMP v1 or v2c to control user access and authorization levels in Oracle ILOM. When the Protocols property for SNMP v1 or v2c is enabled, the properties for SNMP communities are configurable in Oracle ILOM.
The following rules apply when configuring communities:
  • Community name – Up to 35 characters in length, must start with an alphabetic character, and must not contain any spaces

  • Save (web interface only) – All changes made within the SNMP Add SNMP User dialog must be saved

CLI Syntax to Create SNMP Communities:
create /SP|CMM/services/snmp/communities name=community_name permission=rw|ro
show /SP|CMM/services/snmp/communities public|private
delete /SP|CMM/services/snmp/communities community_name
SNMP Users
(/users)
Username | Authentication Password | Permission| Authentication Protocol | Privacy Protocol
SNMP Users apply only to SNMP v3 to control user access and authorization levels in Oracle ILOM. When the Protocol property for SNMP v3 is enabled, the properties for SNMP users are configurable in Oracle ILOM.
The following rules apply when configuring SNMP users:
  • User name – The SNMP user name can contain up to 32 characters in length and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers). The SNMP user name must not contain spaces.

  • Authentication or privacy password – The Authentication password can contain 8 to 12 characters in length and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers).

  • Privacy password – Enter the privacy password (required only if you selected @ DES or AES). The password is case-sensitive and must contain 8 characters in length with no colons or spaces.

  • Save (web interface only – All changes made within the SNMP Add SNMP User dialog must be saved.

CLI Syntax to Create SNMP Users:
create /SP|CMM/services/snmp/users/[new_username] authenticationprotocol=[MD5|SHA] authenticationpassword=[changeme] permission=[ro|rw] privacyprotocol=[AES|DES|none] privacypassword=[user_password]
show /SP|CMM/services/snmp/users
delete /SP|CMM/services/snmp/username

Note - Authentication Protocol MD5 and DES Privacy Protocol are not supported when FIPS compliance mode is enabled in Oracle ILOM.

MIBs Download
(/mibs dump_uri=)
Oracle ILOM provides the ability to download SUN SNMP MIBs directly from the server SP or CMM.
Table 41  SSH Server Configuration Properties
User Interface Configurable Target and User Role:
  • CLI: /SP|CMM/services/ssh

  • Web: ILOM Administration > Management Access > SSH Server > SSH Server Settings

  • User Role: admin (a) (required for all property modifications)

Property
Default Value
Description
State
(state=)
Enabled
Enabled |Disabled
The SSH Server State property is enabled by default.
When the SSH Server State property is enabled, the SSH server uses server-side keys to permit remote clients to securely connect to the Oracle ILOM SP (or Oracle ILOM CMM) using a command-line interface.
When the SSH Server State property is disabled or restarted, all CLI SP or CLI CMM sessions running over SSH are automatically terminated.

Note -  Oracle ILOM automatically generates the SSH server-side keys on the first boot of a factory default system.

Web interface: Changes to the SSH Server State in the web interface do not take affect in Oracle ILOM until you click Save.

Note -  Changes to the SSH Server State property do not require you to restart the SSH server.

CLI Syntax for SSH Server State:
set /SP|CMM/services/ssh state=enabled|disabled
Weak Ciphers
(weak_ciphers=)
Disabled (in earlier versions of Oracle ILOM firmware 3.2.5)
Enabled |Disabled

Note -  Due to security vulnerabilities, the weak cipher property for SSH should be disabled. This property is no longer available for configuration in later firmware versions of Oracle ILOM (3.2.5.x, 3.2.6.x, and forward).

The Weak Ciphers property controls whether the Weak Ciphers mode for the Oracle ILOM SSH Server is enabled.
  • Disabled (default) — When the SSH Weak Ciphers mode is disabled, the Oracle ILOM SSH Server prevents remote SSH clients from using a weaker cipher suite (weaker encryption) to transmit sensitive information.

  • Enabled — When the SSH Weak Ciphers mode is enabled, the Oracle ILOM SSH Server permits remote SSH clients to negotiate a weaker cipher suite (weaker encryption) to transmit sensitive information. This option is best used in private intranet environments.

Web interface: Changes to the SSH Weak Ciphers property in the web interface do not take affect until you click Save.

Note -  Changes to the Weak Ciphers property do not require you to restart the SSH server. The change takes affect immediately on all new SSH connections.

CLI Syntax for SSH Weak Ciphers:
set /SP|CMM/services/ssh weak_ciphers=enabled|disabled
Restart Button
(restart_sshd_action=)
True|False
Restarting the SSH server will automatically: (1) terminate all connected SP or CMM CLI sessions, as well as (2) activate newly pending server-side key(s).
CLI Syntax for Restart:
set /SP|CMM/services/ssh restart_sshd_action=true
Generate RSA Key Button
(generate_new_key_type=rsa generate_new_key_action= true)
Provides the ability to generate a new RSA SSH key.
CLI Syntax for Generate RSA Key:
set /SP|CMM/services/ssh generate_new_key_type=rsa generate_new_key_action=true
Generate DSA Key Button (generate_new_key_type=dsa generate_new_key_action=)
Provides the ability to generate a new DSA SSH key.
CLI Syntax for Generate DSA Key:
set /SP|CMM/services/ssh generate_new_key_type=dsa generate_new_key_action=true
Table 42   IPMI Service Configuration Properties
User Interface Configurable Target:
  • CLI: /SP|CMM/services/ipmi

  • Web: ILOM Administration > Management Access > IPMI > IPMI Settings

User Roles:
  • admin (a) – Required for IPMI specification configuration property modifications

  • Administrator or Operator – Required when using IPMI service (IPMItool) from the Oracle ILOM CLI.

Property
Default Value
Description
State
(state=)
Enabled
Enabled (default)|Disabled
As of Oracle ILOM firmware version 3.2.8, the State property for IPMI TLS service is enabled by default. Prior to Oracle ILOM firmware version 3.2.8, the State property for IPMI 2.0 is enabled by default.
When the IPMI State property is enabled, Oracle ILOM permits remote IPMItool clients to securely connect to the Oracle ILOM SP (or Oracle ILOM CMM) using a command-line interface.
When the IPMI State property is disabled, all IPMItool clients connected to the SP or CMM through the Oracle ILOM CLI are automatically terminated.
Web interface: Changes to the IPMI State in the web interface do not take affect in Oracle ILOM until you click Save.
CLI Syntax for IPMI State:
set /SP|CMM/services/ipmi state=enabled|disabled
v1.5 Sessions
(v1_5_sessions=)
Disabled
Enabled |Disabled (default)

Note -  By default, Oracle ILOM supports the use of the IPMI v2.0 service and the TLS service. Prior to firmware release 3.2.4, session support for IPMI services1.5 and 2.0 were enabled by default.

As of Oracle ILOM firmware release 3.2.4, a configurable sessions property for the IPMI v1.5 service is provided. By default, the v1.5 Sessions property is disabled.
When the v1.5 Sessions property is disabled, all remote IPMItool clients using the IPMI v1.5 service are prevented from connecting to Oracle ILOM.
When the v1.5 Sessions property is enabled, Oracle ILOM permits remote IPMItool clients using the IPMI v1.5 service to connect to the Oracle ILOM SP (or Oracle ILOM CMM) using a command-line interface.
Web interface: Changes to the IPMI State in the web interface do not take affect in Oracle ILOM until you click Save.
CLI Syntax for v1.5 Sessions:
set /SP|CMM/services/ipmi v1_5_sessions=enabled|disabled

Note -  When FIPS mode is enabled in Oracle ILOM, the non-compliant FIPS 140-2 IPMI v1.5 Sessions property is removed from Oracle ILOM interfaces and is not available for configuration. For additional information about securing Oracle ILOM when using an IPMI service to manage Oracle servers, see the IPMI topics in the Oracle ILOM Security Guide.

v2.0 Sessions
(v1_5_sessions=)
Enabled
Enabled (default) |Disabled
When the v2.0 Sessions property is disabled, all remote IPMItool clients using the IPMI v2.0 service are prevented from connecting to Oracle ILOM.
When the v2.0 Sessions property is enabled, Oracle ILOM permits remote IPMItool clients using the IPMI v1.5 service to connect to the Oracle ILOM SP (or Oracle ILOM CMM) using a command-line interface.
Web interface: Changes to the IPMI State in the web interface do not take affect in Oracle ILOM until you click Save.
CLI Syntax for v1.5 Sessions:
set /SP|CMM/services/ipmi v2_0_sessions=enabled|disabled
TLS Sessions
(tls_sessions=)
Enabled
Enabled (default) |Disabled
As of Oracle ILOM firmware version 3.2.8, the TLS sessions (tls_sessions) property is enabled by default. To disable TLS sessions, you must disable the IPMI State property.
For increased security, always use the TLS service and interface.

Note -  IPMI TLS is an Oracle improvement to IPMI security which requires a special version of the ipmitool client that supports TLS sessions

For more information about using the TLS service and interface, see the following information:
Table 43   CLI Session Timeout and Custom Prompt Configuration Properties
User Interface Configurable Target:
  • CLI: /SP|CMM/cli

  • Web: ILOM Administration > Management Access> CLI

User Roles:
  • admin (a) – Required for IPMI specification configuration property modifications

  • Administrator or Operator – Required when using IPMI service (IPMItool) from the Oracle ILOM CLI.

Property
Default Value
Description
Session Timeout
(timeout=)
Disabled
Disabled |Enabled, minutes=n
The CLI Session Timeout property determines how many minutes until an inactive CLI session is automatically logged out.
By default, there is no CLI timeout configured. If the Oracle ILOM CLI is used on a shared console, network administrators are recommended to set the CLI session timeout value to 15 minutes or less.
Web interface: Changes to the CLI session timeout properties in the web interface do not take affect in Oracle ILOM until you click Save.
CLI Syntax for CLI Session Timeout:
set /SP|CMM/cli timeout=enabled|disabled minutes=value
Custom Prompt
(prompt=)

Note -  The Custom CLI Prompt feature is initially available for configuration on Oracle Network OPUS Switches as of firmware release 3.2.5.x.

None (disabled)
None (default) | ["Literal Text"] | "<HOSTNAME>" | "<IPADDRESS>"
To help identify a standalone system or a system within a rack or chassis, Administrators can customize the standard CLI prompt (->) by prepending either literal text, replacement tokens ("<HOSTNAME>" "<IPADDRESS>"), or a combination of literal text and replacement tokens. The Custom Prompt maximum length is 252 characters.
Web interface: Changes to the CLI Custom Prompt property in the web interface do not take affect in Oracle ILOM until you click Save. For further information, click the More details... link on the Management Access > CLI page.
CLI Syntax for Custom CLI Prompt:
Examples:
  • set /SP | CMM | FMM/cli prompt="Literal_Text"

  • set /SP | CMM |FMM/cli prompt="<HOSTNAME>"

  • set /SP | CMM | FMM/cli prompt="<IPADDRESS>"

  • set /SP | CMM |FMM/cli prompt=["Literal_Text"] "<HOSTNAME>"

  • set /SP | CMM | FMM/cli prompt=["Literal_Text"] "<HOSTNAME>" "<IPADDRESS>"

Table 44   Federal Information Processing Standards (FIBS 140-2) Configuration Properties
User Interface Configurable Target and User Role:
  • CLI: /SP/services/fips

  • Web: ILOM Administration > Management Access > FIPS

  • User Role: admin (a) (required for property modification)

Property
Default Value
Description
Status
(status=)
Disabled
The Status is a read-only property that indicates the current status for the FIPS service in Oracle ILOM. Possible status values are:
  • Disabled — The Status for Disabled appears on the Management Access > FIPS page when the following conditions are true:

    1. The FIPS operational mode on the system is disabled.

    2. The State property is set to disabled.

    3. The FIPS shield icon does not appear in the masthead area of the Oracle ILOM window.

  • Enabled — The Status for Enabled appears on the Management Access > FIPS page when the following conditions are true:

    1. The FIPS operational mode on the system is enabled.

    2. The State property is set to enabled.

    3. The FIPS shield icon appears in the masthead area of the Oracle ILOM window.

  • Disabled; enabled at next boot — The Status for Disabled; enabled at next boot appears on the Management Access > FIPS page when the following conditions are true:

    1. The FIPS operational mode on the system is disabled.

    2. The State property is set to enabled.

    3. The FIPS shield icon does not appear in the masthead area of the Oracle ILOM window.

  • Enabled; disabled at next boot — The Status for Enabled; disabled at next boot appears on the Management Access > FIPS page when the following conditions are true:

    1. The FIPS operational mode on the system is enabled.

    2. The State property is set to disabled.

    3. The FIPS shield icon appears in the masthead area of the Oracle ILOM window.

Related Information:
State
(state=disabled |enabled)
Disabled
Modify the FIPS State property, per the following instructions:
  • To disable FIPS mode (default) — Select the State check box to disable FIPS compliant mode.

  • To enable FIPS mode — Clear the State check box to enable FIPS compliant mode.

Changes to the FIPS operational mode on the server will not take effect until the next Oracle ILOM reboot. At that time, the Oracle ILOM user-defined configurations settings are automatically reset to their factory default settings.
CLI Syntax for FIPS Mode:
set /SP/services/fips state=enabled|disabled
Related Information: