Configuring Network-Related Settings

Configuring Network-Related Settings

Server NICs

NIC Mode

The NIC mode setting determines which ports can reach the Cisco IMC. The following network mode options are available, depending on your platform:

  • Dedicated—The management port that is used to access the Cisco IMC.

  • Cisco Card—Any port on the adapter card that can be used to access the Cisco IMC. The Cisco adapter card has to be installed in a slot with Network the Communications Services Interface protocol support (NCSI).

  • Shared LOM—Any LOM (LAN on Motherboard) port that can be used to access Cisco IMC.

  • Shared LOM Extended—Any LOM port or adapter card port that can be used to access Cisco IMC. The Cisco adapter card has to be installed in a slot with NCSI support.


    Note

    Shared LOM and Shared LOM Extended ports are available only on some C-series servers.


    Note

    For other UCS C-Series M4, M5, C220 M6, and C240 M6 servers, the NIC mode is set to Shared LOM Extended by default.

  • Shared OCP—The OCP adapter card LOM ports are used to access Cisco IMC. You must select either the Active-Active or Active-standby NIC redundancy setting in the following step.

  • Shared OCP Extended—In this NIC mode, DHCP replies are returned to both the OCP adapter card LOM ports and the Cisco virtual interface card (VIC) ports. If the system determines that the Cisco VIC connection is not getting its IP address from a Cisco UCS Manager system because the server is in standalone mode, further DHCP requests from the Cisco VIC are disabled.


    Note

    Shared OCP and Shared OCP Extended ports are available only on Cisco UCS C225 M6, C245 M6, C220 M7, and C240 M7 servers.

Default NIC Mode Setting:

  • For UCS C-Series C125 M5 servers and S3260 servers, the NIC Mode is set to Cisco Card by default.

For Cisco UCS C225 M6, C245 M6, C220 M7, and C240 M7 servers:

  • if the server has a Cisco VIC card with OCP card, then the default NIC mode is Shared OCP Extended and NIC Redundancy is set to active-active.

  • if the server has VIC card populated in NCSI supported slots and no OCP card, then the default NIC mode is Cisco Card.

  • if the server does not have any VIC card and OCP card, the default NIC mode is Dedicated and NIC Redundancy is set to None.

NIC Redundancy

The following NIC redundancy options are available, depending on the selected NIC mode and your platform:

  • active-active—If supported, all ports that are associated with the configured NIC mode operate simultaneously. This feature increases throughput and provides multiple paths to the Cisco IMC.

  • active-standby—If a port that is associated with the configured NIC mode fails, traffic fails over to one of the other ports associated with the NIC mode.


    Note

    If you choose this option, make sure that all ports associated with the configured NIC mode are connected to the same subnet to ensure that traffic is secure regardless of which port is used.

  • None—In Dedicated mode, NIC redundancy is set to None.

The available redundancy modes vary depending on the selected network mode and your platform. For the available modes, see the

VIC Slots

The VIC slot that can be used for management functions in Cisco card mode.

For C240 M6, C245 M6, and C240 M7, VIC slot options are as follows:

  • Riser 1—Slot 1 and Slot 2

  • Riser 2—Slot 4 and Slot 5

  • mLOM


Note

For C240 M6, C245 M6, and C240 M7, after resetting to factory default settings, the slot precedence is as follows:

  1. mLOM

  2. Riser 1 - Slot 2; and Riser 2 - Slot 5

  3. Riser 1 - Slot 1; and Riser 2- Slot 4

For C220 M6, C225 M6, and C220 M7, VIC slot options are as follows:

  • Riser 1—Slot 1 is selected.

  • Riser 3 —Slot 3 is selected.

  • mLOM


Note

For C220 M6, C225 M6, and C220 M7, after resetting to factory default settings, the slot precedence is as follows:

  1. mLOM

  2. Riser 1 - Slot 1

  3. Riser 3 - Slot 3

For C125 M5, VIC slot option is Riser 2.

For C220 M4, C220 M5 and C240 M5 servers, VIC slot options are as follows:

  • Riser 1—Slot 1 is selected.

  • Riser 2—Slot 2 is selected.

  • FLEX LOM—Slot 3 (MLOM) is selected.

For C240 M5 SD servers, VIC slot options are as follows:

  • Riser 2— Slot 2 is selected.

  • mLOM—VIC cards in mLOM slot is selected.

For C240 M4 servers, VIC slot options are as follows:

  • Riser 1—Slot 2 is the primary slot, but you can also use slot 1.

  • Riser 2—Slot 5 is the primary slot, but you can also use slot 4.

  • FLEX LOM—Slot 7 (MLOM) is selected.

For C480 M5 ML servers, Cisco card mode slot is Slot 11 and Slot 12.

The following options are available only on some UCS C-Series servers:

  • 4

  • 5

  • 9

  • 10


Note

This option is available only on some UCS C-Series servers.

Configuring Server NICs

Configure a server NIC when you want to set the NIC mode and NIC redundancy.

Before you begin

You must log in as a user with admin privileges to configure the NIC.

Procedure

Step 1

From the Apps drop-down list, select Networking.

Step 2

From the Apps drop-down list, select Administration.

Step 3

From the Administration page, select Networking.

Step 4

From the Networking tab, select Network.

Step 5

In the NIC Properties area, update the following properties:

Table 1. NIC Properties Area
Name Description

NIC Mode drop-down list

The ports that can be used to access Cisco IMC. This can be one of the following:

  • Dedicated—The management port that is used to access the Cisco IMC.

  • Cisco Card—Any port on the adapter card that can be used to access Cisco IMC. The Cisco adapter card has to be installed in a slot with Network the Communications Services Interface protocol support (NCSI).

  • Shared LOM—Any LOM (LAN on Motherboard) port that can be used to access Cisco IMC.

  • Shared LOM Extended—Any LOM port or adapter card port that can be used to access Cisco IMC. The Cisco adapter card has to be installed in a slot with NCSI support.

    Note

     

    Shared LOM and Shared LOM Extended ports are available only on some C-series servers.

  • Shared OCP—The OCP adapter card LOM ports are used to access Cisco IMC. You must select either the Active-Active or Active-standby NIC redundancy setting in the following step.

  • Shared OCP Extended—In this NIC mode, DHCP replies are returned to both the OCP adapter card LOM ports and the Cisco virtual interface card (VIC) ports. If the system determines that the Cisco VIC connection is not getting its IP address from a Cisco UCS Manager system because the server is in standalone mode, further DHCP requests from the Cisco VIC are disabled.

Default NIC Mode Setting:

  • For UCS C-Series M7 servers:

    • if the server has a Cisco VIC card with OCP card, then the default NIC mode is Shared OCP Extended and NIC Redundancy is set to active-active.

    • if the server has VIC card populated in NCSI supported slots and no OCP card, then the default NIC mode is Cisco Card.

    • if the server does not have any VIC card and OCP card, the default NIC mode is Dedicated and NIC Redundancy is set to None.

VIC Slot drop-down list

The VIC slot that can be used for management functions in Cisco card mode.

For C240 M7, VIC slot options are as follows:

  • Riser 1—Slot 1 and Slot 2

  • Riser 2—Slot 4 and Slot 5

  • mLOM

Note

 

For C240 M7, after resetting to factory default settings, the slot precedence is as follows:

  1. mLOM

  2. Riser 1 - Slot 2; and Riser 2 - Slot 5

  3. Riser 1 - Slot 1; and Riser 2- Slot 4

For C220 M7, VIC slot options are as follows:

  • Riser 1—Slot 1 is selected.

  • Riser 3 —Slot 3 is selected.

  • mLOM

Note

 

For C220 M7, after resetting to factory default settings, the slot precedence is as follows:

  1. mLOM

  2. Riser 1 - Slot 1

  3. Riser 3 - Slot 3

NIC Redundancy drop-down list

The available NIC redundancy options depend on the selected NIC mode and the model of the server that you are using. If you do not see a particular option, it is not available for the selected mode or server model.

This can be one of the following:

  • active-active—If supported, all ports that are associated with the configured NIC mode operate simultaneously. This feature increases throughput and provides multiple paths to Cisco IMC.

  • active-standby—If a port that is associated with the configured NIC mode fails, traffic fails over to one of the other ports associated with the NIC mode.

    Note

     

    • If you choose this option, make sure that all ports associated with the configured NIC mode are connected to the same VLAN to ensure that traffic is secure regardless of which port is used.

    • When using active-active, do not configure a port-channel in the upstream switch for the member interfaces. A port-channel can be configured when using active-standby.

  • None—In Dedicated mode, NIC redundancy is set to None.

MAC Address field

The MAC address of the Cisco IMC network interface that is selected in the NIC Mode field.

Port Profile field

The port profile that Cisco IMC uses to configure the management interface, the virtual Ethernet, and the VIF on supported adapter cards such as the Cisco UCS VIC 1225 Virtual Interface card.

Enter up to 79 alphanumeric characters. You cannot use spaces or other special characters except for - (hyphen) and _ (underscore). In addition, the port profile name cannot begin with a hyphen.

Note

 

The port profile must be defined on the switch to which this server is connected.

Auto Negotiation toggle button

Using this option, you can either set the network port speed and duplex values for the switch, or allow the system to automatically derive the values from the switch. This option is available for dedicated mode only.

  • If enabled, the network port speed and duplex settings are ignored by the system and Cisco IMC retains the speed at which the switch is configured.

  • If disabled, you can configure the network port speed and duplex values.

Network Port Speed drop-down list

The network speed of the port. This can be one of the following:

  • 10 Mbps

  • 100 Mbps

  • 1 Gbps

The default value is 100 Mbps. In the Dedicated mode, if you disable Auto Negotiation, you can configure the network speed and duplex values.

Note

 

Before changing the port speed, ensure that the switch you connected to has the same port speed.

Duplex drop-down list

The duplex mode for the Cisco IMC management port.

This can be one of the following:

  • Half

  • Full

By default, the duplex mode is set to Full.

Step 6

Click Save.

Cisco VIC mLOM and OCP Card Replacement Considerations

In Cisco UCS C220 M7, C240 M7, C225 M8 and C245 M8 servers, Cisco IMC network connection may be lost in the following situations, while replacing Cisco VIC mLOM and OCP cards:

  • If OCP card is replaced by Cisco VIC card in MLOM Slot and the NIC mode is set to Shared OCP or Shared OCP Extended.

  • If Cisco VIC Card in MLOM Slot is replaced by OCP Card and NIC mode is set to Cisco-card MLOM.

Follow these recommendations while replacing Cisco VIC mLOM or OCP cards in Cisco UCS C220 M7, C240 M7, servers to avoid loss of connectivity:

  • Before replacing the card, configure any of the NIC modes that has network connected, other than Cisco card MLOM, Shared OCP, or Shared OCP Extended. After replacing the card, configure the appropriate NIC mode.

    To set the NIC mode, refer Server NIC Configuration section in Configuration Guides for your Cisco IMC release.

  • Or, after replacing the card, configure the appropriate NIC mode using Cisco IMC Configuration Utility/F8.

    Refer Connecting to the Server Locally For Setup section in Install and Upgrade Guides for your server.

  • Or, after replacing the card, perform factory default settings using Cisco IMC Configuration Utility/F8 then perform the following steps:

    1. Once the server is rebooted, boot the system to Cisco IMC Configuration Utility/F8.

      Change the default password.

    2. Configure the appropriate NIC mode settings.

Table 2. Factory Default Settings

VIC in mLOM slot

Intel OCP 3.0 NIC in mLOM Slot

VIC in Riser Slot

Dedicated Management Port

NIC Mode for CIMC Access

Yes

No

No

Yes

Cisco Card mode with the card in mLOM Slot

No

Yes

No

Yes

 Shared OCP Extended

No

Yes

Yes

Yes

 Shared OCP Extended

No

No

 Yes Yes

Cisco Card with VIC SLOT based on precedence:

For C220 M7 and C225 M8:

  1. Riser 1 - Slot 1

  2. Riser 3 - Slot 3

For C240 M7 and C245 M8:

  1. Riser 1 - Slot 2

  2. Riser 2 - Slot 5

  3. Riser 1 - Slot 1

  4. Riser 2 - Slot 4
No No No Yes Dedicated

Single IP Configuration

Single IP is an optional method to assign IPv4 for Cisco IMC management.


Note
When Single IP Mode is enabled, the following IPv4 addressess will not be available for configuration:

CMC and BMC

Since Single IP Mode is applicable only for IPv4, IPv6 can be configured irrespective of Single IP Mode.

IPv6 address can assign for individual components like CMC1, CMC2, BMC1 and BMC2.

Note

Disable single IP configuration before you downgrade to the release 4.0.1x or below.

Configuring Single IP Properties

Configure Single IP when you want to assign IP for Cisco IMC management.

Before you begin

You must log in as a user with admin privileges to configure the Single IP Properties.

Procedure

Step 1

In the Navigation pane, click the Admin menu.

Step 2

In the Admin menu, click Networking.

Step 3

In the Single IP Properties area, update the following properties:

Name

Description

Single IP Mode

Single IP is an optional method to assign IPv4 for Cisco IMC management.

Note

 

When Single IP Mode is enabled following IPv4 addresses will not be available for configuration:

CMC and BMC.

Since Single IP Mode is applicable only for IPv4, IPv6 can be configured irrespective of Single IP Mode. IPv6 address can assign for individual components like CMC1, CMC2, BMC1 and BMC2.

Default mode: Disabled

Starting Port

When Single IP Mode is enabled, the port range available is 9000-65529.

Note

 

Click on the help icon next to the Starting Port to get the table listing of the component with the port numbers used by Cisco IMC to access KVM, SOL, and IPMI Over LAN of each component.

Note

 

In Single IP Mode, vkvm port is not configurable and will be changed from default 2068 to the user-assigned port.

Step 4

Click Save Changes.

Common Properties Configuration

Overview to Common Properties Configuration

Hostname

The Dynamic Host Configuration Protocol (DHCP) enhancement is available with the addition of the hostname to the DHCP packet, which can either be interpreted or displayed at the DHCP server side. The hostname, which is now added to the options field of the DHCP packet, sent in the DHCP DISCOVER packet that was initially sent to the DHCP server.

The default hostname of the server is changed from ucs-c2XX to CXXX-YYYYYY, where XXX is the model number and YYYYYY is the serial number of the server. This unique string acts as a client identifier, allows you to track and map the IP addresses that are leased out to from the DHCP server. The default serial number is provided by the manufacturer as a sticker or label on the server to help you identify the server.

Dynamic DNS

Dynamic DNS (DDNS) is used to add or update the resource records on the DNS server from . You can enable Dynamic DNS by using either the web UI or CLI. When you enable the DDNS option, the DDNS service records the current hostname, domain name, and the management IP address and updates the resource records in the DNS server from Cisco IMC.


Note

The DDNS server deletes the prior resource records (if any) and adds the new resource records to the DNS server if any one of the following DNS configuration is changed:

  • Hostname

  • Domain name in the LDAP settings

  • When DDNS and DHCP are enabled, if the DHCP gets a new IP address or DNS IP or domain name due to a change in a network or a subnet.

  • When DHCP is disabled and if you set the static IP address by using CLI or web UI.

  • When you enter the dns-use-dhcp command.

Dynamic DNS Update Domain— You can specify the domain. The domain could be either main domain or any sub-domain. This domain name is appended to the hostname of the Cisco IMC for the DDNS update.

Configuring Common Properties

Use common properties to describe your server.

Before you begin

You must log in as a user with admin privileges to configure common properties.

Procedure

Step 1

From the Apps drop-down list, select Administration.

Step 2

From the Administration page, select Networking.

Step 3

From the Networking tab, select Network.

Step 4

In the Common Properties area on the right pane, update the following properties:

Table 3. Common Properties Area
Name Description

Management Hostname field

The user-defined management hostname of the system that manages the various components of Cisco IMC.

Enable Dynamic DNS toggle button

If checked, updates the resource records to the DNS from Cisco IMC.

Dynamic DNS Update Domain field

The domain name that is appended to a hostname for a Dynamic DNS (DDNS) update. If left blank, only a hostname is sent to the DDNS update request.

Dynamic DNS Refresh Interval field

The time set to refresh the DNS.

Step 5

Click Save.

Configuring IPv4

Before you begin

You must log in as a user with admin privileges to configure IPv4.

Procedure

Step 1

From the Apps drop-down list, select Administration.

Step 2

From the Administration page, select Networking.

Step 3

From the Networking tab, select Network.

Step 4

In the IPv4 Properties area, update the following properties:

Table 4. IPv4 Properties Area
Name Description

Enable IPv4 toggle button

If enabled, IPv4 is enabled.

DHCP toggle button

If enabled, Cisco IMC uses DHCP.

Management IP Address field

The management IP address. An external virtual IP address that helps manage the BMC.

Subnet Mask field

The subnet mask for the IP address.

IPv4 Gateway field

The gateway for the IP address.

Obtain DNS Server Addresses from DHCP toggle button

If enabled, Cisco IMC retrieves the DNS server addresses from DHCP.

IPv4 Preferred DNS Server field

The IP address of the primary DNS server.

Alternate DNS Server field

The IP address of the secondary DNS server.

Step 5

Click Save.

Configuring IPv6

Before you begin

You must log in as a user with admin privileges to configure IPv6.

Procedure

Step 1

From the Apps drop-down list, select Administration.

Step 2

From the Administration page, select Networking.

Step 3

From the Networking tab, select Network.

Step 4

In the IPv6 Properties area, update the following properties:

Table 5. IPv6 Properties Area
Name Description

Enable IPv6 toggle button

If enabled, IPv6 is enabled.

Use DHCP toggle button

If enabled, the Cisco IMC uses DHCP.

Note

 

Only stateful DHCP is supported.

Management IP Address field

Management IPv6 address.

Note

 

Only global unicast addresses are supported.

Prefix Length field

The prefix length for the IPv6 address. Enter a value within the range 1 to 127. The default value is 64.

IPv6 Gateway field

The gateway for the IPv6 address.

Note

 

Only global unicast addresses are supported.

Obtain DNS Server Addresses from DHCP toggle button

If enabled, the Cisco IMC retrieves the DNS server addresses from DHCP.

Note

 

You can use this option only when the Use DHCP option is enabled.

IPv6 Preferred DNS Server field

The IPv6 address of the primary DNS server.

IPv6 Alternate DNS Server field

The IPv6 address of the secondary DNS server.

Link Local Address field

The link local address for the IPv6 address.

Stateless Address Auto Configuration field

The Stateless Address Auto Configuration (SLAAC) depends on the Router Advertisement (RA) of the network.

Step 5

Click Save.

Connecting to a VLAN

Before you begin

You must be logged in as admin to connect to a VLAN.

Procedure

Step 1

From the Apps drop-down list, select Administration.

Step 2

From the Administration page, select Networking.

Step 3

In the VLAN Properties area on the right pane, update the following properties:

Table 6. VLAN Properties Area
Name Description

Enable VLAN toggle button

If enabled, the Cisco IMC is connected to a virtual LAN.

Note

 

You can configure a VLAN or a port profile, but you cannot use both. If you want to use a port profile, make sure that this check box is not checked.

VLAN ID field

The VLAN ID.

Priority field

The priority of this system on the VLAN.

Step 4

Click Save.

Network Security Configuration

Network Security

Cisco IMC uses IP blocking as network security. IP blocking prevents the connection between a server or website and certain IP addresses or ranges of addresses. IP blocking effectively bans undesired connections from those computers to a website, mail server, or other Internet servers.

IP banning is commonly used to protect against denial of service (DoS) attacks. Cisco IMC bans IP addresses by setting up an IP blocking fail count.

Configuring Network Security

Configure network security if you want to set up an IP blocking fail count.

Before you begin

You must log in as a user with admin privileges to configure network security.

Procedure

Step 1

From the Apps drop-down list, select Networking.

Step 2

From the Apps drop-down list, select Administration.

Step 3

From the Administration page, select Networking.

Step 4

From the Networking tab, select Settings.

Step 5

In the IP Blocking Properties area, update the following properties:

Table 7. IP Blocking Properties Area
Name Description

Enable IP Blocking toggle button

Allows you to enable or disable IP blocking feature.

IP Blocking Fail Window field

The length of time, in seconds, in which the unsuccessful login attempts must occur in order for the user to be locked out.

Enter an integer between 60 and 280.

IP Blocking Penalty Time field

The number of seconds the user remains locked out if they exceed the maximum number of login attempts within the specified time window.

Enter an integer between 300 and 900.

IP Blocking Fail Count field

The number of times a user can attempt to log in unsuccessfully before the system locks that user out for a specified length of time.

The number of unsuccessful login attempts must occur within the time frame specified in the IP Blocking Fail Window field.

Enter an integer between 3 and 10.

Step 6

In the IP Filtering (Allow listing) area, update the following properties:

Table 8. IP Filtering Area
Name Description

Enable IP Filtering toggle button

Allows you to enable or disable the IP filtering feature.

IP Filter fields

To provide secure access to the server, you can now set a filter to allow only a selected set of IPs to access it. This option provides four slots for storing IP addresses (IP Filter 1, 2, 3, and 4). You can either assign a single IP address or a range of IP addresses while setting the IP filters. Once you set the IP filter, you would be unable to access the server using any other IP address.

Step 7

Click Save.

Network Time Protocol Settings

Network Time Protocol Service Setting

By default, when Cisco IMC is reset, it synchronizes the time with the host. With the introduction of the NTP service, you can configure Cisco IMC to synchronize the time with an NTP server. The NTP server does not run in Cisco IMC by default. You must enable and configure the NTP service by specifying the IP/DNS address of at least one server or a maximum of four servers that function as NTP servers or time source servers. When you enable the NTP service, Cisco IMC synchronizes the time with the configured NTP server. The NTP service can be modified only through Cisco IMC.


Note

To enable the NTP service, it is preferable to specify the IP address of a server rather than the DNS address.

Configuring Network Time Protocol Settings

Configuring NTP disables the IPMI Set SEL time command.

Before you begin

Procedure

Step 1

From the Apps drop-down list, select Networking.

Step 2

From the Apps drop-down list, select Administration.

Step 3

From the Administration page, select Networking.

Step 4

From the Networking tab, select Settings.

Step 5

In the NTP Properties area, update the following properties:

Table 9. NTP Properties Area
Name Description

Enable NTP toggle button

Allows you to enable or disable NTP services.

Server 1 field

The IP/DNS address of one of the four servers that act as an NTP server or the time source server.

Server 2 field

The IP/DNS address of one of the four servers that act as an NTP server or the time source server.

Server 3 field

The IP/DNS address of one of the four servers that act as an NTP server or the time source server.

Server 4 field

The IP/DNS address of one of the four servers that act as an NTP server or the time source server.

Server Status message

If NTP is enabled, this field indicates whether or not the server is able to synchronize its time with the remote NTP server. It is an eight bit integer indicating the stratum level of the local clock.

This can be one of the following:

  • 0—Unspecified or invalid

  • 1—Primary server

  • 2-15—Secondary server (via NTP)

  • 16—Unsynchronized

  • 17-255—Reserved

Step 6

Click Save.