Hp Server 695523 005 Users Manual BladeSystem Onboard Administrator Command Line Interface User Guide
695523-005 to the manual ed324464-286f-432a-9a9c-a8449b1b973d
2015-02-09
: Hp Hp-Server-695523-005-Users-Manual-549794 hp-server-695523-005-users-manual-549794 hp pdf
Open the PDF directly: View PDF 
.
Page Count: 226
| Download | |
| Open PDF In Browser | View PDF |
HP BladeSystem Onboard Administrator Command Line Interface User Guide Abstract This guide details using the command-line interface for configuration, operation, and management of the HP BladeSystem Onboard Administrator 4.20 (or later) and the enclosure Insight Display. Part Number: 695523-005 April 2014 Edition: 22 © Copyright 2006, 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation. Contents Introduction ................................................................................................................................ 11 What's new ............................................................................................................................................ 11 Accessing the command line interface ........................................................................................... 13 Remote access to the Onboard Administrator .............................................................................................. 13 Local access to the Onboard Administrator ................................................................................................. 13 Command line ............................................................................................................................ 15 Command line overview........................................................................................................................... 15 Command line conventions ....................................................................................................................... 15 Reserved words ............................................................................................................................. 15 HP Integrity server blade restrictions........................................................................................................... 16 Access level and privileges ....................................................................................................................... 16 Account authentication ................................................................................................................... 18 AutoLogin to iLO ........................................................................................................................... 18 General commands ..................................................................................................................... 20 CLEAR SCREEN ...................................................................................................................................... 20 EXIT ....................................................................................................................................................... 20 HELP ...................................................................................................................................................... 20 LOGOUT ............................................................................................................................................... 20 QUIT ..................................................................................................................................................... 21 Rack commands ......................................................................................................................... 22 SET RACK NAME .................................................................................................................................... 22 SHOW RACK INFO ................................................................................................................................ 22 SHOW RACK NAME .............................................................................................................................. 23 SHOW TOPOLOGY ................................................................................................................................ 23 User account commands .............................................................................................................. 25 ADD USER ............................................................................................................................................. 25 ASSIGN ................................................................................................................................................. 25 ASSIGN OA........................................................................................................................................... 26 DISABLE USER ........................................................................................................................................ 26 DISABLE STRONG PASSWORDS .............................................................................................................. 26 ENABLE STRONG PASSWORDS .............................................................................................................. 26 ENABLE USER ......................................................................................................................................... 27 HISTORY ................................................................................................................................................ 27 REMOVE USER ....................................................................................................................................... 28 SET MINIMUM PASSWORD LENGTH........................................................................................................ 28 SET PASSWORD ..................................................................................................................................... 28 SET SESSION TIMEOUT ........................................................................................................................... 29 SET USER ACCESS .................................................................................................................................. 29 SET USER CONTACT ............................................................................................................................... 29 SET USER FULLNAME .............................................................................................................................. 30 SET USER PASSWORD ............................................................................................................................ 30 SHOW PASSWORD SETTINGS ................................................................................................................ 30 SHOW SESSION TIMEOUT ..................................................................................................................... 31 Contents 3 SHOW USER .......................................................................................................................................... 31 SLEEP .................................................................................................................................................... 32 UNASSIGN ............................................................................................................................................ 32 UNASSIGN OA ...................................................................................................................................... 32 Two-Factor Authentication commands ............................................................................................ 34 ADD CA CERTIFICATE ............................................................................................................................. 34 DISABLE CRL........................................................................................................................................... 34 DISABLE TWOFACTOR ............................................................................................................................ 34 DOWNLOAD CA CERTIFICATE ................................................................................................................ 35 DOWNLOAD USER CERTIFICATE ............................................................................................................. 35 REMOVE CA CERTIFICATE ....................................................................................................................... 36 REMOVE USER CERTIFICATE .................................................................................................................... 36 SET USER CERTIFICATE ............................................................................................................................ 36 SHOW CA CERTIFICATES........................................................................................................................ 37 SHOW TWOFACTOR INFO .................................................................................................................... 37 Directory commands ................................................................................................................... 39 ADD LDAP CERTIFICATE .......................................................................................................................... 39 ADD LDAP GROUP .................................................................................................................................. 39 ASSIGN for LDAP.................................................................................................................................... 40 ASSIGN OA LDAP GROUP ...................................................................................................................... 40 DISABLE LDAP......................................................................................................................................... 40 DOWNLOAD LDAP CERTIFICATE ............................................................................................................. 41 ENABLE LDAP ......................................................................................................................................... 41 REMOVE LDAP CERTIFICATE .................................................................................................................... 41 REMOVE LDAP GROUP ........................................................................................................................... 42 SET LDAP GROUP ACCESS ...................................................................................................................... 42 SET LDAP GROUP DESCRIPTION .............................................................................................................. 42 SET LDAP NAME MAP ............................................................................................................................. 43 SET LDAP GCPORT .................................................................................................................................. 43 SET LDAP PORT....................................................................................................................................... 43 SET LDAP SEARCH .................................................................................................................................. 43 SET LDAP SERVER ................................................................................................................................... 44 SHOW LDAP CERTIFICATE ....................................................................................................................... 44 SHOW LDAP GROUP .............................................................................................................................. 45 SHOW LDAP INFO ................................................................................................................................. 45 TEST LDAP .............................................................................................................................................. 46 UNASSIGN for LDAP ............................................................................................................................... 46 UNASSIGN OA LDAP GROUP ................................................................................................................. 46 HP SIM commands ...................................................................................................................... 47 ADD HPSIM CERTIFICATE ........................................................................................................................ 47 DOWNLOAD HPSIM CERTIFICATE ........................................................................................................... 47 REMOVE HPSIM CERTIFICATE .................................................................................................................. 48 SET HPSIM TRUST MODE ......................................................................................................................... 48 SHOW HPSIM INFO ............................................................................................................................... 48 General management commands ................................................................................................. 50 DISABLE URB .......................................................................................................................................... 50 DOWNLOAD OA CERTIFICATE ................................................................................................................ 50 ENABLE URB .......................................................................................................................................... 51 FORCE TAKEOVER .................................................................................................................................. 51 GENERATE CERTIFICATE ......................................................................................................................... 51 GENERATE CERTIFICATE prompts ................................................................................................... 52 Contents 4 GENERATE KEY ...................................................................................................................................... 53 PING ..................................................................................................................................................... 54 SET DEVICE SERIAL_NUMBER BLADE ........................................................................................................ 54 SET FACTORY ........................................................................................................................................ 55 SET SCRIPT MODE .................................................................................................................................. 55 SET URB ................................................................................................................................................. 55 SHOW ALL ............................................................................................................................................ 56 SHOW DEVICE SERIAL_NUMBER BLADE ................................................................................................... 58 SHOW URB ........................................................................................................................................... 58 TEST URB ............................................................................................................................................... 59 Enclosure Bay IP Addressing commands ........................................................................................ 60 ADD EBIPA ............................................................................................................................................. 60 ADD EBIPAV6 ......................................................................................................................................... 60 DISABLE EBIPAV6.................................................................................................................................... 60 ENABLE EBIPA ........................................................................................................................................ 61 ENABLE EBIPAV6 .................................................................................................................................... 61 REMOVE EBIPA ...................................................................................................................................... 62 REMOVE EBIPAV6 .................................................................................................................................. 62 SAVE EBIPA............................................................................................................................................ 62 SAVE EBIPAV6........................................................................................................................................ 63 SET EBIPA INTERCONNECT ..................................................................................................................... 63 SET EBIPA SERVER................................................................................................................................... 64 SET EBIPAV6 INTERCONNECT ................................................................................................................. 65 SET EBIPAV6 SERVER............................................................................................................................... 66 SHOW EBIPA ......................................................................................................................................... 68 SHOW EBIPAV6 ..................................................................................................................................... 70 Enclosure network configuration commands ................................................................................... 75 ADD OA ADDRESS IPV6 .......................................................................................................................... 75 ADD OA DNS ........................................................................................................................................ 75 ADD OA DNS IPV6 ................................................................................................................................. 76 ADD SSHKEY ......................................................................................................................................... 76 ADD SNMP TRAPRECEIVER ...................................................................................................................... 77 ADD SNMP TRAPRECEIVER V3 ................................................................................................................. 77 ADD SNMP USER ................................................................................................................................... 78 ADD TRUSTED HOST ............................................................................................................................... 79 CLEAR LOGIN_BANNER_TEXT ................................................................................................................. 80 CLEAR NTP ............................................................................................................................................ 80 CLEAR SSHKEY ....................................................................................................................................... 80 CLEAR VCMODE .................................................................................................................................... 80 DISABLE ALERTMAIL ................................................................................................................................ 81 DISABLE DHCPV6 ................................................................................................................................... 81 DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT .................................................................................... 81 DISABLE ENCLOSURE_IP_MODE .............................................................................................................. 82 DISABLE HTTPS ....................................................................................................................................... 82 DISABLE FQDN_LINK_SUPPORT ............................................................................................................... 82 DISABLE IPV6 ......................................................................................................................................... 83 DISABLE IPV6DYNDNS ............................................................................................................................ 83 DISABLE LOGIN_BANNER ....................................................................................................................... 83 DISABLE NTP .......................................................................................................................................... 84 DISABLE SECURESH ................................................................................................................................ 84 DISABLE SLAAC ...................................................................................................................................... 84 DISABLE SNMP ....................................................................................................................................... 85 Contents 5 DISABLE TELNET ..................................................................................................................................... 85 DISABLE TRUSTED HOST .......................................................................................................................... 85 DISABLE XMLREPLY .................................................................................................................................. 86 DOWNLOAD CONFIG ........................................................................................................................... 86 DOWNLOAD SSHKEY ............................................................................................................................ 86 ENABLE ALERTMAIL................................................................................................................................. 87 ENABLE DHCPV6 .................................................................................................................................... 87 ENABLE ENCLOSURE_ILO_FEDERATION_SUPPORT .................................................................................... 87 ENABLE ENCLOSURE_IP_MODE ............................................................................................................... 88 ENABLE FQDN_LINK_SUPPORT ................................................................................................................ 88 ENABLE HTTPS ....................................................................................................................................... 89 ENABLE IPV6DYNDNS ............................................................................................................................ 89 ENABLE LOGIN_BANNER ....................................................................................................................... 89 ENABLE IPV6 .......................................................................................................................................... 90 ENABLE NTP .......................................................................................................................................... 90 ENABLE SECURESH ................................................................................................................................ 90 ENABLE SLAAC ...................................................................................................................................... 91 ENABLE SNMP ....................................................................................................................................... 91 ENABLE TELNET ...................................................................................................................................... 91 ENABLE TRUSTED HOST .......................................................................................................................... 92 ENABLE XMLREPLY .................................................................................................................................. 92 REMOVE OA ADDRESS IPV6.................................................................................................................... 92 REMOVE OA DNS .................................................................................................................................. 93 REMOVE OA DNS IPV6........................................................................................................................... 93 REMOVE SNMP TRAPRECEIVER ................................................................................................................ 93 REMOVE SNMP TRAPRECEIVER V3 ........................................................................................................... 94 REMOVE SNMP USER ............................................................................................................................. 94 REMOVE TRUSTED HOST......................................................................................................................... 94 SET ALERTMAIL MAILBOX ........................................................................................................................ 95 SET ALERTMAIL SENDERDOMAIN ............................................................................................................ 95 SET ALERTMAIL SENDERNAME ................................................................................................................ 96 SET ALERTMAIL SMTPSERVER ................................................................................................................... 96 SET FIPS MODE ...................................................................................................................................... 96 SET IPCONFIG ....................................................................................................................................... 97 SET LOGIN_BANNER_TEXT ...................................................................................................................... 97 SET NTP POLL ......................................................................................................................................... 98 SET NTP PRIMARY ................................................................................................................................... 98 SET NTP SECONDARY ............................................................................................................................ 99 SET OA GATEWAY ................................................................................................................................. 99 SET OA NAME ..................................................................................................................................... 100 SET OA UID ......................................................................................................................................... 100 SET SECURESH SERVER KEX DHG1 ........................................................................................................ 100 SET SERIAL BAUD.................................................................................................................................. 100 SET SNMP COMMUNITY....................................................................................................................... 101 SET SNMP ENGINEID ........................................................................................................................... 101 SET SNMP CONTACT ........................................................................................................................... 102 SET SNMP LOCATION .......................................................................................................................... 102 SHOW FIPS MODE ............................................................................................................................... 102 SHOW HEALTH .................................................................................................................................... 103 SHOW LOGIN_BANNER ...................................................................................................................... 105 SHOW NETWORK ............................................................................................................................... 105 SHOW SNMP ...................................................................................................................................... 108 SHOW SNMP USER .............................................................................................................................. 108 Contents 6 SHOW SSHFINGERPRINT ...................................................................................................................... 109 SHOW SSHKEY .................................................................................................................................... 109 SHOW VCMODE ................................................................................................................................. 109 TEST ALERTMAIL ................................................................................................................................... 110 TEST SNMP .......................................................................................................................................... 110 Enclosure management commands ............................................................................................. 111 ADD LANGUAGE ................................................................................................................................. 111 CLEAR SYSLOG .................................................................................................................................... 111 CONNECT ENCLOSURE ....................................................................................................................... 111 DISABLE DHCP_DOMAIN_NAME ........................................................................................................... 112 DISABLE GUI_LOGIN_DETAIL ................................................................................................................. 112 DISABLE LLF .......................................................................................................................................... 112 ENABLE DHCP_DOMAIN_NAME ........................................................................................................... 113 ENABLE GUI_LOGIN_DETAIL ................................................................................................................. 113 ENABLE LLF .......................................................................................................................................... 113 REMOVE LANGUAGE ........................................................................................................................... 114 RESTART OA ........................................................................................................................................ 114 SET DATE ............................................................................................................................................. 114 SET DISPLAY EVENTS ............................................................................................................................ 115 SET ENCLOSURE ASSET ........................................................................................................................ 115 SET ENCLOSURE NAME ........................................................................................................................ 116 SET ENCLOSURE PART_ NUMBER .......................................................................................................... 116 SET ENCLOSURE PDU_TYPE ................................................................................................................... 116 SET ENCLOSURE SERIAL_NUMBER ......................................................................................................... 117 SET ENCLOSURE UID ............................................................................................................................ 117 SET LLF INTERVAL .................................................................................................................................. 117 SET OA DOMAIN_NAME ...................................................................................................................... 118 SET OA USB ......................................................................................................................................... 118 SET POWER MODE............................................................................................................................... 119 SET POWER LIMIT ................................................................................................................................. 119 SET POWER SAVINGS .......................................................................................................................... 119 SET TIMEZONE..................................................................................................................................... 120 SHOW CONFIG .................................................................................................................................. 120 SHOW DATE ....................................................................................................................................... 121 SHOW DISPLAY EVENTS ....................................................................................................................... 121 SHOW ENCLOSURE FAN ..................................................................................................................... 122 SHOW ENCLOSURE INFO .................................................................................................................... 122 SHOW ENCLOSURE LCD ...................................................................................................................... 123 SHOW ENCLOSURE POWER_SUMMARY ............................................................................................... 124 SHOW ENCLOSURE POWERSUPPLY ...................................................................................................... 125 SHOW ENCLOSURE STATUS ................................................................................................................. 126 SHOW ENCLOSURE TEMP .................................................................................................................... 126 SHOW FRU .......................................................................................................................................... 127 SHOW LANGUAGES ............................................................................................................................ 129 SHOW OA .......................................................................................................................................... 130 SHOW OA CERTIFICATE ....................................................................................................................... 130 SHOW OA INFO ................................................................................................................................. 130 SHOW OA NETWORK ......................................................................................................................... 131 SHOW OA STATUS .............................................................................................................................. 132 SHOW OA UPTIME .............................................................................................................................. 133 SHOW OA USB ................................................................................................................................... 133 SHOW POWER .................................................................................................................................... 134 SHOW SYSLOG ................................................................................................................................... 134 Contents 7 SHOW SYSLOG OA ............................................................................................................................. 135 SHOW SYSLOG HISTORY ..................................................................................................................... 136 UPDATE ............................................................................................................................................... 137 UPDATE ILO ......................................................................................................................................... 138 UPDATE IMAGE FW_ISO ....................................................................................................................... 138 UPLOAD CONFIG................................................................................................................................. 139 UPLOAD SUPPORTDUMP ....................................................................................................................... 140 UPLOAD SYSLOG ................................................................................................................................. 140 Enclosure Firmware Management commands ............................................................................... 141 DISCOVER FIRMWARE SERVER .............................................................................................................. 141 DISABLE FIRMWARE MANAGEMENT ..................................................................................................... 141 ENABLE FIRMWARE MANAGEMENT ...................................................................................................... 141 SET FIRMWARE MANAGEMENT ............................................................................................................ 141 SET FIRMWARE MANAGEMENT URL ...................................................................................................... 142 SET FIRMWARE MANAGEMENT POLICY ................................................................................................ 142 SET FIRMWARE MANAGEMENT POWER ................................................................................................ 142 SET FIRMWARE MANAGEMENT SCHEDULE ........................................................................................... 143 SET FIRMWARE MANAGEMENT BAYS_TO_INCLUDE SERVER ................................................................... 143 SET FIRMWARE MANAGEMENT FORCE DOWNGRADE .......................................................................... 144 SHOW FIRMWARE ............................................................................................................................... 144 SHOW FIRMWARE MANAGEMENT ....................................................................................................... 144 SHOW FIRMWARE MANAGEMENT LOG ............................................................................................... 145 SHOW FIRMWARE SUMMARY .............................................................................................................. 145 SHOW FIRMWARE SUMMARY CSV ....................................................................................................... 147 SHOW FIRMWARE LOG SERVER............................................................................................................ 148 SHOW FIRMWARE LOG SESSION ......................................................................................................... 149 SHOW SERVER FIRMWARE ................................................................................................................... 149 UPDATE FIRMWARE SERVER .................................................................................................................. 150 Blade management commands ................................................................................................... 151 CONNECT SERVER ............................................................................................................................... 151 HPONCFG ........................................................................................................................................... 151 POWEROFF SERVER.............................................................................................................................. 153 POWERON SERVER .............................................................................................................................. 153 REBOOT SERVER .................................................................................................................................. 154 SET NIC ............................................................................................................................................... 154 SET SERVER BOOT ................................................................................................................................ 154 SET SERVER BOOT FIRST ....................................................................................................................... 155 SET SERVER BOOT ONCE ..................................................................................................................... 155 SET SERVER POWERDELAY .................................................................................................................... 156 SET SERVER UID .................................................................................................................................... 156 SHOW SERVER BOOT .......................................................................................................................... 157 SHOW SERVER INFO............................................................................................................................ 157 SHOW SERVER LIST .............................................................................................................................. 159 SHOW SERVER NAMES ........................................................................................................................ 160 SHOW SERVER PORT MAP .................................................................................................................... 160 SHOW SERVER POWERDELAY ............................................................................................................... 162 SHOW SERVER STATUS ........................................................................................................................ 163 SHOW SERVER TEMP ............................................................................................................................ 164 SHOW SYSLOG SERVER ....................................................................................................................... 166 UNASSIGN SERVER .............................................................................................................................. 167 Interconnect management commands .......................................................................................... 168 Contents 8 ASSIGN INTERCONNECT ..................................................................................................................... 168 CLEAR INTERCONNECT SESSION ......................................................................................................... 168 CONNECT INTERCONNECT ................................................................................................................. 168 POWEROFF INTERCONNECT ................................................................................................................ 169 POWERON INTERCONNECT ................................................................................................................ 169 RESTART INTERCONNECT ..................................................................................................................... 169 SET INTERCONNECT ADMIN_PASSWORD FACTORY .............................................................................. 170 SET INTERCONNECT FACTORY ............................................................................................................. 170 SET INTERCONNECT POWERDELAY ...................................................................................................... 171 SET INTERCONNECT UID ...................................................................................................................... 171 SHOW INTERCONNECT ....................................................................................................................... 171 SHOW INTERCONNECT INFO .............................................................................................................. 173 SHOW INTERCONNECT LIST ................................................................................................................ 175 SHOW INTERCONNECT PORT MAP ...................................................................................................... 176 SHOW INTERCONNECT POWERDELAY ................................................................................................. 176 SHOW INTERCONNECT SESSIONS ...................................................................................................... 177 SHOW INTERCONNECT STATUS........................................................................................................... 177 Active Health System commands................................................................................................. 179 ENABLE ACTIVE HEALTH SYSTEM........................................................................................................... 179 DISABLE ACTIVE HEALTH SYSTEM .......................................................................................................... 179 Enclosure DVD commands ......................................................................................................... 180 SET SERVER DVD .................................................................................................................................. 180 SHOW SERVER DVD ............................................................................................................................. 180 Remote syslog commands .......................................................................................................... 182 DISABLE SYSLOG REMOTE .................................................................................................................... 182 ENABLE SYSLOG REMOTE..................................................................................................................... 182 SET REMOTE SYSLOG PORT .................................................................................................................. 182 SET REMOTE SYSLOG SERVER ............................................................................................................... 183 SHOW SYSLOG SETTINGS ................................................................................................................... 183 TEST SYSLOG ....................................................................................................................................... 183 Remote syslog example .......................................................................................................................... 184 USB support commands ............................................................................................................. 185 DOWNLOAD CONFIG using USB key .................................................................................................... 185 SET SERVER DVD for USB key ................................................................................................................. 185 SHOW USBKEY .................................................................................................................................... 185 UPDATE IMAGE using USB key ............................................................................................................... 186 UPLOAD CONFIG using USB key............................................................................................................ 187 VLAN commands ...................................................................................................................... 188 ADD VLAN ........................................................................................................................................... 188 DISABLE VLAN ...................................................................................................................................... 188 EDIT VLAN ........................................................................................................................................... 188 ENABLE VLAN ...................................................................................................................................... 189 REMOVE VLAN..................................................................................................................................... 189 SAVE VLAN .......................................................................................................................................... 189 SET VLAN DEFAULT ............................................................................................................................... 189 SET VLAN FACTORY ............................................................................................................................. 190 SET VLAN INTERCONNECT ................................................................................................................... 190 SET VLAN IPCONFIG ............................................................................................................................ 190 SET VLAN IPCONFIG DHCP ................................................................................................................... 191 SET VLAN IPCONFIG SAVE ................................................................................................................... 191 Contents 9 SET VLAN IPCONFIG STATIC ................................................................................................................. 191 SET VLAN OA ...................................................................................................................................... 192 SET VLAN REVERT ................................................................................................................................. 192 SET VLAN SERVER................................................................................................................................. 192 SHOW VLAN ....................................................................................................................................... 192 HP Insight Remote Support commands ......................................................................................... 194 ADD REMOTE_SUPPORT CERTIFICATE .................................................................................................... 194 DOWNLOAD REMOTE_SUPPORT CERTIFICATE ....................................................................................... 194 ENABLE REMOTE_SUPPORT DIRECT........................................................................................................ 195 ENABLE REMOTE_SUPPORT IRS ............................................................................................................. 196 ENABLE REMOTE_SUPPORT MAINTENANCE .......................................................................................... 196 DISABLE REMOTE_SUPPORT .................................................................................................................. 197 DISABLE REMOTE_SUPPORT MAINTENANCE .......................................................................................... 197 REMOVE REMOTE_SUPPORT CERTIFICATE .............................................................................................. 197 SEND REMOTE_SUPPORT DATACOLLECTION ......................................................................................... 197 SET REMOTE_SUPPORT DIRECT ONLINE_REGISTRATION_COMPLETE ........................................................ 198 SET REMOTE_SUPPORT DIRECT PROXY ................................................................................................... 198 SHOW REMOTE_SUPPORT .................................................................................................................... 198 SHOW REMOTE_SUPPORT CERTIFICATE ................................................................................................. 199 SHOW REMOTE_SUPPORT EVENTS ....................................................................................................... 200 TEST REMOTE_SUPPORT ........................................................................................................................ 200 Enclosure Dynamic Power Cap commands .................................................................................. 202 SET ENCLOSURE POWER_CAP .............................................................................................................. 202 SET ENCLOSURE POWER_CAP_BAYS_TO_EXCLUDE ................................................................................ 202 SHOW ENCLOSURE POWER_CAP ......................................................................................................... 203 SHOW ENCLOSURE POWER_CAP_BAYS_TO_EXCLUDE........................................................................... 203 Event notifications ..................................................................................................................... 204 Enclosure event notifications ................................................................................................................... 204 Command line event notifications ............................................................................................................ 204 Support and other resources ...................................................................................................... 207 Before you contact HP............................................................................................................................ 207 HP contact information ........................................................................................................................... 207 Time zone settings .................................................................................................................... 208 Universal time zone settings .................................................................................................................... 208 Africa time zone settings ........................................................................................................................ 208 Americas time zone settings .................................................................................................................... 209 Asia time zone settings .......................................................................................................................... 210 Oceanic time zone settings ..................................................................................................................... 211 Europe time zone settings ....................................................................................................................... 212 Polar time zone settings .......................................................................................................................... 212 Acronyms and abbreviations ...................................................................................................... 214 Documentation feedback ........................................................................................................... 217 Index ....................................................................................................................................... 218 Contents 10 Introduction What's new The following changes have been made to this guide, published with the release of Onboard Administrator firmware version 4.20: • The ADD CA CERTIFICATE command restrictions were updated. • The ADD LANGUAGE command description was updated. • The ADD HPSIM CERTIFICATE command restrictions were updated. • The ADD LDAP CERTIFICATE command restrictions were updated. • The ADD OA ADDRESS IPV6 command restrictions were updated. • The ADD REMOTE_SUPPORT CERTIFICATE command restrictions were updated. • The ADD SSHKEY command restrictions were updated. • The ADD TRUSTED HOST command restrictions were updated. • The DISABLE FQDN_LINK_SUPPORT command was added. • The DISABLE IPV6 command description was updated. • The DOWNLOAD CA CERTIFICATE command description and restrictions were updated. • The DOWNLOAD CONFIG command description was updated. • The DOWNLOAD HPSIM CERTIFICATE command description was updated. • The DOWNLOAD LDAP CERTIFICATE command description and restrictions were updated. • The DOWNLOAD OA CERTIFICATE command description and restrictions were updated. • The DOWNLOAD REMOTE_SUPPORT CERTIFICATE command description and restrictions were updated. • The DOWNLOAD SSHKEY command description and restrictions were updated. • The DOWNLOAD USER CERTIFICATE command restrictions were updated. • The ENABLE FQDN_LINK_SUPPORT command was added. • The ENABLE DHCPV6 command description and restrictions were updated. • The ENABLE SLAAC command description and restrictions were updated. • The GENERATE CERTIFICATE command description and restrictions were updated. The GENERATE CERTIFICATE prompts information for Alternative Name was updated. • The GENERATE KEY command description and restrictions were updated. • The PING command line, description, and restrictions were updated. • The SET ALERTMAIL SENDERNAME command was added. • The SET EBIPAV6 INTERCONNECT command line and restrictions were updated. Introduction 11 • The SET EBIPAV6 SERVER command line and restrictions were updated. • The SET FACTORY command description was updated. • The SET FIPS MODE command restrictions were updated. • The SET FIRMWARE MANAGEMENT command restrictions were updated. • The SET INTERCONNECT ADMIN_PASSWORD FACTORY command was added. • The SET INTERCONNECT FACTORY command was added. • The SET OA GATEWAY command line, description, and restrictions were updated. • The SET POWER SAVINGS command description and restrictions were updated. • The SET USER CERTIFICATE restrictions were updated. • The SHOW EBIPAV6 command example was updated. • The SHOW NETWORK command description and example were updated. • The SHOW OA NETWORK command restrictions and example were updated. • The UPDATE IMAGE FW_ISO command description was updated. • The UPLOAD CONFIG command description was updated. • The UPLOAD SUPPORTDUMP command description was updated. • The UPLOAD SYSLOG command description was updated. Introduction 12 Accessing the command line interface Remote access to the Onboard Administrator The Onboard Administrator CLI can be accessed remotely through any Telnet or SSH session. Telnet session 1. Open a command-line window from a network-connected client. 2. At the prompt, telnet to the IP address of the Onboard Administrator and press Enter. For example, telnet 192.168.100.130, where the IP address is the address of your Onboard Administrator. 3. Enter a valid user name and press Enter. 4. Enter a valid password and press Enter. The CLI command prompt displays. 5. Enter commands for the Onboard Administrator. 6. To terminate the remote access telnet session, enter Exit, Logout, or Quit at the CLI command prompt. SSH session 1. Start a SSH session to the Onboard Administrator using any SSH client application. 2. When prompted, enter the assigned IP address or DNS name of the Onboard Administrator and press Enter. 3. Enter a valid user name and press Enter. 4. Enter a valid password and press Enter. The CLI command prompt displays. 5. Enter commands for the Onboard Administrator. 6. To terminate the remote access SSH session, close the communication software or enter Exit, Logout, or Quit at the CLI command prompt. Local access to the Onboard Administrator The Onboard Administrator can be accessed locally through a serial port connector on the rear of the Onboard Administrator module. Use a laptop or another computer as a serial console to communicate with the Onboard Administrator. A laptop or PC connected to the Onboard Administrator serial port requires a null-modem cable. The minimum connection to an external console is pins 2, 3, and 5. 1. Connect a serial cable between the serial port on the computer and the corresponding serial port on the Onboard Administrator module. The following table is for the DB9 serial (RS232) port and shows the pinout and signals for the RS232 connector. The signal direction is DTE (computer) relative to the DCE (modem). Pin Name Signal direction Description 1 CD <<-- Carrier detect 2 RXD <<-- Receive data 3 TXD -->> Transmit data Accessing the command line interface 13 Pin Name Signal direction 4 DTR -->> 5 GND 6 DSR <<-- Data set ready 7 RTS -->> Request to send 8 CTS <<-- Clear to send 9 RI <<-- Ring indicator 2. Description Data terminal ready System ground Use any standard communication software to launch a terminal emulation session with the following parameters: Parameter Value Transmission rate 9600 bps Data bits 8 Parity None Stop bits 1 Protocol None 3. When prompted, enter a valid user name, and then press Enter. 4. Enter a valid password, and press Enter. The CLI command prompt appears. 5. Enter commands for the Onboard Administrator. 6. To terminate the terminal session, enter Exit at the prompt. Accessing the command line interface 14 Command line Command line overview The CLI can be used as an alternative method for managing the Onboard Administrator. Using the CLI can be useful in the following scenarios: • HP Management Applications (for example: Systems Insight Manager, Insight Control tools, and so on) can query the Onboard Administrator for information these tools need to present a complete management view of HP BladeSystem enclosures and the devices contained within. This interface is also used by the Management tools to execute provisioning and configuration tasks to devices within the enclosure. • Users can develop tools that utilize Onboard Administrator functions for data collection and for executing provisioning and configuration tasks. • When no browser is available or you prefer to use a Linux command line interface to access management data and perform configuration tasks. Command line conventions CLI input is case-insensitive except when otherwise noted. Commands are organized into a tree, with approximately 30 base commands. Each of these commands can have any number of subcommands. Subcommands can also have further subcommands. Each command used in this guide follows the conventions listed in the following table. Symbol DescriptionDenotes the variable within the symbols that must be substituted with a value, such as a user name. Symbols must be removed. UPPER CASE Denotes input to be entered as shown. Unless noted, symbols are not case-sensitive. | Used to separate input options. Denotes a list of mandatory choices that must be made. For example, SET ENCLOSURE UID {ON | OFF} must be in the form of either of the following: { } • • SET ENCLOSURE UID ON SET ENCLOSURE UID OFF Denotes an optional argument or set of characters. [ ] Used to enclose command arguments that contain spaces and special characters. " " Reserved words The following words can only be used in specific situations with the Onboard Administrator CLI: • PASSWORD Command line 15 • TEST Because these words indicate specific functions within the Onboard Administrator firmware, they are only allowed where explicitly defined in the help documentation for a command. Attempts to use reserved words in a command where not allowed results in an Invalid Arguments error. A local user account cannot be created by using these reserved words. HP Integrity server blade restrictions HP Integrity server blades do not support all commands. See specific commands for restrictions on HP Integrity server blades. The following commands are not applicable to HP Integrity server blades • Hponcfg • Set Server Boot • Set Server Boot Once • Show Server Boot • Show Syslog Server • Update iLO Access level and privileges Onboard Administrator accounts are created with a username, password, privilege level, and permissions to Device bays and Interconnect bays on the Onboard Administrator. You cannot delete or modify the privileges of the default Administrator account on the Onboard Administrator. You can only change the password for the Administrator account. The following table indicates the capabilities of the user based on their privileges and permitted bays. Account classification Capabilities Administrator • • • • Account name / Privilege level Administrator / All commands administrator Local account, not LDAP Only account remaining after a reset Onboard Administrator to factory defaults (account retains configured Administrator password) Administrator account password can be reset to factory default through the Onboard Administrator serial port using L lost Bays selected for this account All Command line 16 Account classification Capabilities • Account name / Privilege level Bays selected for this account password recovery option Can download, add, and clear SSHKey. This key only works with the Administrator account. OA administrator • • username / administrator OA bays (all bays All commands automatically selected) Allows access to all aspects of the HP BladeSystem Enclosure and Onboard Administrator including configuration, firmware updates, user management, and resetting default settings. administrator • username / administrator No OA bays and only Can perform all selected device bays and operations to interconnect bays permitted device bays and interconnect bays including virtual power and console access administrator permission on device iLO • OA bays and can have other bays selected, but the capabilities for the other bays are defined in operator* OA operator • Allows access to all username / operator aspects of the HP BladeSystem Enclosure and Onboard Administrator, with the exception of user management operator • Can perform all operations to permitted device bays and interconnect bays including virtual power and console access operator permission on device iLO username / operator Selected device bays and interconnect bays Can view status and username / user OA bays and can have other • OA user • Command line 17 Account classification Capabilities • • user • • • • Account name / Privilege level Bays selected for this account information of enclosure Can view CLI history bays selected, but the capabilities for the other bays are defined in user Can view status and username / user information of selected bays Can view CLI history Can set password for own account Can set user contact information for own account Can show CLI commands No OA bays and some device bays and interconnect bays *EBIPA and VLAN features allow access to all bays for an OA operator. Account authentication Local users • This is the default setting. Local user accounts are directly authenticated against a password for each account stored on the active Onboard Administrator. • Account modifications are automatically synchronized between both Onboard Administrator modules if two are present. • Local users may be disabled if LDAP is enabled, leaving the Administrator account as the only local account that cannot be disabled. LDAP users • The Enable/Disable LDAP is an optional setting. LDAP enabled can be used with local users enabled or disabled. • The Onboard Administrator will use configured LDAP server and search context to request account authentication. • Configuration of the LDAP group will determine the privileges instead of the username. • If a user is configured for multiple groups with different privileges and bay permissions, then the user will have the highest privileges and the combination of all permitted bays. • In version 2.10 or higher, if the user logged into the Onboard Administrator is an LDAP user then the Onboard Administrator enforces the iLO license and requires that the iLO have a Select license before allowing the AutoLogin to iLO. AutoLogin to iLO The following table indicates Onboard Administrator account privileges mapped to iLO privileges when using Onboard Administrator AutoLogin. Command line 18 iLO privileges administrator operator Administer user accounts X Remote console access X X Virtual power and reset X X Virtual media X X Configure iLO settings X Login to iLO X X user X Command line 19 General commands CLEAR SCREEN • • Command: CLEAR SCREEN Description: Clears the terminal screen • Access level: Administrator, Operator, User EXIT • • Command: EXIT Description: Exits the command line interpreter • Access level: Administrator, Operator, User HELP • • Command: HELP Description: If you supply a command, the usage and help text for the command appears. If no argument is given, all base commands appear. • Access level: Administrator, Operator, User • Example: OA-0018FE27577F> HELP ADD | ASSIGN | CLEAR | CONNECT | DISABLE | DISCOVER | DOWNLOAD | EDIT | ENABLE | EXIT | FORCE | GENERATE | HELP | HISTORY | HPONCFG | LOGOUT | PING | POWEROFF | POWERON | QUIT | REBOOT | REMOVE | RESET | RESTART | SAVE | SEND | SET | SHOW | SLEEP | TEST | UNASSIGN | UPDATE | UPLOAD LOGOUT • Command: General commands 20 • LOGOUT Description: Exits the command line interpreter • Access level: Administrator, Operator, User QUIT • • Command: QUIT Description: Exits the command line interpreter • Access level: Administrator, Operator, User General commands 21 Rack commands SET RACK NAME • • Command: SET RACK NAME Description: Sets the rack name • Access level/Bay level: OA administrator, OA operator • Restrictions: The must be a maximum of 32 characters long and includes all alphanumeric, the dash, and the underscore characters. UnnamedRack is the default rack name. SHOW RACK INFO • • Command: SHOW RACK INFO Description: Displays the rack information for the enclosure • Access level/Bay level: All • Restrictions: None • Example: OA-0018FE27577F> SHOW RACK INFO Rack Information: Product Description: ASSY, RACK 10642 G2 Part Number: 383573-001 Rack Identifier: 2UJ848000H Rack U Height: 42 Or Location hardware not found (No hardware support) Or Location data error (Hardware support available – invalid data) Rack commands 22 SHOW RACK NAME • • Command: SHOW RACK NAME Description: Displays the user defined rack name setting for the enclosure • Access level/Bay level: All • Restrictions: None • Example: OA-0018FE27577F> SHOW RACK NAME Rack Name: UnnamedRack SHOW TOPOLOGY • • • Command: SHOW TOPOLOGY [IPV6] Description: o Displays information about the enclosures connected by the enclosure link o Displays a table with the enclosure name, UUID, Enclosure Rack U Position, overall health of the enclosure, and the IP address o Displays IPv4 information by default. To display IPv6 information, enter the IPV6 keyword Access level/Bay level All • • Restrictions: To display IPv6 address and address type only, use the IPv6 keyword. Example: OA-0018FE2F6941> show topology Detecting linked enclosures .. Rack Topology (top-down) Rack UUID: 09USE818AMMP Rack Name: r12 Enclosure Name Status Local IP Address Rack U Position -------------------------------- -------- --------------------------USE818AMMP OK Yes 172.16.1.58 USE812AMMP OK No 172.16.1.59 --hardware not found-- UUID --------------09USE818AMMP 09USE812AMMP Rack commands 6 23 USE813AMMP --data error-- OK No 172.16.1.60 09USE813AMMP OA-E4115BECFBAB> SHOW TOPOLOGY IPV6 Detecting linked enclosures .... Rack Topology (top-down) Rack UUID: 09SGH211PHT1 Warning! Enclosures have different rack names! Enclosure Name Rack Name -------------------------------- -------------------------------OA-E83935AC65EF UnnamedRack 1234567890 Rack103 Enclosure Name Local -------------------------------- ------------------------------------------OA-E83935AC65EF No 2001:acdc:aabb:bbcc:ccdd:dddd:eeee:183 1234567890 Yes 2001:acdc:aabb:bbcc:ccdd:dddd:eeee:163 IP Address Rack commands 24 User account commands ADD USER • • Command: ADD USER " " [" "] Description: Adds a user to the system. If you do not provide a password, you are prompted for one. If SCRIPT MODE is enabled and the password is not provided, the password is assigned an unmatched string. This unmatched string requires an enclosure administrator to change the password to allow the new user to access the system. • Access level/Bay level: OA administrator • Restrictions: o You can add a maximum of 30 users, including the reserved accounts. o The is case sensitive and must be unique to all other user names and group names. The must be 1 to 40 characters long and can include all alphanumeric characters, the dash, and the underscore. o The must begin with a letter. o The must be three to eight characters long for firmware 1.00 through 1.30 and 3 to 40 characters long for firmware 2.00 and later. The character set includes all printable characters. If you do not enter a password, you are prompted to enter one. o Reserved user names are: ALL (case insensitive) ADMINISTRATOR (case insensitive), switch1, switch2, switch3, switch4, switch5, switch6, switch7, switch8, ldapuser, and nobody. ASSIGN • Command: • ASSIGN {SERVER | INTERCONNECT} { | ALL | - } {" " | LDAP GROUP " "} *OR* ASSIGN OA {" " | LDAP GROUP " "} Assigns one or more bays to a user or group • Access level/Bay level: OA administrator • Restrictions: The is case sensitive. If a bay is presently assigned to a user, you must unassign the bay first. User account commands 25 ASSIGN OA • • Command: ASSIGN OA {" " | LDAP GROUP " "} Description: Assigns the Onboard Administrators specified to an existing user or group • Access level/Bay level: OA administrator • Restrictions: The is case sensitive. DISABLE USER • • Command: DISABLE USER " " Description: Disables a user account. The system immediately logs out the user and prevents the user from logging in until the account is enabled. CLI sessions are terminated and all future SOAP web accesses fail. • Access level/Bay level: OA administrator • Restrictions: o The is case sensitive. o You cannot disable the built-in Administrator account DISABLE STRONG PASSWORDS • • Command: DISABLE STRONG PASSWORDS Description: Removes strong password requirements for user passwords • Access level/Bay level: OA administrator • Restrictions: o Only Administrators with Onboard Administrator permission are allowed to manage strong passwords. o You cannot disable strong passwords when in FIPS Mode ON/DEBUG. ENABLE STRONG PASSWORDS • Command: User account commands 26 • ENABLE STRONG PASSWORDS Description: When enabled, this command requires that a user's password contain at least one character from three of the four categories. The four categories include: • o Uppercase o Lowercase o Numeric o Nonalphanumeric Access level/Bay level: OA administrator • Restrictions: o Only Administrators with Onboard Administrator permission are allowed to manage strong passwords. o Strong passwords are enabled by default in FIPS Mode ON/DEBUG. ENABLE USER • • • Command: ENABLE USER " " Description: Enables a user account that was previously disabled by the DISABLE USER command Access level/Bay level: OA administrator • Restrictions: The is case sensitive. HISTORY • • Command: HISTORY Description: Shows the history of commands for the current session • Access level/Bay level: All • Restrictions: None User account commands 27 REMOVE USER • • Command: REMOVE USER {ALL | " " | CERTIFICATE " "} Description: Removes a user from the system and/or any certificate mapped to the user. If you specify ALL, then the command is run for all users except the default system accounts. • Access level/Bay level: OA administrator • Restrictions: o The is case sensitive. o You cannot remove the Administrator account. SET MINIMUM PASSWORD LENGTH • • Command: SET MINIMUM PASSWORD LENGTH Description: Sets a minimum length for passwords. When set, a user's password must contain at least the number of characters specified. • Access level/Bay level: OA administrator • Restrictions: o The minimum password length can be set between 3 and 40 characters. o In FIPS Mode ON/DEBUG, the minimum password length can be set between 8 and 40 characters. SET PASSWORD • • Command: SET PASSWORD [" "] Description: Sets the password of the user that executed the command. If you do not provide a password on the command line, you are prompted for one. • Access level/Bay level: All • Restrictions: o The must be 3 to 8 characters long for firmware 1.00 through 1.30 and 3 to 40 characters long for firmware 2.00 and later. When in FIPS Mode ON/DEBUG, the password length must be between 8 and 40 characters. The minimum password length setting may be overwritten through the SET MINIMUM PASSWORD LENGTH command. User account commands 28 o When in FIPS Mode OFF, the character set includes all printable characters. When in FIPS Mode ON/DEBUG, the password must contain at least one character from three of the four types of characters. The four types are upper-case, lower-case, numeric, and non-alphanumeric. SET SESSION TIMEOUT • • Command: SET SESSION TIMEOUT Description: Sets the number of minutes before inactive sessions are removed. The default setting is 1440. • Access level/ Bay level: OA administrator • Restriction: Valid session timeout values range from 10 to 1440 minutes (24 hours). SET USER ACCESS • • Command: SET USER ACCESS " " {ADMINISTRATOR | OPERATOR | USER} Description: Sets the user access level. Additionally, use the ASSIGN command to give the user access rights to the Onboard Administrator, server bays, and interconnect bays. • Access level/Bay level: OA administrator • Restrictions: None SET USER CONTACT • • Command: SET USER CONTACT [" "] " " Description: Sets the contact information field for the user. If there is no , the command modifies the contact information of the user who executed the command. • • Access level/Bay level: o All users can modify their own contact information. o The OA administrator can modify all users. Restrictions: o The is case sensitive. The must be a maximum of 20 characters long and includes all alphanumeric characters, the dash, the underscore, and spaces. o The default contact information is blank. User account commands 29 o You must use double quotes if the contact information contains any spaces. SET USER FULLNAME • • Command: SET USER FULLNAME [" "] " " Description: Sets a user's full name. If you do not specify a , then the command modifies the full name of the user who is currently logged in. • • Access level/Bay level: o OA administrator o All users can modify their own full name. Restrictions: o The is case sensitive. The must be a maximum of 20 characters long and includes all alphanumeric, the dash, the underscore, and the space characters. o The default full name is blank. SET USER PASSWORD • • Command: SET USER PASSWORD " " [" "] Description: Sets a user's password. If you do not supply a password on the command line, you are prompted for one. • Access level/Bay level OA administrator OA operator and User access level users can change their own passwords. • Restrictions: o Only OA administrators can modify another user's password. Only the Administrator account can modify the password of the Administrator account. o The is case sensitive. o The must be 3 to 8 characters long for firmware 1.00 through 1.30 and 3 to 40 characters long for firmware 2.00 and later. When in FIPS Mode ON/DEBUG, the password length must be between 8 and 40 characters. The minimum password length setting may be overwritten through the SET MINIMUM PASSWORD LENGTH command. o When in FIPS Mode OFF, the character set includes all printable characters. When in FIPS Mode ON/DEBUG, the password must contain at least one character from three of the four types of characters. The four types are upper-case, lower-case, numeric, and non-alphanumeric. SHOW PASSWORD SETTINGS • Command: User account commands 30 • SHOW PASSWORD SETTINGS Description: Displays the current minimum password length and strong password settings • Access level/Bay level: All users • Restrictions: None • Example: OA-0018FE27577F>SHOW PASSWORD SETTINGS Strong Passwords: Disabled Minimum Password Length: 3 SHOW SESSION TIMEOUT • • Command: SHOW SESSION TIMEOUT Description: Displays the current Onboard Administrator user session timeout. The session timeout is the number of minutes before inactive sessions are removed. • Access level/Bay level: All • Restriction: None • Example: >SHOW SESSION TIMEOUT Session Timeout: 1440 minutes SHOW USER • • • Command: SHOW USER [LIST | " "] Description: o Displays the user's full name, contact information, access rights, account status, and bays that the user can access. o If you enter LIST and you are an OA administrator, the information for every user is listed. An asterisk before a user name denotes the current user. o If a user name or LIST are not entered, information for the current user is displayed. Access level/Bay level: All • Restrictions: o The is case sensitive. User account commands 31 o • Users who do not have OA administrator access levels can only view their user information. Example: OA-0018FE27577F> SHOW USER Local User "Administrator" Information: Full name: System Administrator Contact Info: User Rights: Admin Account Status: Enabled Server Bay Access List: 1 1A 1B 2 2A 2B 3 3A 3B 4 4A 4B 5 5A 5B 6 6A 6B 7 7A 7B 8 8A 8B Interconnect Bay Access List: 1 2 3 4 OA Access: Yes SLEEP • • Command: SLEEP Description: Pauses the sessions for a fixed period of time. This command is useful for adding delays to scripts. After the pause has started, you cannot continue the session before time runs out. However, you can terminate the session and start another session. • Access level/Bay level: All • Restrictions: The field must be a whole number from 1 to 86400. UNASSIGN • • Command: UNASSIGN {SERVER | INTERCONNECT} { | ALL | - } {" " | LDAP GROUP " "} *OR* UNASSIGN OA {" " | LDAP GROUP " "} Description: Removes a bay from the user • Access level/Bay level: OA administrator • Restrictions: The is case sensitive. UNASSIGN OA • Command: User account commands 32 • UNASSIGN {SERVER | INTERCONNECT} { | ALL | - } {" " | LDAP GROUP " "} *OR* UNASSIGN OA {" " | LDAP GROUP " "} Description: Removes the Onboard Administrator from the control of the user that it is currently assigned • Access level/Bay level: OA administrator • Restrictions: The is case sensitive. User account commands 33 Two-Factor Authentication commands ADD CA CERTIFICATE • • Command: ADD CA CERTIFICATE <\n> <\n> Description: Adds a CA certificate on the command line. To add the certificate: a. Start with a string that does not appear within the certificate (the end marker). b. Insert a newline character by pressing Enter. c. Paste in the certificate. d. Insert a newline character by pressing Enter. e. Insert the end marker. f. Issue the command by pressing Enter. Failure to give a proper end marker before and after the certificate might cause the interface to wait for the appropriate end marker indefinitely. • Access level/Bay level: OA administrator • Restrictions: o This command is only available in script mode. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. DISABLE CRL • • Command: DISABLE CRL Description: Disables certificate revocation checks • Access level/Bay level: OA administrator • Restrictions: None DISABLE TWOFACTOR • Command: Two-Factor Authentication commands 34 • DISABLE TWOFACTOR Description: Disables Two-Factor Authentication • Access level/Bay level: OA administrator • Restrictions: None DOWNLOAD CA CERTIFICATE • • • Command: DOWNLOAD CA CERTIFICATE " " Description: o Downloads a CA certificate to act as the trusted certification authority to validate user certificates when using Two-Factor Authentication. o Specify a URL where this certificate can be found. o Supported protocols are HTTP, FTP, and TFTP. o Format the URL as protocol://host/path/file. o If your FTP server does not support anonymous connections, you can specify a user name and password in the format ftp://username:password@host/path/file. o The URL syntax for IPv4 addresses is protocol:// /path/file. o The URL syntax for IPv6 addresses is protocol://[ ]/path/file. Access level/Bay level: OA administrator • Restrictions: o Allows the download of up to five different certificates. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. DOWNLOAD USER CERTIFICATE • • • Command: DOWNLOAD USER CERTIFICATE " " Description: o Downloads an x.509 certificate for the user from . The file at must be a Base64 PEM encoded file. o Downloads a CA certificate used in Two-Factor Authentication. Access level/Bay level: OA administrator • Restrictions: Two-Factor Authentication commands 35 When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. REMOVE CA CERTIFICATE • Command: REMOVE CA CERTIFICATE " " • Description: • Removes the trust certificate corresponding to the SHA1 . Any users having their certificates issued by this CA can no longer login if Two-Factor Authentication is enabled. • Access level/Bay level: OA administrator • Restrictions: None REMOVE USER CERTIFICATE • • Command: REMOVE USER CERTIFICATE " " Description: Removes the user certificate. If Two-Factor Authentication is enabled, this user no longer has access through HTTPS. • Access level/Bay level: OA administrator • Restrictions: None SET USER CERTIFICATE • • Command: SET USER CERTIFICATE " " <\n> <\n> Description: Maps a certificate (for certificate-based authentication) to the specified Onboard Administrator user account. To add the certificate: a. Start with a string that does not appear within the certificate (the end marker). b. Insert a newline character by pressing Enter. c. Paste in the certificate. d. Insert a newline character by pressing Enter. e. Insert the end marker. f. Issue the command by pressing Enter. Two-Factor Authentication commands 36 Failure to give a proper end marker before and after the certificate might cause the interface to wait for the appropriate end marker indefinitely. • Access level/Bay level: OA administrator • Restrictions: o This command is only available in script mode. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. SHOW CA CERTIFICATES • • Command: SHOW CA CERTIFICATES Description: Displays a list of installed CA certificates • Access level/Bay level: OA Administrator • Restrictions: None • Example: OA-0016355E560A> SHOW CA CERTIFICATE Details for ca certificate 1 certificateVersion = 3 issuerOrganization = ca.com issuerOrganizationalUnit = IT Infrastructure issuerCommonName = Hewlett-Packard Primary Class 2 Certification Authority subjectOrganization = hp.com subjectOrganizationalUnit = IT Infrastructure subjectCommonName = Hewlett-Packard Primary Class 2 Certification Authority validFrom = 1997-12-30T00:00:00Z validTo = 2012-12-29T23:59:59Z serialNumber =83:B7:1B:E9:27:AB:5C:61:F8:8F:90:30:E:0D:17:DE:C6 extensionCount = 7 md5Fingerprint = B6:22:5B:B8:43:CD:1A:66:64:19:33:B:3:C1:80:BF:B6 sha1Fingerprint = CF:5C:89:7B:84:7B:73:C4:C5:3E:3F:E:7:93:09:53:EB:C4:28:BE:CF SHOW TWOFACTOR INFO • • Command: SHOW TWOFACTOR INFO Description: Displays the configuration details for Two-Factor Authentication Two-Factor Authentication commands 37 • Access level/Bay level: All • Restrictions: None • Example: OA-0018FE27577F> SHOW TWOFACTOR INFO Two Factor Authentication: Enabled : Disabled Certificate Revocation : Disabled Certificate Owner Field : Subject Two-Factor Authentication commands 38 Directory commands ADD LDAP CERTIFICATE • • Command: ADD LDAP CERTIFICATE <\n> <\n> Description: Adds an LDAP certificate on the command line. To add the certificate: a. Start with a string that does not appear within the certificate (the end marker). b. Insert a newline character by pressing Enter. c. Paste in the certificate. d. Insert a newline character by pressing Enter. e. Insert the end marker. f. Issue the command by pressing Enter. Failure to give a proper end marker before and after the certificate might cause the interface to wait for the appropriate end marker indefinitely. • Access level/Bay level: OA administrator • Restrictions: o The certificate text cannot exceed 3071 characters. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. ADD LDAP GROUP • • Command: ADD LDAP GROUP " " Description: Adds an LDAP group to the group. This group must match a group in the directory server. • Access level/Bay level: OA administrator • Restrictions: o The maximum number of LDAP groups is 30. o Group name must be 1 to 255 characters in length. o Character set includes all printable characters, except quotation marks and new lines. o The group name must start with an alpha character. Directory commands 39 ASSIGN for LDAP • • Command: ASSIGN {SERVER | INTERCONNECT} { | ALL | - } {" " | LDAP GROUP " "} *OR* ASSIGN OA {" " | LDAP GROUP " "} Description: Assigns the bay to a specified LDAP group, providing access to the bay at the access level of the group • Access level/Bay level: OA administrator • Restrictions: None ASSIGN OA LDAP GROUP • • Command: ASSIGN OA {" " | LDAP GROUP " "} Description: Assigns access to the Onboard Administrator to the specified group • Access level/Bay level: OA administrator • Restrictions: None DISABLE LDAP NOTE: If LDAP is enabled, local accounts are disabled, and the LDAP server becomes unavailable, you can recover by booting into Lost Password mode. When booting in Lost Password mode, the local Administrator password will be reset, LDAP is disabled, and Local Logins are re-enabled • Command: DISABLE LDAP • Description: • Disables directory authentication • Access level/Bay level: OA administrator • Restrictions: None Directory commands 40 DOWNLOAD LDAP CERTIFICATE • • • Command: DOWNLOAD LDAP CERTIFICATE " " Description: o Downloads an LDAP certificate to establish a trusted relationship with the LDAP server. o The specifies the location of the certificate to be downloaded. o Supported protocols are HTTP, FTP, and TFTP. o Format the URL as protocol://host/path/file. o The URL syntax for IPv4 addresses is protocol:// /path/file. o The URL syntax for IPv6 addresses is protocol://[ ]/path/file. o If your FTP server does not support anonymous connections, then you can specify a user name and password in the format ftp://username:password@host/path/file. Access level/Bay level: OA administrator • Restrictions: When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. ENABLE LDAP NOTE: If LDAP is enabled, local accounts are disabled, and the LDAP server becomes unavailable, you can recover by booting into Lost Password mode. When booting in Lost Password mode, the local Administrator password will be reset, LDAP is disabled, and Local Logins are re-enabled • • • Command: ENABLE LDAP [NOLOCAL] Description: Enables directory authentication. If you use the NOLOCAL option, local users are not enabled. Access level/Bay level: OA administrator • Restrictions: Before you can enable LDAP, configuration must be complete. REMOVE LDAP CERTIFICATE • • Command: REMOVE LDAP CERTIFICATE " " Description: o Removes the trust certificate corresponding to the MD5 . Directory commands 41 o • This command revokes trust in the LDAP server associated with the certificate. Access level/Bay level: OA administrator • Restrictions: None REMOVE LDAP GROUP • • Command: REMOVE LDAP GROUP {ALL | " "} Description: Removes the LDAP group from the system. If you specify ALL, then all LDAP groups are removed from the system. • Access level/Bay level: OA administrator • Restrictions: Before you can enable the LDAP group, configuration must be complete. SET LDAP GROUP ACCESS • • • Command SET LDAP GROUP ACCESS " " {ADMINISTRATOR | OPERATOR | USER} Description: o Sets the LDAP group access level. o Additionally, use the ASSIGN OA command to give a user or group rights to the Onboard Administrator. Access level/Bay level: OA administrator • Restrictions: None SET LDAP GROUP DESCRIPTION • • Command: SET LDAP GROUP DESCRIPTION " " " " Description: Sets the LDAP group description field • Access level/Bay level: OA administrator • Restrictions: Directory commands 42 o Must be 0 to 58 characters in length. o Valid characters are all alphanumeric, the underscore (_), the dash (-), and spaces. o If the group name or description field contains spaces or zero characters, use double quotes. SET LDAP NAME MAP • • Command: SET LDAP NAME MAP {ON|OFF} Description: Turns on NT name mapping to enable the user to enter their NT domain\username • Access level/Bay level: OA administrator • Restrictions: None SET LDAP GCPORT • • Command: SET LDAP GCPORT { | NONE } Description: Sets the TCP port number of the LDAP Global Catalog SSL service. Port 3269 is the standard value. • Access level/Bay level: OA administrator • Restrictions: The valid port number range is 1 to 65535. SET LDAP PORT • • Command: SET LDAP PORT { | NONE } Description: Sets the TCP port number of the LDAP SSL service. Port 636 is the standard value. • Access level/Bay level: OA administrator • Restrictions: The valid port number range is 1 to 65535 SET LDAP SEARCH • Command: Directory commands 43 • SET LDAP SEARCH {1-6 } " " Description: Sets up to six search contexts in priority order • Access level/Bay level: OA administrator • Restrictions: None SET LDAP SERVER • • • Command: SET LDAP SERVER { | | NONE } Description: o Sets the IP address or the DNS name of the LDAP server used for authentication. o To set the LDAP server field to blank, use keyword NONE. Access level/Bay level: OA administrator • Restrictions: can be either an IPv4 address or an IPv6 address. IPv6 addresses must be informed without the network prefix length. o IPv4 address—###.###.###.### where ### ranges from 0 to 255 o IPv6 address—####:####:####:####:####:####:####:#### where #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. SHOW LDAP CERTIFICATE • • Command: SHOW LDAP CERTIFICATE Description: Displays all LDAP certificates that are in effect on the Onboard Administrator • Access level/Bay level: OA administrator • Restrictions: None • Example: OA-0016355E560A> SHOW LDAP CERTIFICATE 1 Certificate name: 17D6A5ECBF51A1A47D44C1CDD29D19EE.pem -----BEGIN CERTIFICATE----MIIHIzCCBgugAwIBAgIKFTKZbQAAAFx1EDANBgkqhkiG9w0BAQUFADB4MRMwEQYK CZImiZPyLGQBGRYDbmV0MRcwFQYKCZImiZPyLGQBGRYHY3BxY29ycDEbMBkGCgmS JomT8ixkARkWC2FzaWFwYWNpZmljMSswKQYDVQQDEyJIUFEgSXNzdWluZyBDQSBB c2lhLVBhY2lmaWMgUmVnaW9uMB4XDTA3MTAyMDIyMzU0M1oXDTA5MTAxOTIyMzU0 Directory commands 44 M1owKTEnMCUGA1UEAxMeY2NlZ2NhbTAxLmFtZXJpY2FzLmhwcWNvcnAubmV0MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNYsB8T6rJhJQXbKvM5JLi6EXNAtFL ayV11QVyrtjRtOjRGySwFCk9KNzRS7PIP/p9gH20Ic+ZvgX0fRPnnU/2imMeTGr2 raIYGRSFBJ4sCpAP87m/7Hzk0kiyZ+7KJq92Q61Pipkea................... -----END CERTIFICATE----- SHOW LDAP GROUP • • Command: SHOW LDAP GROUP {LIST | " "} Description: This command displays the LDAP group information. If you specify LIST, then a list of all the LDAP groups appears. • Access level/Bay level: OA administrator, OA operator, OA user • Restrictions: None • Example: OA-0018FE27577F> SHOW LDAP GROUP LIST Privilege LDAP Group / Level Description ----------- ---------------Operator Widget.OPS.Team@hp.com Widget operators SHOW LDAP INFO • • Command: SHOW LDAP INFO Description: Displays the LDAP settings, including enabled or disabled status, LDAP server, LDAP port, search contexts, and NT mapping state • Access level/Bay level: All • Restrictions: None • Example: OA-0018FE27577F> show ldap info Directory Services (LDAP) Enabled Local Users Enabled NT Name Mapping Directory Server Directory Server SSL Port Search Context #1 Search Context #2 Search Context #3 : : : : : : : : Disabled Enabled Disabled 0 Directory commands 45 Search Context #4 Search Context #5 Search Context #6 : : : TEST LDAP • Command: TEST LDAP " " " " • Description: Run LDAP tests and optionally attempt to login to the LDAP server using the username and password. • Access level/Bay level: OA administrator • Restrictions: None UNASSIGN for LDAP • • Command: UNASSIGN {SERVER | INTERCONNECT} { | ALL | - } {" " | LDAP GROUP " "} *OR* UNASSIGN OA {" " | LDAP GROUP " "} Description: Disables access to the bays for the group specified • Access level/Bay level: OA administrator • Restrictions: None UNASSIGN OA LDAP GROUP • • Command: UNASSIGN OA {" " | LDAP GROUP " "} Description: Disables access to the Onboard Administrator for the group specified • Access level/Bay level: OA administrator • Restrictions: None Directory commands 46 HP SIM commands ADD HPSIM CERTIFICATE • • Command: ADD HPSIM CERTIFICATE <\n> <\n> Description: Adds an HP SIM certificate on the command line. To add the certificate: a. Start with a string that does not appear within the certificate (the end marker). b. Insert a newline character by pressing Enter. c. Paste in the certificate. d. Insert a newline character by pressing Enter. e. Insert the end marker. f. Issue the command by pressing Enter. Failure to give a proper end marker before and after the certificate might cause the interface to wait for the appropriate end marker indefinitely. • Access level/Bay level: OA administrator • Restrictions: o This command is only available in script mode. o The certificate text cannot exceed 3071 characters. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. DOWNLOAD HPSIM CERTIFICATE • • • Command: DOWNLOAD HPSIM CERTIFICATE { } Description: o Downloads an HP SIM certificate from the specified IP address or fully-qualified DNS system name (for example, nwest-office.acme.com). o The value can be an IPv4 address, an IPv6 address, or a DNS name. o For IPv4, specify the address in the form ###.###.###.###, where each ### ranges from 0 to 255. o For IPv6, specify the address in the form ####:####:####:####:####:####:####:####, where each #### ranges from 0 to FFFF. Access level/Bay level: HP SIM commands 47 OA administrator • Restrictions: o Do not include the network prefix length with IPv6 addresses. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. o Onboard Administrator 4.11 and later contains HP SSO application support for determining the minimum SSO certificate requirements. REMOVE HPSIM CERTIFICATE • • Command: REMOVE HPSIM CERTIFICATE " " Description: Removes the trust certificate corresponding to the . Disables HP SIM SSO through the application (for example HP SIM) that provided the certificate without disabling other HP SIM applications. The can be obtained using the SHOW HPSIM INFO command. • Access level/Bay level: OA administrator • Restrictions: None SET HPSIM TRUST MODE • • Command: SET HPSIM TRUST MODE {CERTIFICATE [ON] | DISABLED [OFF]} Description: Enables or disables the HP SIM SSO mode. When enabled, the trusted applications can access the Onboard Administrator GUI data without requiring additional authentication. • Access level/Bay level: OA administrator • Restrictions: The CERTIFICATE (On) mode trusts only applications with certificates that have been uploaded to the Onboard Administrator. SHOW HPSIM INFO • • Command: SHOW HPSIM INFO Description: Displays the current HP SIM SSO configuration for the Onboard Administrator. HP SIM commands 48 The data includes the current HP SIM SSO Trust Mode (see SET HPSIM TRUST MODE) and a list of names that the Onboard Administrator is configured to trust using a trust certificate. • Access level/Bay level: OA administrator • Restrictions: None • Example: OA-0018FE27577F> SHOW HPSIM INFO HPSIM Trust Mode: Disabled Trusted Server Certificates No certificates were found. HP SIM commands 49 General management commands DISABLE URB • • Command: DISABLE URB Description: Disables URB reporting. • Access level/Bay level: OA Administrator, OA Operator • Restrictions: None • Example: OA-0018FE27577F> disable urb Utility Ready Blade (URB) reporting has been disabled. DOWNLOAD OA CERTIFICATE • • • Command: DOWNLOAD OA CERTIFICATE [ | ACTIVE | STANDBY] Description: o Downloads a CA supplied pkcs#7 file to replace the current security certificate on the system. o If the bay number is not specified, the certificate is generated for the current Onboard Administrator. o Specify a URL where this certificate can be found. o Supported protocols are HTTP, FTP, and TFTP. o Format the URL as protocol://host/path/file. o The URL syntax for IPv4 addresses is protocol:// /path/file. o The URL syntax for IPv6 addresses is protocol://[ ]/path/file. o If your FTP server does not support anonymous connections, you can specify a user name and password in the format ftp://username:password@host/path/file. Access level/Bay level: OA administrator • Restrictions: When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. General management commands 50 ENABLE URB • • Command: ENABLE URB { HTTP | SMTP | BOTH } Description: Enables URB reporting • Access level/Bay level: OA Administrator, OA Operator • Restrictions: The URB URL and interval must be set before enabling URB reporting. • Example: OA-0018FE275723> enable urb Utility Ready Blade (URB) reporting has been enabled. FORCE TAKEOVER • • Command: FORCE TAKEOVER Description: Forces the redundant Onboard Administrator to become the active Onboard Administrator. The active becomes the standby and the standby becomes the active. • Access level/Bay level: OA administrator • Restrictions: None GENERATE CERTIFICATE • • Command: GENERATE CERTIFICATE [REQUEST | SELFSIGNED] Description: o Generates a pkcs#10 certificate request or a self-signed certificate. You are prompted for the following fields to generate a certificate: — OA Host Name (CN) — Organization Name (O) — City or Locality (L) — State or Province (ST) — Country (C) — Organizational Unit — Contact Person General management commands 51 — Email Address — Surname — Given Name — Alternative Name — Initials — DN Qualifier — Challenge Password — Unstructured Name o • The Alternative Name field is used to create the X509v3 Subject Alternative Name extension attribute. The field must be empty or contain a list of keyword:value pairs separated by commas. The valid keyword:value entries include IP: and DNS: . Access level/Bay level: OA administrator • Restrictions: This command is not valid in SCRIPT MODE. GENERATE CERTIFICATE prompts Prompt Description Restrictions OA Host Name (CN) This is the most important field. This is the Onboard Administrator name that appears in the browser web address field. This certificate attribute is generally referred to as the common name. Must be 1 to 60 characters long. To prevent security alerts, the value of this field must match the host name exactly as it is known by the web browser. The browser compares the host name in the resolved web address to the name that appears in the certificate. For example, if the web address in the address field is https://oa-001635.xyz.com, then the value must be oa-001635.xyz.com. Organization Name (O) The company or organization that owns this Onboard Administrator. When this information is used to generate a certificate signing request, the issuing certificate authority can verify that the organization requesting the certificate is legally entitled to claim ownership of the given company name or organization name. The city or locality where the Onboard Administrator is located. The state or province where the Onboard Administrator is located. The two-character country code that identifies the country Must be 1 to 60 characters long. City or Locality (L) State or Province (ST) Country (C) Must be 1 to 50 characters long. Must be 1 to 30 characters long. Must be a two-character country code. General management commands 52 Prompt Description Organizational Unit Contact Person Email Address Surname Given Name Alternative Name Initials DN Qualifier Challenge Password Unstructured Name where the Onboard Administrator is located. The unit within the company or organization that owns the Onboard Administrator. The person responsible for the Onboard Administrator. The email address of the contact person responsible for the Onboard Administrator. The surname of the person responsible for the Onboard Administrator. The given name of the person responsible for the Onboard Administrator. An alternative name of the person responsible for the Onboard Administrator. The name is used for creating the X509v3 Subject Alternative Name extension attribute. The initials of the person responsible for the Onboard Administrator. The distinguished name qualifier of the Onboard Administrator. The password to the certificate-signing request. This is for additional information (for example, an unstructured name that is assigned to the Onboard Administrator). Restrictions (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 512 characters long. The field must either be empty or contain a list of keyword:value pairs separated by commas. The valid keyword:value entries include IP: and DNS: . (Optional) Must be 0 to 20 characters long. (Optional) Must be 0 to 60 characters long. (Optional) Must be 0 to 20 characters long. (Optional) Must be 0 to 60 characters long. GENERATE KEY • • • Command: GENERATE KEY { ALL | SECURESH | SSL } [ 1024 | 2048 ][HASH_ALGORITHM {SHA1 | SHA-224 | SHA-256 | SHA-384 | SHA-512}] Description: o Generates new private keys associated with the Onboard Administrator SSH service or SSL web services. o If the optional key size is not specified, 2048 is the default. o If the hash algorithm is not specified, SHA-256 is the default for SSL keys. o Any self-signed or uploaded web service certificates generated using existing keys are reset. o The key type is always RSA. Access level/Bay level: General management commands 53 OA administrator • Restrictions: o The SHA-224 hash algorithm may not work with some web browsers without the latest encryption libraries. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. PING • • • Command: PING [IPv6 [INTERNAL]] [ ] {ip address> | " "} Description: o Sends ICMP echo messages to a remote IP device. o If INTERNAL is specified, the command tries to reach only those hosts internal to the enclosure (iLO or interconnect management interfaces only). o If is omitted, then only four packets are sent. If is zero, then the command attempts to trace the network route to the host (IPv4 only). o Specify an IPv4 address in the form ###.#i##.###.###, where each ### ranges from 0 to 255. o Specify an IPv6 address in the form ####:####:####:####:####:####:####:####, where each #### ranges from 0 to FFFF. o Packets are sent out at one-second intervals to prevent strain on the network. Access level/Bay level: All • Restrictions: o The value cannot be greater than 9999 or negative. A greater than 9999 results in an error or four packets being sent. A negative number results in an error. SET DEVICE SERIAL_NUMBER BLADE • • Command: SET DEVICE SERIAL_NUMBER BLADE " " Description: Sets the serial number of the specified Storage, Tape, or I/O expansion blade. • Access level/Bay level: OA administrator • Restrictions: o Length must be 10 characters. All printable characters are allowed. o This operation cannot be performed on server blades. General management commands 54 SET FACTORY • • Command: SET FACTORY Description: o Restores the Onboard Administrator to its factory defaults. The Administrator account password does not change. o The Onboard Administrator restarts after all changes are made. o All existing settings are lost when this operation is run. IMPORTANT: Before resetting factory defaults, save your configuration. To upload a script containing your current configuration, use the UPLOAD CONFIG (on page 139) command. You can use this script later to restore settings that are lost after a factory reset. NOTE: After a factory reset, the enclosure IPv6 network settings (IPv6, SLAAC, and DHCPv6) are enabled by default. • Access level/Bay level: OA administrator • Restrictions: You cannot run SET FACTORY in FIPS Mode ON/DEBUG. SET SCRIPT MODE • • • Command: SET SCRIPT [MODE] {ON | OFF} Description: o This command ceases all prompting and verifying of entries when SCRIPT MODE is on. o The ADD USER command must have a password argument if executed in SCRIPT MODE. o Default values are used for any parameters that would normally require user interaction. o This setting is only effective for the current CLI session. Access level/Bay level: All • Restrictions: None SET URB • • Command: SET URB [ URL | INTERVAL | PROXY URL | SMTPSERVER | MAILBOX ] Description: Sets settings for URB reporting SET URB URL { } sets the URB endpoint URL. General management commands 55 SET URB PROXY URL { } sets the proxy URL to use when sending URB messages. • SET URB INTERVAL { HOURLY | DAILY | WEEKLY | MONTHLY } sets the interval at which URB messages are sent. Access level/Bay level: OA Administrator, OA Operator • Restrictions: SET URB URL { }: The URL must be either an HTTP or HTTPS URL and can be no longer than 128 characters. SET URB PROXY URL { }: The URL can be no longer than 128 characters. SET URB INTERVAL { HOURLY | DAILY | WEEKLY | MONTHLY }: o The minutes parameter must be 0-59. o The DAILY hour parameter must be 0-23. o The WEEKLY day parameter must be 1-7 where 1 is Sunday and 7 is Saturday. o The MONTHLY day parameter must be 1-31. SHOW ALL • • • Command: SHOW ALL Description: Executes all SHOW commands in succession Access level/Bay level: All • • Restrictions: o This command only displays the bays for which you have privileges. o To save the output, you must configure your Telnet software to log the session to a file or increase the history buffer size so that the output can be copied and pasted into another file. o The SHOW ALL command is a series of individual CLI commands, as shown in the example that follows. For specific command output examples, see the individual commands in this guide. Example: C3000-OA2> show all >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW HEALTH CONFIG DATE DISPLAY EVENT EBIPA EBIPAV6 ENCLOSURE FAN ALL ENCLOSURE INFO ENCLOSURE LCD ENCLOSURE POWER_CAP ENCLOSURE POWER_CAP_BAYS_TO_EXCLUDE ENCLOSURE POWERSUPPLY ALL General management commands 56 >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW ENCLOSURE POWER_SUMMARY ENCLOSURE STATUS ENCLOSURE TEMP FIPS MODE OA INFO OA NETWORK OA STATUS ALL OA UPTIME ALL OA CERTIFICATE SYSLOG OA 1 SYSLOG OA 2 SYSLOG HISTORY SYSLOG HISTORY 0 1 SYSLOG HISTORY 0 2 NETWORK POWER RACK NAME RACK INFO SECURESH SERVER KEX DHG1 SNMP SNMP USER LIST SSHFINGERPRINT SSHKEY HPSIM INFO INTERCONNECT INFO ALL INTERCONNECT LIST INTERCONNECT LIST IPV6 INTERCONNECT SESSION INTERCONNECT STATUS ALL INTERCONNECT PORT MAP ALL INTERCONNECT POWERDELAY ALL SERVER LIST SERVER LIST IPV6 SERVER NAMES FRU SERVER INFO ALL SERVER PORT MAP ALL SERVER STATUS ALL SERVER TEMP ALL SERVER DVD ALL SERVER POWERDELAY ALL SERVER BOOT ALL SYSLOG SERVER ALL SYSLOG ILO ALL TOPOLOGY TOPOLOGY IPV6 USBKEY USER (current user) USER LIST LDAP INFO LDAP CERTIFICATE LDAP GROUP LIST CA CERTIFICATE TWOFACTOR INFO PASSWORD SETTINGS UPDATE SYSLOG SETTINGS VCMODE SESSION TIMEOUT General management commands 57 >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW >SHOW VLAN URB FIRMWARE SUMMARY FIRMWARE SUMMARY CSV FIRMWARE MANAGEMENT FIRMWARE MANAGEMENT LOG FIRMWARE LOG SERVER ALL SERVER FIRMWARE ALL REMOTE_SUPPORT REMOTE_SUPPORT CERTIFICATE REMOTE_SUPPORT EVENT DEVICE SERIAL_NUMBER BLADE ALL SOLUTIONSID LOGIN_BANNER LANGUAGES VARIABLE LIST SHOW DEVICE SERIAL_NUMBER BLADE • • Command: SHOW DEVICE SERIAL_NUMBER BLADE Description: Shows the specified direct attached blade device serial number • • Access level/Bay level: o All o Bay specific Restrictions: Dependent on bay privileges • Example: OA-0016355E560A> SHOW DEVICE SERIAL_NUMBER BLADE 1 Serial Number: USM81500RP SHOW URB • • Command: SHOW URB Description: Displays the URB reporting settings • Access level/Bay level: OA Administrator, OA Operator • Restrictions: None • Example: OA-0018FE275723> show urb URB Reporting: Enabled URB Endpoint URL: General management commands 58 URB Proxy URL: URB Interval: Last Attempt: Daily at hour 0 None TEST URB • • Command: TEST URB Description: Manually sends the URB message to the endpoint. This command can be useful for testing the configuration or resending a message after a failure. If the test fails, executing the TEST URB command updates the last attempt status and log a syslog message. • Access level/Bay level: OA Administrator, OA Operator • Restrictions: Only works if URB reporting is enabled • Example: OA-0018FE27577F> test urb The OA is preparing to send a Utility Ready Blade (URB) notification. Once the message has been sent, the status will be reflected in the SHOW URB command. General management commands 59 Enclosure Bay IP Addressing commands ADD EBIPA • • Command: ADD EBIPA {SERVER | INTERCONNECT} DNS [{ , | - } ] Description: Adds a DNS server IP address to the list of DNS servers for either SERVER bays or INTERCONNECT bays • Access Level/Bay level: Administrator, Operator • Restrictions: o A maximum of three DNS servers can be added for EBIPA. o The must be in the form ###.###.###.###, where each ### ranges from 0 to 255. ADD EBIPAV6 • • Command: ADD EBIPAV6 { SERVER | INTERCONNECT } DNS [ ALL | [{ , | - } ] ] Description: Adds an EBIPA DNS server IPv6 address to the list of DNS servers for either server bays or interconnect bays. • Access Level/Bay level: OA administrator, OA operator • Restrictions: o A maximum of three IPv6 DNS servers can be added for EBIPA. o A bay number or bay range may be specified. If no bay number or bay range is specified, the IPv6 DNS server is added to all servers or interconnects. o The must be in the form ####:####:####:####:####:####:####:####/###, where #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. DISABLE EBIPAV6 • Command: DISABLE EBIPAV6 { SERVER | INTERCONNECT } [ ALL | [{ , | - } ] ] Enclosure Bay IP Addressing commands 60 • Description: Disables the ability of the Onboard Administrator to give devices in the bays IPv6 addresses using DHCPv6. If no bay numbers are specified, then EBIPA IPv6 is disabled for all bays. Devices in bays receive IP addresses from an external server. This causes a reset of the iLO, which causes it to attempt to get an IPv6 address from an external DHCPv6 server. The interconnect is power-cycled. • Access level/Bay level: Administrator, Operator • Restrictions: None ENABLE EBIPA CAUTION: This command can cause a loss of connectivity to the configured devices or interconnects. • • Command: ENABLE EBIPA {SERVER|INTERCONNECT} [ALL | [{ , | - } ]] Description: Enables the Onboard Administrator to provide IP addresses to the devices in the bays using DHCP. If you do not specify any bay numbers, then EBIPA is enabled for all bays. DHCP traffic from iLO and the switch modules can no longer go outside the enclosure. This causes a reset of the iLO, which causes it to attempt to get an IP address. The interconnect is power-cycled. • Access level/Bay level: Administrator, Operator • Restrictions: Before using this command you must set up the EBIPA settings. This includes setting the initial IP address, the netmask, and the default gateway. ENABLE EBIPAV6 CAUTION: This command can cause a loss of connectivity to the configured devices or interconnects. • • Command: ENABLE EBIPAV6 { SERVER | INTERCONNECT } [ ALL | [{ , | - } ] ] Description: Enables the Onboard Administrator to provide IPv6 addresses to the servers or interconnects in the bays using DHCPv6. If no bay numbers are specified, then EBIPA IPv6 is enabled for all bays. Enclosure Bay IP Addressing commands 61 • Access level/Bay level: OA administrator, OA operator • Restrictions: Before using this command, you must set up the EBIPA IPv6 settings. This includes setting the initial IP address. REMOVE EBIPA • • Command: REMOVE EBIPA {SERVER|INTERCONNECT} DNS [{ , | - } ] Description: Removes the DNS server specified by the from the list of DNS servers for either SERVER bays or INTERCONNECT bays • Access level/Bay level: Administrator, Operator • Restrictions: The and must be in the form ###.###.###.###, where each ### ranges from 0 to 255. REMOVE EBIPAV6 • • Command: REMOVE EBIPAV6 { SERVER | INTERCONNECT } DNS [ ALL | [{ , | - } ] ] Description: Removes an EBIPA DNS server IPv6 address from the list of DNS servers for either server bays or interconnect bays. • Access level/Bay level: OA administrator, OA operator • Restrictions: o A bay number or bay range may be specified. If no bay number or bay range is specified, the IPv6 DNS server is removed from all servers or interconnects. o The must be in the form ####:####:####:####:####:####:####:####/###, where #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. SAVE EBIPA • • Command: SAVE EBIPA Description: Saves EBIPA settings for server bays or interconnect bays. Enclosure Bay IP Addressing commands 62 • Access level/Bay level: OA administrator, OA operator • Restrictions: If SCRIPT MODE is ON when EBIPA is configured (either by running EBIPA commands manually using the CLI or downloading a configuration script using the DOWNLOAD CONFIG (on page 86) command), you must include the SAVE EBIPA command to ensure all EBIPA settings are saved. SAVE EBIPAV6 • • Command: SAVE EBIPAV6 Description: Saves EBIPA IPv6 settings for device or interconnect bays. • Access level/Bay level: OA administrator, OA operator • Restrictions: If SCRIPT MODE is ON when EBIPA is configured (either by running EBIPA commands manually using the CLI or downloading a configuration script using the DOWNLOAD CONFIG (on page 86) command), you must include the SAVE EBIPA command to ensure all EBIPA settings are saved. SET EBIPA INTERCONNECT • • Command: SET EBIPA INTERCONNECT { } | { NETMASK } | { GATEWAY } | { DOMAIN } | { NTP PRIMARY | SECONDARY } [ ALL | [{- | ,} ] ] Description: Sets EBIPA settings for interconnect bays. If the bay number parameter is not specified, the settings are applied to all interconnect bays. You can specify an IP fixed address for a specific bay, or you can specify the starting IP fixed address for a range of bays, where EBIPA automatically assigns consecutive addresses to the bays in the range, starting with the specified address. You can specify a domain name for a specific bay or range of bays. NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay. To clear the IP address and netmask values, use keywords NONE NONE. For example, to clear the address and netmask for bay 3, specify this command: SET EBIPA INTERCONNECT NONE NONE 3 To clear a specific bay, use the bay number. • Access level/Bay level: Enclosure Bay IP Addressing commands 63 OA administrator, OA operator • Restrictions: o The and must be in the form ###.###.###.###, where each ### ranges from 0 to 255. o Do not use the 169.254.x.x range when configuring EBIPA-assigned addresses, as this network address range is reserved for use by the Onboard Administrator. o The is a string containing letters (a–z, A–Z), digits (0–9), or a dash (-). The OA accepts domain name character strings subject to the following constraints: — The string must be between 1 and 255 characters in length. — The characters are case insensitive. — The first character of the domain name must be alphanumeric, while the last character can be either alphanumeric or a period. — The characters between the first and last character can be alphanumeric, dash or period. — If one or more periods appear in the name, they are used to delimit labels. — Labels are between 1 and 63 characters long and begin and end with an alphanumeric character. — The last label is referred as the top-level domain and cannot consist of all numeric characters. SET EBIPA SERVER • • Command: SET EBIPA SERVER { } | { NETMASK } | { GATEWAY } | { DOMAIN } [ ALL | [{- | ,} ] ] Description: Sets EBIPA settings for device server bays. If the bay number parameter is not specified, the settings will be applied to all device bays. You can specify an IP fixed address for a specific bay, or you can specify the starting IP fixed address for a range of bays, where EBIPA automatically assigns consecutive addresses to the bays in the range, starting with the specified address. You can specify a domain name for a specific bay or range of bays. NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay. To clear the IP address and netmask values, use keywords NONE NONE. For example, to clear the address and netmask for bay 3, specify this command: SET EBIPA SERVER NONE NONE 3 To clear a specific bay, use the bay number. • Access level/Bay level: OA administrator, OA operator • Restrictions: Enclosure Bay IP Addressing commands 64 o The and must be in the form ###.###.###.###, where each ### ranges from 0 to 255. o Do not use the 169.254.x.x range when configuring EBIPA-assigned addresses, as this network address range is reserved for use by the Onboard Administrator. o The is a string containing letters (a–z, A–Z), digits (0–9), or a dash (-). The OA accepts domain name character strings subject to the following constraints: — The string must be between 1 and 255 characters in length. — The characters are case insensitive. — The first character of the domain name must be alphanumeric, while the last character can be either alphanumeric or a period. — The characters between the first and last character can be alphanumeric, dash or period. — If one or more periods appear in the name, they are used to delimit labels. — Labels are between 1 and 63 characters long and begin and end with an alphanumeric character. — The last label is referred as the top-level domain and cannot consist of all numeric characters. SET EBIPAV6 INTERCONNECT • • Command: SET EBIPAV6 INTERCONNECT { {/prefix length}} | {DOMAIN } {GATEWAY } | [ ALL | [{- | ,} ]] Description: Sets EBIPA IPv6 address settings for interconnect bays. If the bay number is not specified, the settings will apply to all interconnects. You can specify an IPv6 fixed address for a specific bay, or you can specify the starting IPv6 fixed address for a range of bays, where EBIPA automatically assigns consecutive addresses to the bays in the range, starting with the specified address. (See the following example.) You can specify a domain name for a specific bay or range of bays. NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay. To clear the IPv6 address, use the keyword NONE. For example, to clear the address for bay 3, specify the following command: SET EBIPAV6 INTERCONNECT NONE 3 • Access level/Bay level: OA administrator, OA operator • Restrictions: o The must be in the form ####:####:####:####:####:####:####:####/###, where #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. Enclosure Bay IP Addressing commands 65 o The /prefix length ranges from 0 to 128. The prefix length is mandatory except when specifying the gateway address. o Do not use the fe80::/10 prefix when configuring EBIPA-assigned addresses, as this network prefix is reserved for link local SLAAC addresses. o For the gateway, do not specify a prefix. The gateway is assumed reachable from within the network. Regardless of the type of IPv6 address specified, the interconnect GUI always displays the Link-Local IPv6 address of the gateway. If no gateway exists at the Link-Local IPv6 address, no gateway will be configured on the interconnects. o The is a string containing letters (a–z, A–Z), digits (0–9), or a dash (-). To clear the domain name, use an empty string enclosed by double quotes (""). o For EBIPA IPv6 fixed addresses to be successfully configured, the IPv6 protocol must be enabled. To enable this setting, see the ENABLE IPV6 (on page 90, "ENABLE EBIPAV6" on page 61) command. The SLAAC and DHCPv6 settings have no effect on EBIPA IPv6 functionality. • Example: OA-A0B3CCE63B65> set ebipav6 interconnect 4001::5aaa/64 Entering anything other than 'YES' will result in the command not executing. It may take each interconnect several minutes to acquire the new settings. Are you sure interconnect Successfully Successfully Successfully Successfully you want to change the bays? yes set interconnect bay # set interconnect bay # set interconnect bay # set interconnect bay # IPv6 address for the specified 1 2 3 4 to to to to IPv6 IPv6 IPv6 IPv6 address address address address 4001::5aaa/64 4001::5aab/64 4001::5aac/64 4001::5aad/64 For the IPv6 addresses to be assigned EBIPAv6 must be enabled. SET EBIPAV6 SERVER • • Command: SET EBIPAV6 SERVER { {/prefix length}} | {DOMAIN } {GATEWAY } | [ ALL | [{- | ,} ] ] Description: Sets EBIPA IPv6 address settings for server bays and resets the iLO processor. If the bay number parameter is not specified, the settings will be applied to all device bays. You can specify an IPv6 fixed address for a specific bay, or you can specify the starting IPv6 fixed address for a range of bays, where EBIPA automatically assigns consecutive addresses to the bays in the range, starting with the specified address. (See the following example.) You can specify a domain name for a specific bay or range of bays. NOTE: The Onboard Administrator documentation refers to EBIPA IP addresses as "fixed IP addresses" or "fixed DHCP addresses," meaning that each of these addresses is an IP address permanently associated with a specific bay number independent of the actual device currently attached to the bay. To clear the IPv6 address, use the keyword NONE. For example, to clear the address for bay 3, specify the following command: Enclosure Bay IP Addressing commands 66 • SET EBIPAV6 SERVER NONE 3 Access level/Bay level: OA administrator, OA operator • Restrictions: o The must be in the form ####:####:####:####:####:####:####:####/###, where #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. o The /prefix length ranges from 0 to 128. The prefix length is mandatory except when specifying the address of the gateway. o Do not use the fe80::/10 prefix when configuring EBIPA-assigned addresses, as this network prefix is reserved for link local SLAAC addresses. o For the gateway, do not specify a prefix. The gateway is assumed reachable from within the network. Regardless of the type of IPv6 address specified, the GUI always displays the Link-Local IPv6 address of the gateway. If no gateway exists at the Link-Local IPv6 address, no iLO gateway will be configured. o The is a string containing letters (a–z, A–Z), digits (0–9), or a dash (-). To clear the domain name, use an empty string enclosed by double quotes (""). o For EBIPA IPv6 fixed addresses to be successfully configured, the IPv6 protocol must be enabled. To enable this setting, see the ENABLE IPV6 (on page 90, "ENABLE EBIPAV6" on page 61) command. The SLAAC and DHCPv6 settings have no effect on EBIPA IPv6 functionality. • Example: OA-A0B3CCE63B65> set ebipav6 server 4001::4bbc/64 all Entering anything other than 'YES' will result in the command not executing. Changing the IPv6 address for device (iLO) bays that are enabled causes the iLOs in those bays to be reset. Are you sure device (iLO) Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully Successfully you want to change the IPv6 bays? yes set device (iLO) bay # 1 to set device (iLO) bay # 2 to set device (iLO) bay # 3 to set device (iLO) bay # 4 to set device (iLO) bay # 5 to set device (iLO) bay # 6 to set device (iLO) bay # 7 to set device (iLO) bay # 8 to set device (iLO) bay #1A to set device (iLO) bay #2A to set device (iLO) bay #3A to set device (iLO) bay #4A to set device (iLO) bay #5A to set device (iLO) bay #6A to set device (iLO) bay #7A to set device (iLO) bay #8A to set device (iLO) bay #1B to set device (iLO) bay #2B to set device (iLO) bay #3B to set device (iLO) bay #4B to address for the specified IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 IPv6 address address address address address address address address address address address address address address address address address address address address 4001::4bbc/64 4001::4bbd/64 4001::4bbe/64 4001::4bbf/64 4001::4bc0/64 4001::4bc1/64 4001::4bc2/64 4001::4bc3/64 4001::4bc4/64 4001::4bc5/64 4001::4bc6/64 4001::4bc7/64 4001::4bc8/64 4001::4bc9/64 4001::4bca/64 4001::4bcb/64 4001::4bcc/64 4001::4bcd/64 4001::4bce/64 4001::4bcf/64 Enclosure Bay IP Addressing commands 67 Successfully Successfully Successfully Successfully set set set set device device device device (iLO) (iLO) (iLO) (iLO) bay bay bay bay #5B #6B #7B #8B to to to to IPv6 IPv6 IPv6 IPv6 address address address address 4001::4bd0/64 4001::4bd1/64 4001::4bd2/64 4001::4bd3/64 For the IPv6 addresses to be assigned EBIPAv6 must be enabled. SHOW EBIPA • • Command: SHOW EBIPA Description: Displays EBIPA information • Access level/Bay level: Administrator, Operator, user • Restrictions: None • Example: OA-0018FE27577F> SHOW EBIPA EBIPA Device Server Settings Bay Enabled EBIPA/Current Netmask Gateway DNS Domain --- ------- --------------- --------------- --------------- -------------------1 Yes 172.16.211.111 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.211.111 172.16.0.2 172.16.0.3 1A Yes 172.16.211.119 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.0.2 172.16.0.3 1B Yes 172.16.211.127 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.0.2 172.16.0.3 2 Yes 172.16.211.112 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.211.112 172.16.0.2 172.16.0.3 2A Yes 172.16.211.120 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.0.2 172.16.0.3 2B Yes 172.16.211.128 255.255.0.0 172.16.0.1 172.16.0.1 test.com 172.16.0.2 172.16.0.3 3 Yes 172.16.211.113 255.255.0.0 172.16.0.1 172.16.0.1 test.com Enclosure Bay IP Addressing commands 68 3A Yes test.com 172.16.211.121 3B Yes test.com 172.16.211.129 4 Yes test.com 172.16.211.114 4A Yes test.com 172.16.211.122 4B Yes test.com 172.16.211.130 5 Yes test.com 172.16.211.115 5A Yes test.com 172.16.211.123 5B Yes test.com 172.16.211.131 6 Yes test.com 172.16.211.116 6A Yes test.com 172.16.211.124 6B Yes test.com 172.16.211.132 7 Yes test.com 172.16.211.117 7A Yes test.com 172.16.211.125 7B Yes test.com 172.16.211.133 255.255.0.0 255.255.0.0 255.255.0.0 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.211.114 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 255.255.0.0 172.16.0.2 172.16.0.3 Enclosure Bay IP Addressing commands 69 8 Yes test.com 172.16.211.118 8A Yes test.com 172.16.211.126 8B Yes test.com 172.16.211.134 255.255.0.0 255.255.0.0 255.255.0.0 172.16.0.1 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.1 172.16.0.2 172.16.0.3 172.16.0.1 172.16.0.2 172.16.0.3 EBIPA Device Interconnect Settings Bay Enabled EBIPA/Current Netmask Gateway DNS NTP Domain --- ------- --------------- --------------- --------------- ----------------------------- -----1 Yes 172.16.211.183 255.255.0.0 172.16.0.1 172.16.0.1 2.3.4.5 testIO.com 0.0.0.0 2 Yes 172.16.211.184 255.255.0.0 172.16.0.1 172.16.0.1 2.3.4.5 testIO.com 0.0.0.0 3 Yes 172.16.211.185 255.255.0.0 172.16.0.1 172.16.0.1 2.3.4.5 testIO.com 4 Yes 172.16.211.186 255.255.0.0 172.16.0.1 172.16.0.1 2.3.4.5 testIO.com SHOW EBIPAV6 • • Command: SHOW EBIPAV6 Description: Displays EBIPA IPv6 information • Access level/Bay level: Administrator, Operator, user • Restrictions: None • Example: OA-0018FE27577F> SHOW EBIPAV6 EBIPAv6 Device Blades Settings Bay: 1 Enabled: Yes EBIPA: 1000::500:10:2/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Enclosure Bay IP Addressing commands 70 Bay: 1B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 2 Enabled: Yes EBIPA: 1000::500:10:2/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 2A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 2B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 3 Enabled: Yes EBIPA: 1000::500:10:3/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 3A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 3B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) Enclosure Bay IP Addressing commands 71 DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 4 Enabled: Yes EBIPA: 1000::500:10:4/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 4A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 4B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 5 Enabled: Yes EBIPA: 1000::500:10:5/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 5A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 5B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 6 Enabled: Yes Enclosure Bay IP Addressing commands 72 EBIPA: 1000::500:10:6/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 6A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 6B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 7 Enabled: Yes EBIPA: 1000::500:10:7/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 (Not Set) DNS 3: Domain: bladeslab.com -----------------------------------------------------------------------Bay: 7A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 7B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 8 Enabled: Yes EBIPA: 1000::500:10:8/64 Current: (Not Set) Gateway: (Not Set) DNS 1: 1000::1 DNS 2: 1000::5 Enclosure Bay IP Addressing commands 73 DNS 3: (Not Set) Domain: bladeslab.com -----------------------------------------------------------------------Bay: 8A Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) -----------------------------------------------------------------------Bay: 8B Enabled: No EBIPA: (Not Set) Current: (Not Set) Gateway: (Not Set) DNS 1: (Not Set) DNS 2: (Not Set) DNS 3: (Not Set) Domain: (Not Set) Enclosure Bay IP Addressing commands 74 Enclosure network configuration commands ADD OA ADDRESS IPV6 • • Command: ADD OA ADDRESS IPV6 [{ }| ACTIVE | STANDBY] Description: Adds an IPv6 static address for the Onboard Administrator. If IPv6 is enabled, this setting takes effect immediately. If none of the optional arguments are specified (Onboard Administrator bay number, ACTIVE, or STANDBY), the command defaults to the active Onboard Administrator. • Access level/Bay level: OA administrator, OA operator • Restrictions: o The prefix length is mandatory. o The must be in the form ####:####:####:####:####:####:####:####/###, where each #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. The prefix /### ranges from 0 to 128. o Do not specify a Link Local Address as the IPv6 static address. ADD OA DNS • • Command: ADD OA DNS [ ] Description: Adds an IP address of a DNS server to the list. DNS servers are used if the system is configured to use a static IP address. When the Onboard Administrator is configured for both IPv4 and IPv6, the Onboard Administrator uses the first three valid DNS servers from those configured for the supported network configuration modes in the following order: a. Static IPv4 b. Static IPv6 c. DHCPv4 d. DHCPv6 If a bay number is not specified, then the command defaults to the active Onboard Administrator. • Access level/Bay level: OA administrator, OA operator • Restrictions: A maximum of two DNS servers can be added. Enclosure network configuration commands 75 The must be in the form ###.###.###.###, where each ### ranges from 0 to 255. ADD OA DNS IPV6 • • Command: ADD OA DNS IPV6 [ ] Description: Adds an IPv6 address to the list of DNS servers. The network prefix length is optional. When the Onboard Administrator is configured for both IPv4 and IPv6, the Onboard Administrator uses the first three valid DNS servers from those configured for the supported network configuration modes in the following order: a. Static IPv4 b. Static IPv6 c. DHCPv4 d. DHCPv6 If a bay number is not specified, then the command defaults to the active Onboard Administrator. • Access level/Bay level: OA administrator, OA operator • Restrictions: o A maximum of two DNS servers can be added. o The must be in the form ####:####:####:####:####:####:####:#### or ####:####:####:####:####:####:####:####/### (with a prefix), where each #### ranges from 0 to FFFF. A compressed version of the same IPv6 address is also supported. The prefix /### ranges from 0 to 128. ADD SSHKEY • • Command: ADD SSHKEY <\n> <\n> Description: Adds an SSH key or keys to the Administrator local account. Multiple SSHKEYs can be concatenated in the string. To add a key: a. Start with a string that does not appear within the key (the end marker). b. Insert a newline character by pressing Enter. c. Paste in the key. d. Insert a newline character by pressing Enter. e. Insert the end marker. f. Issue the command by pressing Enter. Failure to give a proper end marker before and after the key might cause the interface to wait for the appropriate end marker indefinitely. • Access level/Bay level: Enclosure network configuration commands 76 OA administrator • Restrictions: o SSHKEY is only available for the Administrator local account. o SSHKEY works only in script mode. o SSHKEY string is limited to 4KB on Onboard Administrator versions prior to 2.30. o SSHKEY string is limited to 8KB on Onboard Administrator version 2.30 and later. o This command is only valid in script mode. o When the Onboard Administrator is operating in FIPS Mode, the minimum RSA key length is 2048 bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. ADD SNMP TRAPRECEIVER • • Command: ADD SNMP TRAPRECEIVER [" "] Description: Adds a new trap receiver address to the SNMP configuration. Defaults for the traps are version v1 and port 162. The SNMP Trap community string is set to public or the optional " ". The " " string, if specified, must be 1 to 20 characters in length. Acceptable characters include any printable character excluding quotes and newlines. • Access level/Bay level: OA administrator, OA operator • Restrictions: o A maximum of eight IP addresses can be added to receive SNMP traps. o Only v1 traps are supported. o The value can be an IPv4 address, an IPv6 address, or a DNS name (maximum of 64 characters). o IPv6 addresses must be typed without the network prefix length. ADD SNMP TRAPRECEIVER V3 • • Command: ADD SNMP TRAPRECEIVER V3 { [NoAuthNoPriv|authNoPriv|authPriv] [INFORM]} Description: Adds a new trap receiver address to the SNMP configuration. This command is an extension of the existing ADD SNMP TRAPRECEIVER command. The additional V3 parameter indicates this command is an SNMPv3 trap and requires addition parameters. • Access level/Bay level: OA administrator, OA operator • Restrictions: o Eight v1/2c traps and eight v3 traps are allowed, for a total of 16 traps. Enclosure network configuration commands 77 • o The value can be an IPv4 address, an IPv6 address, or a DNS name (maximum of 64 characters). o IPv6 addresses must be typed without the network prefix length. Command parameters Name Description User name An SNMPv3 user account used to send the trap/inform • • • Minimal level of security required for operation. By default, operation is required to be signed but not encrypted (authNoPriv). NOAUTHNOPRIV AUTHNOPRIV AUTHPRIV • • • No authorization or encryption Authorization but no encryption Authorization and encryption Indicates an acknowledged inform instead of a trap. By default, the event will be a trap. INFORM ADD SNMP USER • Command: ADD SNMP USER " " {MD5|SHA1} " {DES|AES128} [" ] [ENGINEID <"engineID"> | [noAuthNoPriv|authNoPriv|authPriv]] ["RW"]] • • Description: o Creates a new user to be used for SNMPv3 queries, traps, and informs. o A commented out version if this command is included in the configuration script. The original passwords cannot be retrieved. Therefore, the original command cannot be issued. Access level/Bay level: OA administrator • • Restrictions: o Each user name/engine ID pair must be unique. o Up to ten distinct users are allowed. o When FIPS Mode is enabled, DES and MD5 are not allowed, and users are limited to read-only access. Command parameters Name Description User name An alphanumeric string up to 32 characters in length MD5 or SHA1 Use the MD5 or SHA1 algorithm to encode the authorization passphrase. MD5 is not allowed when FIPS Mode is enabled. Auth passphrase Authorization passphrase used to sign operations. This entry must be at least eight characters in length. DES or AES128 Use the DES or AES128 algorithm to encode the privacy passphrase. DES is not allowed when FIPS Mode is enabled. Enclosure network configuration commands 78 Name Description Privacy passphrase Privacy passphrase used to encrypt operations. This entry must be at least eight characters in length. If not specified, the authorization passphrase is used. noAuthNoPriv|authN Only applies to local users. A minimal level of security is required for operation. By default, the operation is oPriv|authPriv required to be signed but not encrypted (authNoPriv). • • • noAuthNoPriv—Allows unauthenticated operations authNoPriv—Requires authentication authPriv—Required encryption ENGINEID Sets the engine ID for the user account. If set, the engine ID must be a series of hexadecimal characters, up to 32 bytes or 64 characters in length. This parameter is used for creating remote accounts used with INFORM messages. RW Specifies that this user has read/write access to the OID tree. If not specified, the user has read-only access. ADD TRUSTED HOST • • Command: ADD TRUSTED HOST Description: Adds a new IPv4 or IPv6 address to the list of addresses being handled by the IP Security feature. • Access level /Bay level: OA administrator, OA operator • Restrictions: o You can add a maximum of five IP addresses to the IP Manager. o When specifying an IPv6 address, do not specify the prefix length. NOTE: RFC 4941 describes an extension to IPv6 SLAAC that allows for generation of global-scope temporary IPv6 addresses using interface identifiers that change over time. When an OS that supports RFC 4941 reboots or the current address expires, a new temporary IPv6 address is generated. Windows 7 is an example of an OS that supports RFC 4941. CAUTION: RFC 4941 describes an IPv6 SLAAC extension that allows for generation of global-scope temporary IPv6 addresses using interface identifiers that change over time. When an OS that supports RFC 4941 reboots or the current address expires, a new temporary IPv6 address is generated. Windows 7 is an example of an OS that supports RFC 4941. With trusted hosts enabled, if you are accessing the Onboard Administrator from a client hosted on an OS with RFC 4941 support, a reboot of the client OS can result in the inability to reconnect to the Onboard Administrator. The connection fails because the client’s new temporary IPv6 address does not match the IPv6 address configured for the client in the Trusted Addresses list. To avoid this issue, either disable generation of global-scope temporary IPv6 addresses in the OS, or reconfigure the Trusted Host IP address with the newly generated client IPv6 address. Enclosure network configuration commands 79 CLEAR LOGIN_BANNER_TEXT • • Command: CLEAR LOGIN_BANNER_TEXT Description: Clears the currently configured login banner text. • Access level /Bay level: OA administrator • Restrictions: Clearing the login banner text disables the login banner option. CLEAR NTP • • Command: CLEAR NTP {PRIMARY | SECONDARY} Description: Disables access to the Primary or Secondary NTP server • Access level/Bay level: OA administrator, OA operator • Restrictions: Clearing the Primary NTP server disables NTP. CLEAR SSHKEY • • Command: CLEAR SSHKEY Description: Removes the authorized key file used for SSH login • Access level/Bay level: Administrator • Restrictions: None CLEAR VCMODE • • Command: CLEAR VCMODE Description: Clears Virtual Connect Mode settings. • Access level/Bay level: Enclosure network configuration commands 80 OA Administrator OA Bays • Restrictions: o All servers in the enclosure should be powered off before clearing the VCMODE. o The enclosure will no longer be managed by Virtual Connect, and servers will revert to default Ethernet MAC and Fibre Channel WWN assignments. Virtual Connect might disconnect the servers from Ethernet networks and Fibre Channel fabrics. DISABLE ALERTMAIL • • Command: DISABLE ALERTMAIL Description: Disables the sending of emails when events occur • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE DHCPV6 • • Command: DISABLE DHCPV6 Description: Disable DHCPv6 mode for management interfaces of all devices in the enclosure. With DHCPv6 disabled, the IPv6 and DNS addresses are not obtained from the DHCPv6 Server. This setting takes effect immediately. • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT • • • Command: DISABLE ENCLOSURE_ILO_FEDERATION_SUPPORT Description: Disables the Onboard Administrator support required to allow peer-to-peer network communication necessary for iLO Federation among suitably capable iLOs within the enclosure. To enable, this support, see the ENABLE ENCLOSURE_ILO_FEDERATION_SUPPORT (on page 87) command. Access level/Bay level: Enclosure network configuration commands 81 OA administrator, OA operator • Restrictions: None DISABLE ENCLOSURE_IP_MODE • • Command: DISABLE ENCLOSURE_IP_MODE Description: Disables Enclosure IP Mode. Active and Standby Onboard Administrators retain their current IP addresses. After disabling Enclosure IP Mode and a takeover occurs, there will no longer be a single IP address for the enclosure. • Access level/Bay level: OA administrator, Operator • Restrictions: None DISABLE HTTPS • • Command: DISABLE HTTPS Description: Disables HTTPS access to the Onboard Administrator, which prevents access to the web-based user interface • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE FQDN_LINK_SUPPORT • • Command: DISABLE FQDN_LINK_SUPPORT Description: Disables the Onboard Administrator from displaying an FQDN-based web address link in addition to the usual IP-based web address links used for accessing an iLO or interconnect from the Onboard Administrator GUI. When the FQDN setting is disabled, the FQDN links of all the enclosure devices are removed from the Onboard Administrator and hence are not displayed. • Access level/Bay level: Enclosure network configuration commands 82 OA administrator, OA operator • Restrictions: None DISABLE IPV6 • • Command: DISABLE IPV6 Description: Disables IPv6 protocol for management interfaces of all devices in the enclosure. CAUTION: If you disable IPv6 in an IPv6-only environment, you will lose your connection to the Onboard Administrator GUI and any SSH sessions. To reestablish your connection, you must perform the initial enclosure configuration via IPv4 networking, the Insight Display, or the Onboard Administrator serial console interface. When disabling IPv6, all connections that depend on the IPv6 protocol are closed. • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE IPV6DYNDNS • • Command: DISABLE IPV6DYNDNS [ | ACTIVE | STANDBY] Description: Disables Dynamic DNS using IPv6 for the specified bay, Active Onboard Administrator, or Standby Onboard Administrator. • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE LOGIN_BANNER • • Command: DISABLE LOGIN_BANNER Description: Disables the login banner from appearing when the user attempts to log in to Onboard Administrator. • Access level /Bay level: OA administrator Enclosure network configuration commands 83 • Restrictions: None DISABLE NTP • • Command: DISABLE NTP Description: Disables the synchronizing of time and date with a remote server using the NTP protocol. Does not clear any NTP servers that have been configured. • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE SECURESH • • Command: DISABLE SECURESH Description: Disables SSH access to the Onboard Administrator. Disabling SSH prevents access to the web-based user interface and the SSH terminal interface until a terminal session re-enables the SSH protocol. • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE SLAAC • • Command: DISABLE SLAAC Description: Disables auto-configuration of IPv6 addresses from SLAAC messages for management interfaces of all devices in the enclosure. • Access level/Bay level: OA administrator, OA operator • Restrictions: Enclosure network configuration commands 84 None DISABLE SNMP • • Command: DISABLE SNMP Description: Disables SNMP support for the Onboard Administrator. Does not clear the SNMP trap receivers that have been configured. SNMP trap receivers can still be added and removed. If you disable SNMP, then Insight Manager Agents do not work properly. • Access level/Bay level: OA administrator, OA operator • Restrictions: This operation is not allowed in FIPS Mode ON/DEBUG. DISABLE TELNET • • Command: DISABLE TELNET Description: Disables telnet access to the Onboard Administrator • Access level/Bay level: OA administrator, OA operator • Restrictions: None DISABLE TRUSTED HOST • • Command: DISABLE TRUSTED HOST Description: Disables the host-based access to the Onboard Administrator. Disabling TRUSTED HOSTS allows all hosts to connect to the Onboard Administrator. • Access level/Bay level: OA administrator, Operator • Restrictions: None Enclosure network configuration commands 85 DISABLE XMLREPLY • • Command: DISABLE XMLREPLY Description: Disables XML reply data return over the HTTP port • Access level/Bay level: OA administrator, OA operator • Restrictions: None DOWNLOAD CONFIG • • • Command: DOWNLOAD CONFIG Description: o Downloads a previously saved configuration script file from a specific IP host, and then executes it. o Supported protocols are HTTP, FTP, TFTP, and USB. o Format the as protocol://host/path/file. o The URL syntax for IPv4 addresses is protocol:// /path/file. o The URL syntax for IPv6 addresses is protocol://[