Cisco Cisco Firepower Management Center 4000
51-24
FireSIGHT System User Guide
Chapter 51 Configuring Appliance Settings
Managing Remote Console Access
ipmitool -I lanplus -H IP_address -U user_name sol activate
Note
Cisco recommends using IPMItool version 1.8.12 or greater.
For IPMIutil:
ipmiutil -J 3 -H IP_address -U username sol -a
The command line login for the appliance appears. You may be prompted to enter a password.
Using Lights-Out Management
License:
Any
Supported Devices:
Series 3
Supported Defense Centers:
Series 3
Lights-Out Management provides the ability to perform a limited set of actions over a SOL connection
without the need to log into the appliance. You use the command to create a SOL connection followed
by one of the commands listed in the following table. After the command is completed, the connection
ends. Note that not all power control commands are valid on 70xx Family devices.
without the need to log into the appliance. You use the command to create a SOL connection followed
by one of the commands listed in the following table. After the command is completed, the connection
ends. Note that not all power control commands are valid on 70xx Family devices.
Caution
In rare cases, if your computer is on a different subnet than the appliance's management interface and
the appliance is configured for DHCP, attempting to access LOM features on a Series 3 appliance can
fail. If this occurs, you can either disable and then re-enable LOM on the appliance, or use a computer
on the same subnet as the appliance to ping its management interface. You should then be able to use
LOM.
the appliance is configured for DHCP, attempting to access LOM features on a Series 3 appliance can
fail. If this occurs, you can either disable and then re-enable LOM on the appliance, or use a computer
on the same subnet as the appliance to ping its management interface. You should then be able to use
LOM.
Caution
Cisco is aware of a vulnerability inherent in the Intelligent Platform Management Interface (IPMI)
standard (CVE-2013-4786). Enabling Lights-Out Management (LOM) on an appliance exposes this
vulnerability. To mitigate this vulnerability, deploy your appliances on a secure management network
accessible only to trusted users, use a complex, non-dictionary-based password of the maximum
supported length for your appliance, and change it every three months. In you enable LOM and expose
this vulnerability, change the complex password every three months. To prevent expose to this
vulnerability, do not enable LOM.
standard (CVE-2013-4786). Enabling Lights-Out Management (LOM) on an appliance exposes this
vulnerability. To mitigate this vulnerability, deploy your appliances on a secure management network
accessible only to trusted users, use a complex, non-dictionary-based password of the maximum
supported length for your appliance, and change it every three months. In you enable LOM and expose
this vulnerability, change the complex password every three months. To prevent expose to this
vulnerability, do not enable LOM.
If all attempts to access your appliance have failed, you can use LOM to restart your appliance remotely.
Note that if a system is restarted while the SOL connection is active, the LOM session may disconnect
or time out.
Note that if a system is restarted while the SOL connection is active, the LOM session may disconnect
or time out.
Caution
Do not restart your appliance unless it does not respond to any other attempts to restart. Remotely
restarting the appliance does not gracefully reboot the system and you may lose data.
restarting the appliance does not gracefully reboot the system and you may lose data.