Port Services
Function Description
On the Port Services page, you can view and modify the ports services supported by the iBMC.
- If a Web Server (HTTP)/Web Server (HTTPS) port is configured as a non-default browser port, the Chrome or Firefox browser cannot use the port to establish a connection. To solve this problem, you need to configure the browser to allow connections to be set up over a non-default port.
- Disabling the SSH, HTTPS, RMCP, and RMCP+ services at the same time may result in network disconnection. If all the services are disabled, you can connect to the server through the serial port and enable the web service.
Parameter Description
Service |
Default Port |
Description |
|---|---|---|
SSH |
22 |
The SSH allows a secure channel to be established between a local computer and the server. The iBMC supports a maximum of five concurrent SSH connections. NOTE:
SSH supports encryption algorithms AES128-CTR, AES192-CTR, and AES256-CTR. Use a supported encryption algorithm when logging in to iBMC over SSH. |
SNMP Agent |
161 |
The SNMP agent translates and transfers requests between management devices and managed devices. |
KVM |
2198 |
The KVM allows users to remotely control a server by using the local keyboard, video, and mouse (KVM). The iBMC supports a maximum of two concurrent users. |
VMM |
8208 |
The VMM allows a user to use a virtual DVD-ROM drive or floppy disk drive (FDD) to access and control a server. The iBMC supports only one user at a time. |
Video |
2199 |
Allows users to use the video playback function. For details about this function, see Video & Screenshot. The iBMC supports only one user at a time. |
VNC |
5900 |
The Virtual Network Console (VNC) allows users to remotely control a server by using the local keyboard, video, and mouse. A maximum of five concurrent users are allowed. |
Web Server (HTTP) |
80 |
The HTTP supports Internet browsing and translates Hypertext Transfer Protocol (HTTP) pages. The Web Server (HTTP) service is enabled by default to establish a connection between the browser and iBMC. After the connection is set up, the secure protocol HTTPS is used. |
Web Server (HTTPS) |
443 |
The HTTPS supports Internet browsing and translates Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) pages or Redfish Protocol. The iBMC supports a maximum of four concurrent HTTPS connections. |
IPMI LAN (RMCP) |
623 for port 1 (primary port) and 664 for port 2 (secondary port). |
Stands for Intelligent Platform Management Interface (IPMI) over LAN, and supports the Remote Management Control Protocol (RMCP). Using the IPMI LAN (RMCP) service may pose security risks. For security purposes, use the IPMI LAN (RMCP+) service instead. The IPMI LAN (RMCP) service is disabled by default. |
IPMI LAN (RMCP+) |
RMCP+ and RMCP use the same port. |
Stands for Intelligent Platform Management Interface (IPMI) over LAN and supports RMCP+. NOTE:
The RMCP+ protocol has security vulnerabilities (CVE-2013-4786), and using RMCP+ poses security risks. Refer to Risk Prevention Measures. |
Setting Port Services
- Click Edit.
- Enable or disable the port services based on service requirements.
: enables a service.
: disables a service.
- Set port numbers for these services.
- Click Save.
: enables a service.
: disables a service.Risk Prevention Measures
Do as follows to minimize the security risks caused by the vulnerability (CVE-2013-4786) of RMCP+:
- If you do not use IPMI protocol to access the iBMC:
- Disable the IPMI service on this page.
After IPMI is disabled, other devices cannot use IPMI to access the iBMC. This setting affects the IPMI-based tools, such as IPMItool, InfoCollect, and eSight.
- Enable password complexity check and set passwords complying with the password complexity requirements.
- Disable the IPMI service on this page.
- If you need to use IPMI protocol to access the iBMC:
- Set the network where the iBMC management network port is located as an independent LAN.
- Enable password complexity check and set passwords complying with the password complexity requirements.