Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Harden webgui of CIMC - Standalone C series

Is there anyway to harden access to the webgui of CIMC of a standalone C series server say C220

Appreciate inputs!

6 REPLIES

Harden webgui of CIMC - Standalone C series

Hi,

I have not heard of any specific procedure but do you have any specific feature you may be thinking about? I might be able if to tell you if there is something like that or see if at least there is an enhancement request.

-Kenny

New Member

Harden webgui of CIMC - Standalone C series

We need to access the CIMC over internet for some remote servers (like we did DRAC,ILO in past) and they are in standalone mode ...no UCSM hook in...need to lockdown/harden  access of CIMC as far as possible especially web...saw some ip blocking feature...more like thwart brute force i guess ...but nothing more..restricting source ips  seems more of a UCSM thing i guess...please correct if amiss!

Any features to harden  web access to CIMC appreciated for standalone severs...enablement of hardening can be from CLI also or any means

Appreciate

Cisco Employee

Harden webgui of CIMC - Standalone C series

There is IP Blocking built into the system, but it doesn't appear to do what you need, though the User Guide kinda contradicts this:

http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/gui/config/guide/1.5/b_Cisco_UCS_C-series_GUI_Configuration_Guide.151_chapter_01000.html#concept_AC4EC4E9FA3F4536A26BAD49734F23D0

IP blocking  prevents the connection between a  server or website and certain IP addresses or ranges of addresses. IP  blocking effectively bans undesired connections from those computers to a  website, mail server, or other Internet servers.

If WAN access needs to be hardened properly you'll want to use a firewall or ACLs to really be secured. 

Let me look into whether or not we're adding IP filtering in a future release.

Regards,

Robert

New Member

Harden webgui of CIMC - Standalone C series

Appreciate !...i did however think ipblocking for standalone was more as lockout for bruteforce ...and yes the manual is ambivalent..maybe it talks about UCSM based management pool access ...which is not the case for standalone!

so yes really left wondering ..ACLs at network level was something we consider as a frontline but also wanted something at host level...

New Member

Harden webgui of CIMC - Standalone C series

Hi,

Please find the below link,Hope it would help you.

http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL-26648-01.html

Regards,

Gaurav

New Member

Harden webgui of CIMC - Standalone C series

is there somethign specific in this that helps with my question ...am i amiss?  Appreciate inputs

296
Views
0
Helpful
6
Replies
CreatePlease login to create content