You can configure the iLO access options by using the iLO web interface or iLO RBSU.
• “Configuring access options by using the iLO web interface” (page 41)
• “Configuring iLO access options by using iLO RBSU” (page 43)
Configuring access options by using the iLO web interface
TheAccess Optionssection enables you to modify settings that affect all iLO users. To view or modify iLO access options:
1. Navigate to theAdministration→Access Settingspage.
2. Click theAccess Settingstab and scroll to theAccess Optionssection of theAccess Settings
page, as shown inFigure 15 (page 41). Figure 15 Access Options
Table 4 Access options
Description Default value
Option
This setting specifies how long a user can be inactive, in minutes, before the iLO web interface and Remote Console
30 Idle Connection Timeout (minutes)
session end automatically. The following settings are valid:
15,30,60, or120minutes, orInfinite. Inactive users are not logged out when this option is set toInfinite.
Failure to log out of iLO by either browsing to a different site or closing the browser also results in an idle connection. The iLO firmware supports a finite number of iLO connections. Misuse of theInfinitetimeout option might make iLO inaccessible to other users. Idle connections are recycled after they time out.
This setting applies to local and directory users. Directory server timeouts might preempt the iLO setting.
Changes to the setting might not take effect immediately in current user sessions, but will be enforced immediately in all new sessions.
The iLO network and communications with operating system drivers are terminated when iLO functionality is disabled.
Enabled iLO Functionality
If iLO functionality is disabled (including the iLO Diagnostic Port), you must use the server Security Override Switch to enable iLO. See the server documentation to locate the Security Override Switch, and then set it toOverride. Power up the server, and then use the iLO RBSU to setiLO FunctionalitytoEnabled.
NOTE: The iLO functionality cannot be disabled on blade servers.
This setting enables or disables iLO RBSU. The iLO Option ROM prompts you to pressF8to start iLO RBSU, but if iLO is disabled or iLO RBSU is disabled, this prompt is not displayed.
Enabled iLO ROM-Based Setup
Utility
This setting determines whether a user-credential prompt is displayed when a user accesses iLO RBSU. If this setting is
Disabled Require Login for iLO
RBSU
Enabled, and you pressF8during POST, a login dialog box opens.
This setting enables the display of the iLO network IP address during host server POST.
Enabled Show iLO IP during POST
This setting enables you to change the login model of the CLI feature through the serial port. The following settings are valid:
Enabled-Authentication Required
Serial Command Line Interface Status
• Enabled-Authentication Required—Enables access to the iLO CLP from a terminal connected to the host serial port. Valid iLO user credentials are required.
• Enabled-No Authentication—Enables access to the iLO CLP from a terminal connected to the host serial port. iLO user credentials are not required.
• Disabled—Disables access to the iLO CLP from the host serial port. Use this option if you are planning to use physical serial devices.
This setting enables you to change the speed of the serial port for the CLI feature. The following speeds (in bits per second)
9600 Serial Command Line
Interface Speed
are valid:9600,19200,38400,57600, and115200. The serial port configuration must be set to no parity, 8 data bits, and 1 stop bit (N/8/1) for correct operation. The serial port speed set by this option should match the speed of the serial port configured in the system ROM RBSU. For more
information about the system ROM RBSU, see the HP ROM-Based Setup Utility User Guide.
Table 4 Access options(continued)
Description Default value
Option
NOTE: The 38400 speed is not currently supported by the system ROM RBSU.
This setting enables or disables logging of the Virtual Serial Port. When enabled, Virtual Serial Port activity is logged to
Disabled Virtual Serial Port Log
a 150-page circular buffer in the iLO memory, and can be viewed using the CLI commandvsp log. The Virtual Serial Port buffer size is 128 KB.
This feature and many others are part of an iLO licensing package. For more information about iLO licensing, see the following website:http://www.hp.com/go/ilo/licensing. This setting specifies the minimum number of characters allowed when a user password is set or changed. The character length must be a value from 0 to 39.
8 Minimum Password
Length
This setting enables you to specify the host server name. You can assign this value manually, but it might be overwritten by the host software when the operating system loads.
—
Server Name
You can enter a server name that is up to 49 bytes. To force the browser to refresh, save this setting, and then pressF5.
This setting enables you to specify the server FQDN or IP address. You can assign this value manually, but it might be —
Server FQDN/IP Address
overwritten by the host software when the operating system loads.
You can enter an FQDN or IP address that is up to 255 bytes. To force the browser to refresh, save this setting, and then pressF5.
This setting enables you to configure logging criteria for failed authentications. All login types are supported; each login type works independently. The following are valid settings:
Enabled-Every 3rd Failure
Authentication Failure Logging
• Enabled-Every Failure—A failed login log entry is recorded after every failed login attempt.
• Enabled-Every 2nd Failure—A failed login log entry is recorded after every second failed login attempt. • Enabled-Every 3rd Failure—A failed login log entry is
recorded after every third failed login attempt. • Enabled-Every 5th Failure—A failed login log entry is
recorded after every fifth failed login attempt. • Disabled—No failed login log entry is recorded. For information about using this setting with SSH clients, see “Logging in to iLO by using an SSH client” (page 45).
4. ClickApplyto end your browser connection and restart iLO.
It might take several minutes before you can re-establish a connection.
Configuring iLO access options by using iLO RBSU
When iLO RBSU is enabled, the iLO Option ROM prompts you to pressF8to start iLO RBSU. If iLO is disabled or iLO RBSU is disabled, the prompt is not displayed.
You can use iLO RBSU to configure global settings and serial CLI settings. For more information, see“Configuring global settings by using iLO RBSU” (page 44)and“Configuring serial CLI options by using iLO RBSU” (page 44).
Configuring global settings by using iLO RBSU 1. PressF8during POST to enter iLO RBSU.
2. SelectSettings→Configure, and then pressEnter.
TheGlobal iLO 4 Settingsmenu opens, as shown inFigure 16 (page 44). Figure 16 Global iLO 4 Settings window
3. For each option that you want to change, select the option, and press the spacebarto toggle the setting toENABLEDorDISABLED. You can change the following settings:
• iLO Functionality
• iLO 4 ROM-Based Setup Utility • Require iLO 4 RBSU Login • Show iLO 4 IP during POST • Local Users
For more information about the first four options in the list, seeTable 4 (page 42).
For more information about the last option in the list, see“Configuring authentication and directory server settings” (page 56).
4. PressF10to save the settings. 5. SelectFile→Exitto close iLO RBSU.
Configuring serial CLI options by using iLO RBSU 1. PressF8during POST to enter iLO RBSU. 2. SelectSettings→CLI, and then pressEnter.
Figure 17 iLO RBSU Configure iLO Command-Line Interface window
4. For each option that you want to change, select the option, and press the spacebarto toggle through the available settings. You can change the following settings:
• Serial CLI Status
• Serial CLI Speed (bits/second)
For more information about these options, seeTable 4 (page 42). 5. PressF10to save the settings.
6. SelectFile→Exitto close iLO RBSU.
Logging in to iLO by using an SSH client
When a user logs in to iLO by using an SSH client, the number of login name and password prompts displayed by iLO matches the value of theAuthentication Failure Loggingoption (3 if it is disabled). The number of prompts might also be affected by your SSH client configuration. SSH clients also implement delays after login failure.
For example, to generate an SSH authentication failure log with the default value (Enabled-Every 3rd Failure), assuming that the SSH client is configured with the number of password prompts set to 3, three consecutive login failures occur as follows:
1. Run the SSH client and log in with an incorrect login name and password.
You receive three password prompts. After the third incorrect password, the connection ends and the first login failure is recorded. The SSH login failure counter is set to 1.
2. Run the SSH client and log in with an incorrect login name and password.
You receive three password prompts. After the third incorrect password, the connection ends and the second login failure is recorded. The SSH login failure counter is set to 2.
3. Run the SSH client and log in with an incorrect login name and password.
You receive three password prompts. After the third incorrect password, the connection ends and the third login failure is recorded. The SSH login failure counter is set to 3.
The iLO firmware records an SSH failed login log entry, and sets the SSH login failure counter to 0.