Blackbird/BMC Network Disable

From RCS Wiki
Jump to navigation Jump to search
Why disable the BMC network in hardware?

Certain high security environments require only the host device to be able to communicate with the network; for example, high security networks incorporating hardware data diodes. In such environments, the typical software-based method for BMC network disable will not be acceptable; therefore, Raptor Computing Systems has started building a physical network BMC disable feature into some of its newer product revisions.

Hardware Requirements
  • Blackbird hardware revision 1.02 or higher
Method and Procedure

The physical network disable is implemented via a DIP switch on the mainboard labeled "BMC NCSI", located near the PCIe slots. When placed in the DISABLE position, this switch physically breaks the NCSI link between the BMC and the network controller, thus disabling all external Ethernet connectivity on the BMC. Logging in to the BMC over serial will verify that the BMC is no longer able to communicate with or detect any network controller devices.

Because this DIP switch physically disconnects the BMC from the network controller, reenabling BMC network access requires all power to be removed from the machine. The BMC needs to reboot in order to rescan the NCSI bus and detect the reconnected network controller; if a power cycle is not performed after the BMC NCSI switch is placed back in the ENABLE position, the BMC will not rediscover the network controller, and will not reappear on the network.

Retrieved from "https://wiki.raptorcs.com/w/index.php?title=Blackbird/BMC_Network_Disable&oldid=5323"