TheCloudisaLie

1. Hello Allen & Chris,
2.  
3. A two parter for you -
4.  
5. 1) I recently upgraded a couple of machines on my home network to E3 v5 Xeons. The MB's are supermicro's with AST2400 BMC onboard. I'm a complete noob to ipmi and had a moment of panic when I realized that the bios had automagickly shared nic's instead of using the MB's dedicated IPMI nic. I found it perplexing that I couldn't change this behavior from the regular system bios. I eventually stumbled my way into the Web management GUI, changed the admin username/password, forced redirection to https, set the nic to dedicated instead of failover, etc. Is there a good primer on ipmi and best practices you can suggest? I found a few bits of documentation on Supermicro's site but it was heavy on highlevel marketing speak. Next time I'll know better than to assume that a dedicated ipmi port = dedicated ipmi port.
6.  
7. 2) I know one of Allen's suggestions will be putting the ipmi port on a separate VLAN, which brings me to my second question. I finally caught wind of the impending 2.5/5Gb ethernet standards and it's put a damper on my eagerness to get a managed switch. Is there any hope of getting a switch that might be upgradeable once the standard is ratified (say through a SFP+ module)? Considering the track record of Wifi standards that might be risky I know. I'm pretty sure 10Gb ethernet is just not in my budget atm (esp. after the Xeons). Unless there is some really inexpensive managed switch out there I guess I'll have to wait or do you have any suggestions?
8.  
9. P.s. Another Port Knocking alternative to add to the pile - authpf. From what I gathered (thanks to a video linked in the BSD Now 67 shownotes) it allows you to dynamically add pf rules upon connection of an SSH session. Sadly it doesn't seem to be exposed in pfSense. I was hoping to toggle some port forwards with it. Maybe some day I'll build a real firewall with FreeBSD. Another project for another day.
10.  
11. Thanks
12. TheCloudisaLie