Remote management of PowerEdge 1950 servers without DRAC


Using IPMI it’s possible to get some remote management features without having a DRAC card in the server. At least remote power control and serial over LAN are available.

Setting up IPMI using ipmitool:

Configure LAN

Change ip, netmask and defgw to match your network.

ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr
ipmitool lan set 1 netmask
ipmitool lan set 1 defgw
ipmitool lan set 1 auth callback md5
ipmitool lan set 1 auth operator md5
ipmitool lan set 1 auth admin md5
ipmitool lan set 1 auth user md5
ipmitool lan set 1 access on
ipmitool lan set 1 arp respond on

# If needed configure vlan id
ipmitool lan set 1 vlan id 100

Configure users

ipmitool user set name 2 admin
ipmitool user set password 2 SecretPassword1
ipmitool user enable 2
ipmitool user priv 2 4 1
ipmitool user priv 2 4 2

# List enabled users
ipmitool user list 1
ipmitool user list 2

Enable serial over lan

ipmitool sol set privilege-level admin 1
ipmitool sol set force-encryption true 1
ipmitool sol set force-authentication true 1
ipmitool sol set non-volatile-bit-rate 57.6 1
ipmitool sol set volatile-bit-rate 57.6 1
ipmitool sol set enabled true 1
ipmitool sol payload enable 1 2

To connect to the serial over lan console use the following command:

ipmitool -I lanplus -H -U admin -P SecretPassword1 sol activate

The serial console supports some escape sequences, which can be checked by typing ~?

Supported escape sequences:
~.  - terminate connection
~^Z - suspend ipmitool
~^X - suspend ipmitool, but don't restore tty on restart
~B  - send break
~?  - this message
~~  - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)

Examples of common operations

  • Reseting power over the network
  • ipmitool -H -U admin -P SecretPassword1 chassis power reset
  • Blinking uid light
  • ipmitool chassis identify
  • Read sensors
  • ipmitool sensor

All except serial over lan should work on all servers with IPMI.
Serial over LAN requires IPMI 2.0.

Reprogramming SFP modules

I needed a fiber connection to my HP 2824 switch, but it would not allow me to use non HP SFPs.

So what did I do? I reflashed a D-Link DEM-311GT using the EEPROM data from an HP SFP using a Raspberry Pi (and an old broken switch as a breakout board for the SFP).

Switch as SFP breakout board

The EEPROM in the SFP is just an ordinary I2C EEPROM (basically the same as is used for the EDID in monitors).

There was one problem though: the DEM-311GT SFP was write protected, so I had to solder a wire to the write-protect pin to make it writeable.

DEM-311GT with patched write-protect


Cutting PCBs

Since I put three designs on a single 10x10cm PCB I need to cut it.

First try with the hacksaw was successful but it was really close to some traces.

Will try to get access to the metal shear and see if that works better.

20140606_130956 20140606_130937

The ethernet phy is alive!

So I decided to try reflowing the ethernet phy to make sure that nothing is shorted.

After doing so the ethernet phy started replying to management commands 🙂


Altough I think that it might have shorted nRST and TX_EN together because the basic status register is always indicating jabber detection, and when i try to manually de-assert TX_EN the LAN8720A resets.

Another problem is that it will only detect a link if I set the switchport to 10Mbit.