Changing the HMC Private DHCP Address Range

Technote

In the typical HMC configuration, one HMC interface is configured as a DHCP server that connects the HMC and managed servers on a private network. Another HMC interface is used to connect the HMC to the company network for remote access and service functions. Figure 1 shows the recommended configuration where eth0 is the private HMC/FSP network and eth1 is the open network.

Figure 1

It might be necessary to change the HMC address range used on the private network to avoid routing conflicts with the TCP/IP addresses used on the company (open) network. For example, if the company VPN assigns 192.168 addresses to remote users that access the HMC, then this might conflict with the HMC's default private address range, which is also 192.168. In this situation, the preferred solution is to change the address range used on the private network to a different, unused TCP/IP address range. This document explains how to reconfigure the address range used on the private network.

These instructions are for the configuration shown in Figure 1 (dual private networks). It applies only to Models 9406-520, 550, and 570. Contact IBM support for assistance with configuring 595 and 570 with dual FSP feature.


Preparing for the Change

Step 1: Determine the currently installed release of the server firmware.

The method used to change the TCP/IP address depends on the server firmware level. Use the following steps to determine the server firmware release level of each system managed by the HMC:

a	Open Licensed Internal Code Maintenance.
b	Open Licensed Internal Code Updates.
c	Select the Change Licensed Internal Code option.
d	Select the server from the list in the pop-up window, and click OK.
e	Select View System Information, and click OK.
f	Select None for the LIC repository, and click OK.
g	Note the EC number in the left-most column. If the server firmware level is 230 or later, the private network address range can be changed while the system is running. If it is earlier than 230, then changing the range requires that all managed systems (and partitions) be powered down.

Step 2: Decide on a new TCP/IP address range.

Compare the list of TCP/IP address ranges available on the HMC to those in use on your company network. Pick a range that is unique and that does not conflict with the range used on the local network. Remember to consider any address range that might be used by remote sites or assigned to users accessing the company network remotely via a VPN. Also, remember that if dual (redundant) HMCs are used, each HMC must use a unique address range.

To see the list of TCP/IP addresses available on the HMC, click HMC Management > HMC Configuration > Customize Network Settings . On the Customize Network Settings tab, click LAN Adapters > eth0 > Details button. Click the Address range drop-down box to view the list of available ranges. Click Cancel to exit to avoid any accidental changes.

Step 3: Verify the HMC Access password is known.

The process below requires that you re-enter the Flexible Server Processor (FSP) HMC access password for each managed system. This password was set when the system was first installed. To verify you know the password, use the following procedure:

a	Expand Server and Partition.
b	Expand Server Management.
c	Right-click on the managed system and select Update Managed System Password .
d	Type the current HMC access password in all three boxes (Current, New, Verify). The FSP allows the password to be "changed" to the current value, so this process allows you to verify that you know the HMC access password without disabling the current connection. If the password is correct, the panel will close and no error occurs. If the password is incorrect, it will notify you with an HSCL1990 error. After five incorrect attempts, the FSP will lock the connection for 5 minutes.

If the HMC password is lost but the FSP "admin" password is known, use the following procedure to reset the HMC access password:

a	Select Service Applications > Service Focal Point > Service Utilities .
b	Select the server from the pop-up window.
c	Click the menu option Selected > Launch ASM Menu .
d	Click OK in pop-up to launch the Advanced System Manager browser. Accept the certificate.
e	Sign on ASM using the admin profile.
f	In the navigation area, expand Login Profile.
g	Select Change Password.
h	Set User id to change to HMC.
i	Specify the required password information, and click Continue. Note: As a security measure, you are required to re-enter the admin password into the Current password for user id field.

If both the HMC access password and the "admin" password are lost, you must reset the passwords. Contact IBM support or use the reset procedure from the eServer Information Center at the following Web site:

http://publib.boulder.ibm.com/infocenter/eserver/v1r3s/topic/iphby/resetadminpwd.htm .


Changing the DHCP Server Range for Systems with Server Firmware Release 230 or Higher

Use the information in Step 1 above to verify the server firmware release level is 230 or higher. Then, do the following:

Step 1: Configure the HMC DHCP server to use the different range:

a	On the HMC, click HMC Management > HMC Configuration > Customize Network Settings .
b	On the Customize Network Settings tab, click LAN Adapters.
c	Click the interface used for the private network (typically eth0), and click the Details button.
d	Verify that Private network is selected and that Enable DHCP server is selected.
e	Click the Address range drop-down box, and select the new address range that was determined in the preparation steps above. The address range chosen should be different than the subnet used on any other HMC interface, such as eth1 or eth2, and it should be different than the address used by any redundant HMC.
f	Click OK.

Step 2: Reboot the HMC when prompted, and log back in. Verify the settings.

Step 3: Force the FSP to acquire a new address:

a	Access the back of the IBM System i5™ server and note the port that the Ethernet cable is plugged into (HMC1 or HMC2). This is the Ethernet cable that runs between the HMC eth0 and the managed server FSP. HMC1 or HMC2 will be stamped into the sheet metal.
b	Remove the cable from the FSP. If a HUB is used, be sure to remove the end of the cable connected to the FSP and not the HMC. The FSP link must go inactive.
c	Wait 2 minutes. The FSP link must be deactivated for 2 minutes to trip the reacquire.
d	Plug the cable back into the same port.

Step 4: Wait approximately 2 minutes for the server to appear under Server and Partition > Server Management . Within a few seconds, the lease should go out. This can be seen by opening a restricted shell (right-click on the HMC desktop, click Terminals > rshterm ) and running the command lshmc -n . The clients field should contain the new lease. It will take the HMC another minute or two to process the new lease and add the TCP/IP to the server management list.

Step 5: Type the HMC Access password when prompted. The server will appear in the server management list with a state of failed authentication . Right-click on the managed system, and select enter/update managed system password. Type the HMC access password (refer to Step 3 in the above section Preparing for the Change ).

Step 6: Remove the old connection:

a	Open a restricted shell by right-clicking on the desktop, clicking Terminals > rshterm . It might be necessary to minimize the Hardware Management Console window to reach the desktop.
b	Type the command lssysconn -r all . The output should show at least two connections, for example: lssysconn -r all resource_type=sys,type_model_serial_num=9406-520*103E8FE,sp=primary,sp_phys_loc=unavailable,ipaddr=192.168.255.254,alt_ipaddr=unavailable,state=Connected resource_type=sys,type_model_serial_num=unavailable,sp=unavailable,sp_phys_loc=unavailable,ipaddr= 172.16.255.254 ,alt_ipaddr=unavailable,state=Connecting,connection_error_code= Connecting 0000-0000-00000000
c	Locate the old address. The old TCP/IP address will appear in an entry with state of Connecting... or No connection .
d	Remove the old entry. Type the following command: rmsysconn --ip <ip> -o remove where <ip> is the old TCP/IP address located in the previous step.

Changing the DHCP Server Range for Systems with Server Firmware Release 225 or Lower

This procedure requires that the all partitions be powered down. Do the following:

Step 1: Power down all partitions.

Step 2: Power down the managed system.

Step 3: Configure the HMC DHCP server to use the different range:

a	On the HMC click HMC Management > HMC Configuration > Customize Network Settings .
b	On the Customize Network Settings tab, click LAN Adapters.
c	Click eth0, and click the Details button.
d	Verify that Private network is selected and that Enable DHCP server is selected.
e	Click the Address range drop-down box, and select the new address range that was determined in the preparation steps above. The address range chosen must be different than the subnet used on any other interface, such as eth1 or eth2.
f	Click OK.
g	Perform a pinhole reset or AC Power off: o Pinhole reset: Use a paper clip or toothpick to press the reset button located on the front control panel. This button is recessed under a small "pinhole". Insert the end of a paper clip or toothpick, and press the button. The control panel will display a C100 reference code and start a reboot. o AC Power off: Remove the power cord from the FSP. Wait 5 minutes for the power to drain. Attach the AC power.

Step 4: Wait approximately 2 minutes. Within a few seconds, the lease should go out. This can be seen by opening a restricted shell and running the command lshmc -n . The clients field should contain the new lease. It will take the HMC another minute or two to process the new lease and add the TCP/IP to the managed server list.

Step 5: Type the HMC Access password. Right-click on the managed system, and select enter/update managed system password. Type the HMC access password.

Step 6: Remove the old connection:

a	Open a restricted shell by right-clicking on the desktop, clicking Terminals > rshterm .
b	Type the command lssysconn -r all , for example: lssysconn -r all resource_type=sys,type_model_serial_num=9406-520*103E8FE,sp=primary,sp_phys_loc=unavailable,ipaddr=192.168.255.254,alt_ipaddr=unavailable,state=Connected resource_type=sys,type_model_serial_num=unavailable,sp=unavailable,sp_phys_loc=unavailable,ipaddr= 172.16.255.254 ,alt_ipaddr=unavailable,state=Connecting,connection_error_code= Connecting 0000-0000-00000000
c	Locate the old address. The old TCP/IP address will appear in an entry with state of Connecting... or No connection .
d	Remove the old entry by typing the following command: rmsysconn --ip <ip> -o remove where <ip> is the old TCP/IP address located in the previous step.