Disabling LAN access to IPMI via ipmitool

I want to be able to switch LAN access to IPMI on and off on my machine (e.g. using a script and ipmitool).

I've successfully configured static IP, netmask, password, and other settings using ipmitool on Ubuntu 16.04. I would have expected the following command to disable access to the LAN channel, 0x1:

$ ipmitool lan set 0x1 access off

The command returns 0 and produces the following output:

Set Channel Access for channel 1 was successful.

However, despite having successfully changed the setting, I am still able to access the web configuration interface via my previously configured static IP and netmask settings.

Here's the output of ipmitool channel info 0x1 prior to disabling access to the channel:

Channel 0x1 info:
  Channel Medium Type   : 802.3 LAN
  Channel Protocol Type : IPMB-1.0
  Session Support       : multi-session
  Active Session Count  : 0
  Protocol Vendor ID    : 7154
  Volatile(active) Settings
    Alerting            : enabled
    Per-message Auth    : enabled
    User Level Auth     : enabled
    Access Mode         : always available
  Non-Volatile Settings
    Alerting            : enabled
    Per-message Auth    : enabled
    User Level Auth     : enabled
    Access Mode         : always available

After running the command, the Access Mode field for both Volatile and Non-Volatile Settings reads 'disabled.'

Am I missing something here? How do people generally disable the IPMI LAN interface?


$ ipmitool lan set 0x1 access off

This command refers specifically to the IPMI protocol over the LAN, not SSH / SNMP / HTTP/HTTPS etc.

The IPMI protocol is UDP/623, and is what you use when you run ipmitool to a remote host.

EDIT: I realise I didn't answer the question. It might be simplest to set a static IP of 0.0.0.0 on the IPMI interface when you want it disabled, and then set a valid static IP when you want it enabled. Most IPMI controllers have some kind of firewall option, but for IPMI controllers on SMC motherboards at least, you can't configure the firewall via the IPMI CLI interface, only the web interface.