Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2943 Discussions

Growing restrictions on ME TCP static settings

idata
Employee
1,676 Views

When I began with vPro, there was possibility to enter any static TCP settings in configuration of Management Engine. From time I have more and more problems with static TCP settings on Management Engine on different motherboards with vPro, so from Intel as well as from other manufacturers. For example on new MBs on Q57 I now can't set two bit mask 255.255.255.252 or dns outside of specified network. From BIOS setup on some boards mask can be set only to /24 but from http can be narrowed to max /28, but not to /30!

Culmination is effect I have after BIOS upgrade on DQ35MP to latest 1143! Now there is NO static settings! I now have no possibility to set DHCP mode OFF on Management Engine setting in Small Business provisioning model. Exactly: possibility is, but setting is ignored and reverted to ON. AMT is working ok, if there is present DHCP server. But in destined network segment for this computer I HAVE NOT dhcp server. Before bios upgrade, AMT ME was working correctly, but not now! I tried downgrade BIOS, but AMT firmware flashing phase ends with error. So this BIOS upgrade was shot in the foot and MB is now unmanageable garbage. I can't find any workaround. Maybe anyone found recipe for this?

Anyone knows or has idea about reasons for the growing restrictions in the static TCP settings of ME or this are rather insane experiments of crazy firmware developers?

0 Kudos
2 Replies
idata
Employee
444 Views

I don't think I can directly answer your question about the history behind the static IP changes, but you might find this info helpful. Remember, when it says "unsupported" or "invalid" that means the configuration is untested and could do strange things. For the DQ35MP Desktop board issue with the new BIOS, I don't know why the DHCP mode can't be set to Off.

Configuring the Intel AMT IP Address

The Intel AMT IP address can be either an IPv4 address or, starting with Release 6.0, an IPv6 address. There are three ways that the address can be configured:

  • Intel AMT and the host have a shared dynamic IP address and a single host name (IPv4 only). The IP address is issued by a DHCP server on request by the host. Intel AMT either detects DHCP address requests and responses, or starting with Release 7.0, requests IP address updates via the User Notification Service (UNS).

     

  • Intel AMT and the host have different static IP addresses and host names (wired interface only). This is valid but requires two IP addresses per platform. A single static IP address shared between the OS and Intel AMT is not supported.

     

  • Starting with Release 7.0, Intel AMT and the host can share a static IP address (wired interface only). There are two ways to do this:

     

    • Configure the Intel AMT IP address directly using the AMT_EthernetPortSettings

       

    • With Release 7.0, Intel AMT, in conjunction with the UNS, can detect the host IP address and synchronize the Intel AMT address to the host address (IPv4 only). Note that using static IP addresses limits access to certain Intel AMT features that depend on the presence of a DHCP server. A configuration where Intel AMT gets its IP address dynamically, while the host has a static IP, is invalid.

       

Earlier releases (prior to Intel AMT 7) supported a configuration where the host has a dynamic IP and Intel AMT has a static IP. Starting with Release 7.0, this is an invalid configuration.

0 Kudos
idata
Employee
444 Views

Thanks for answer, Steve.

I also, unfortunately, do not know why I can not disable the DHCP mode in the settings of DQ35MP AMT. In my situation, this MB has become garbage.

Those conditions that you explained I know and I always use both static addresses: in AMT and in OS and always a distinct addresses. Moreover, the system is Linux and I do not care the broader AMT functionality. I must admit that I use AMT mainly for remote machine administration by SOL and accessing subnet is usually preset by provider with a mask of 29 bits.

But I do not understand the AMT settings restriction in addressing from some time (regardless of the board with southbridge DO). I can not give a 29 bits mask but only the full 24 bits. A mask can be narrowed after, by changing the settings over the network, but only up to 28 bits ... to 29 anymore! What is unusual or wrong in a 29 bits mask (255.255.255.248)?

What is source of increasing restrictions?

Regards

Andrzej Odyniec

0 Kudos
Reply