BMC/IMPI security

[t m]

I've been experimenting with the BMC on my SC1435 which shares the
local network interface with the server, and I'm wondering about
security.

My testing is only preliminary, but it appears that while the BMC is
on a particular vlan, the local server doesn't seem to be able to
transmit frames on that same VLAN to the network.  If this is
accurate, then the BMC would be masking the managment VLAN away from
the server.  Additionally, I haven't been able to use ipmitool on the
local machine's command line to reconfigure the BMC's VLAN.  Here's
what I get after several seconds:

[root at test ~]# ipmitool lan set 1 vlan id off
LAN Parameter Data does not match!  Write may have failed.

If this behavior is actually intended, then this is exactly what I'm
after as it provides a mechanism to properly segregate my management
network from my production network for the BMC and server interfaces,
respectively.  However, I can't seem to find anything in Dell's
PowerEdge documentation detailing how this aspect of the BMC should
work, so I'm not sure if I should rely on this from a security
perspective.  I'm ultimately trying to avoid a scenario where a
compromised server could break into the management network.  I care
less if the server reconfigures the local BMC, but I definitely want
to keep a compromised machine from accessing other BMCs or a
management server.

Are there any knowledgeable folks out there who know if this behavior
is by design?

Thanks,
Tom