cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
598
Views
0
Helpful
6
Replies

Wierd Control NIC Problem on 4230

rcrowe
Level 1
Level 1

I have a 4230. It was working fine but when I issued the shutdown command, sometimes the box wouldnt come up or if it did it had disk corruption and I would have to re-image/recover with the CD. This was due to the following bug: http://www.cisco.com/warp/customer/770/fn15269.shtml I re-imaged the sensor and thought that everything was fine. Say the IP Address for my control NIC is 192.168.1.28. I reboot the sensor and do a 'ping 192.168.1.28 -t' when the sensor comes to the 'Initializing system....' I start getting a response. But right about when the login prompt comes up I stop getting responses from the NIC. This happens everytime. I have tried changing to a different IP Address and have check the default route and subnet mask and everything is fine. The switch port that the control NIC is on shows a link at 100full and the link light on the sensor NIC shows link. If I do a 'ifconfig -a' I see the interface as UP.

6 Replies 6

rwassom
Level 1
Level 1

Do you have a keyboard and monitor attached to the system when you are seeing this problem? We have seen issues where some keyboards and monitors will lock up the system during initialization (a field notice is forthcoming). If this is the case, try connecting to the sensor with a laptop or a different keyboard and monitor to see if that fixes the problem. Or, since the system is already configured, you can boot headless and telnet into the sensor once it finishes booting.

Which brings up some other questions. How long did the sensor run before you started seeing this boot issue? Did it start happening when you rebooted the sensor after running 'sysconfig-sensor' the first time? What was the last change you made (that prompted a reboot)?

yes it did happen the first time after I ran 'sysconfig-sensor'. No there is no keyboard or monitor attached. I had a laptop connected to the unit. What happend was I ran into the hard disk corruption bug mentioned above, which rendered the unit un-bootable. So i unracked the unit and brang it to my desk. I then recovered/restored the sensor. I ran 'sysconfig-sensor', set up all the info and then rebooted it. After it rebooted and I verified that all the information recorded and saved right, I then re-racked the unit. After I re-racked it, I noticed that I could only ping the host while it was booting up, after it reached the login prompt, it dropped off the network. And yes the ip addresses that I tried from are in the 'allowed' access-list. I should be able to still ping the unit, even if the ip's where not in the access-list.

This is definitely strange. The fact that you can ping the box while it is booting indicates that the hardware is probably functioning properly. It sounds like part of the configuration is being overwritten. Have you tested connectivity out of the box? Also, look at the results of 'netstat -nr' to see if anything looks out of the ordinary.

If you would like to take this discussion offline, please e-mail me at rwassom@cisco.com

kleem
Cisco Employee
Cisco Employee

Is the host you are pinging from in the host access list? Run sysconfig-sensor as root and select option 5 to view/modify the list.

chstone
Level 1
Level 1

On the sensor go to /etc and make sure you have a file called "hostname.iprb0". This should have the sensor hostname in it, which will reference the hostname and ip address in the /etc/hosts file.

I have seen fsck issue where this file has magically disappeared. Anyway, if the "hostname.iprb0" file is not there, then just add it and you should be o.k.

chris

yes that file is there. also i re-ran sysconfig-sensor a couple of times trying different things like: changing the sensors ip address, sensors name, its ID and through all the changes the symptoms stayed the same. If I do a 'snoop -d spwr0' which is the monitoring interface i see all the traffic that im suppose to see. If i do a 'snoop -d iprb0' which is the control interface all i see is SYN's for everything and ARP requests. NRCONNS shows SYS SENT not recieved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: