Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WCS 4.1.83.0 alarm dashboard not flagging security issues

Hello,

Not sure if the topic title made much sense but basically what is happening is this:

I just finished getting 4.1.83.0 installed on a fresh server with no backup restorations. My 4404 WLC's (x2) are on version 4.1.171.0.

I have been receiving an influx of WPA MIC errors on both controllers, that were previously showing up on the alarm dashboard of WCS (on an older version), but ever since the upgrade, they are not appearing on the dashboard at all.

I have just added the controllers, some alarms are updating (rogue APs for one), and I have also tried refreshing the config through WCS.

I can't seem to find anything on the 4.1 WCS config guide, so if anyone could point me in the right direction it would be appreciated.

As a note: The controllers have both reported these WPA MIC errors since I added the controllers to WCS, but no info was updated on the alarm dashboard.

Thanks,

Jeff

18 REPLIES
Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Nobody has experienced this before or has input?

I've tried looking everywhere, there are no firewall issues as this has been working before the upgrade. No IP addresses have changed, and the server itself seems fine.

WCS is running on RHEL4.0. I ran WCSStatus and everything checks out OK. Are there any logs I should check? Where?

I tried refreshing the configs, rebooting the system twice, restarting the WCS daemon twice.

Anyone else have a suggestion? I really need to get this working.

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

I'm having similar problems with the dashboard. Mine isn't showing all logged in users. I see all the access points but the number of users on the dashboard are very scarce. I do a query on my location appliance and hundreds of users show but only a hand full on the dashboard.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Is the server dual-homed?

This used to be an issue with WCS. Although the install still asks about nic binding.

There are log settings under administration that allow you to set info, error or trace and then download them locally for viewing.

We no longer see clients since 4.1.171 WCS.

I tried a fresh install vs backup & there was no difference. I use Cacti to pull users/wlan per controller via snmp to get my user count now

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Yes I see the logs and I looked through them.. though I have no idea what I'm really looking for as I have no direction in my troubleshooting.

What does the alarm panel use for it's updating? tftp? snmp? ssh/telnet?

Also I don't believe I mentioned it, but both controllers are pointing to WCS as a 'trap receiver'.

I just don't see how an upgrade can suddenly prevent security logs from being updated on the WCS server. I have a feeling it might have to do with Linux itself as we upgraded that as well from RHEL3...

I also did not see any caveats mentioned.. maybe it's time to open a TAC.

Also; All I did to get WCS running once it was installed was add the two controllers, then refresh the config. Was there something else I was supposed to do other than that?

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

the alarms are pulled from WLC via snmp.

I believe that the WCS polls the WLCs via snmp, the WCS does not necessarily need to be a trap receiver itself, someone please correct me if I am wrong on that.

It is possible that the RHEL upgrade could have affected it. We ran WCS on RHEL 3 for sometime without any issues, even with the 4.0x WCS even though it said that it was not supported on RHEL 3. Since moving to 4.1 on RHEL 4.x, I no longer can see client counts or locations. Perhaps I should roll back to RHEL 3.

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Now that you mention it I'm not seeing client counts either! I was so caught up in security alarms not being updated that I didn't even notice.

This is pretty strange considering this is the version of linux that was 'tested' by cisco yet there seem to be compatibility issues..

I'm definitely opening up a TAC on this - i'll let you know what is said about the issue when I get more information.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Under WCS | location | Location servers| location server|Administration|Advanced Parameters>location server

I did the following:

Run Java GC

Defragment Database

reboot hardware

This brought back the client clount for a little bit, but now it no longer sees clients, even though there are 7+ 7920 phones active at the moment and my laptop as well.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Ok, I went thru the same steps as above, this time, though, I would check the status after each time. The client count came back only after the reboot.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

So far, so good. 3 days with no loss of info

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

I'm sorry, I misunderstood what you meant regarding clients - I'm not actually running a location server. What I mean is that when I go to monitor->clients it lists the top 5 APs in use but the client count for a/b/g/n is 0 on all 5, even though there are clients associated.

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

I meant that as well. My location appliance shows all the clients. But the dashboard and the Monitor/Network Summary main page do not display the clients that are associated/authenticated.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Have you defragged the location server db? rebooted?

I am able to see clients in WCS just fine now.

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

eric,

As I said, I do not run a location server, so that is not the issue.

jkennedy,

I ran a tcpdump for the traffic between the WCS and the controllers, and there are a large amount of errors stating: "host [WCS IP] unreachable - admin prohibited for IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 17, length: 129) [controller IP].32771 > [WCS IP].syslog.

Are you getting these as well? I'm wondering if that may have something to do with the client tables not updating.

Also as a side- I did manage to get the security alarms working. Turns out my snmpd and snmp-trap daemons were not starting on boot for the linux server.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

the proto 17 is udp. Do you have ACLs blocking udp? Are you allowing snmp & snmp traps through iptables on your linux box?

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Good to know that proto 17 is udp - yes we do have an ACL that isn't allowing port 32771 (rather, it's just not explicitly permitted).

I just wanted to know if he was getting the same message that could be related to the client count issue - but after looking closer it seems pretty obvious that it's coming from the fact that I have the controllers pointing the syslog to the WCS, which I hear isn't necessary anyway, so i'll probably just shut that off.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

Lwapp uses the following ports:

Port: 12222 (UDP) data; 12223 (UDP) control.

Are you running the controllers in L2 or L3 mode?

Community Member

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

L3 mode, but LWAPP isn't being blocked. WCS server is on the same subnet as the management interface on both controllers.

Re: WCS 4.1.83.0 alarm dashboard not flagging security issues

But what about iptables? are you blocking snmp/snmp-trap via iptables?

269
Views
0
Helpful
18
Replies
CreatePlease to create content