cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
837
Views
0
Helpful
18
Replies

WCS 4.1.83.0 alarm dashboard not flagging security issues

jpeterson6
Level 2
Level 2

Hello,

Not sure if the topic title made much sense but basically what is happening is this:

I just finished getting 4.1.83.0 installed on a fresh server with no backup restorations. My 4404 WLC's (x2) are on version 4.1.171.0.

I have been receiving an influx of WPA MIC errors on both controllers, that were previously showing up on the alarm dashboard of WCS (on an older version), but ever since the upgrade, they are not appearing on the dashboard at all.

I have just added the controllers, some alarms are updating (rogue APs for one), and I have also tried refreshing the config through WCS.

I can't seem to find anything on the 4.1 WCS config guide, so if anyone could point me in the right direction it would be appreciated.

As a note: The controllers have both reported these WPA MIC errors since I added the controllers to WCS, but no info was updated on the alarm dashboard.

Thanks,

Jeff

18 Replies 18

jpeterson6
Level 2
Level 2

Nobody has experienced this before or has input?

I've tried looking everywhere, there are no firewall issues as this has been working before the upgrade. No IP addresses have changed, and the server itself seems fine.

WCS is running on RHEL4.0. I ran WCSStatus and everything checks out OK. Are there any logs I should check? Where?

I tried refreshing the configs, rebooting the system twice, restarting the WCS daemon twice.

Anyone else have a suggestion? I really need to get this working.

I'm having similar problems with the dashboard. Mine isn't showing all logged in users. I see all the access points but the number of users on the dashboard are very scarce. I do a query on my location appliance and hundreds of users show but only a hand full on the dashboard.

Is the server dual-homed?

This used to be an issue with WCS. Although the install still asks about nic binding.

There are log settings under administration that allow you to set info, error or trace and then download them locally for viewing.

We no longer see clients since 4.1.171 WCS.

I tried a fresh install vs backup & there was no difference. I use Cacti to pull users/wlan per controller via snmp to get my user count now

Yes I see the logs and I looked through them.. though I have no idea what I'm really looking for as I have no direction in my troubleshooting.

What does the alarm panel use for it's updating? tftp? snmp? ssh/telnet?

Also I don't believe I mentioned it, but both controllers are pointing to WCS as a 'trap receiver'.

I just don't see how an upgrade can suddenly prevent security logs from being updated on the WCS server. I have a feeling it might have to do with Linux itself as we upgraded that as well from RHEL3...

I also did not see any caveats mentioned.. maybe it's time to open a TAC.

Also; All I did to get WCS running once it was installed was add the two controllers, then refresh the config. Was there something else I was supposed to do other than that?

the alarms are pulled from WLC via snmp.

I believe that the WCS polls the WLCs via snmp, the WCS does not necessarily need to be a trap receiver itself, someone please correct me if I am wrong on that.

It is possible that the RHEL upgrade could have affected it. We ran WCS on RHEL 3 for sometime without any issues, even with the 4.0x WCS even though it said that it was not supported on RHEL 3. Since moving to 4.1 on RHEL 4.x, I no longer can see client counts or locations. Perhaps I should roll back to RHEL 3.

Now that you mention it I'm not seeing client counts either! I was so caught up in security alarms not being updated that I didn't even notice.

This is pretty strange considering this is the version of linux that was 'tested' by cisco yet there seem to be compatibility issues..

I'm definitely opening up a TAC on this - i'll let you know what is said about the issue when I get more information.

Under WCS | location | Location servers| location server|Administration|Advanced Parameters>location server

I did the following:

Run Java GC

Defragment Database

reboot hardware

This brought back the client clount for a little bit, but now it no longer sees clients, even though there are 7+ 7920 phones active at the moment and my laptop as well.

Ok, I went thru the same steps as above, this time, though, I would check the status after each time. The client count came back only after the reboot.

So far, so good. 3 days with no loss of info

I'm sorry, I misunderstood what you meant regarding clients - I'm not actually running a location server. What I mean is that when I go to monitor->clients it lists the top 5 APs in use but the client count for a/b/g/n is 0 on all 5, even though there are clients associated.

I meant that as well. My location appliance shows all the clients. But the dashboard and the Monitor/Network Summary main page do not display the clients that are associated/authenticated.

Have you defragged the location server db? rebooted?

I am able to see clients in WCS just fine now.

eric,

As I said, I do not run a location server, so that is not the issue.

jkennedy,

I ran a tcpdump for the traffic between the WCS and the controllers, and there are a large amount of errors stating: "host [WCS IP] unreachable - admin prohibited for IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 17, length: 129) [controller IP].32771 > [WCS IP].syslog.

Are you getting these as well? I'm wondering if that may have something to do with the client tables not updating.

Also as a side- I did manage to get the security alarms working. Turns out my snmpd and snmp-trap daemons were not starting on boot for the linux server.

the proto 17 is udp. Do you have ACLs blocking udp? Are you allowing snmp & snmp traps through iptables on your linux box?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: