- Preface
- Chapter 1: Cisco NCS Overview
- Chapter 2: Getting Started
- Chapter 3: Configuring Security Solutions
- Chapter 4: Performing Maintenance Operations
- Chapter 5: Monitoring Devices
- Chapter 6: Monitoring Maps
- Chapter 7: Managing NCS User Accounts
- Chapter 8: Configuring Mobility Groups
- Chapter 9: Configuring Devices
- Chapter 10: Managing Clients
- Chapter 11: Using Templates
- Chapter 12: Configuring FlexConnect
- Chapter 13: Alarm and Event Dictionary
- Chapter 14: Reports
- Chapter 15: Performing Administrative Tasks
- Chapter 16: NCS Services
- Chapter 17: Tools
- Chapter 18: wIPS Policy Alarm Encyclopedia
- Appendix A: Troubleshooting and Best Practices
- Appendix B: NCS and End-User Licenses
- Appendix C: Cisco NCS Server Hardening
- Appendix D: Certificate Signing Request (CSR) Generation for a Third-Party Certificate on a Cisco Prime Network Control System (NCS)
- Index
Troubleshooting and Best Practices
This appendix identifies and explains any additional troubleshooting or best practices you might find necessary as you implement a particular function.
This appendix includes the following sections:
•Troubleshooting Cisco Compatible Extensions Version 5 Client Devices
•Troubleshooting RAID Card Configuration
Troubleshooting Cisco Compatible Extensions Version 5 Client Devices
Two features are designed to troubleshoot communication problems with Cisco Compatible Extension clients: diagnostic channel and client reporting.
Note These features are supported only on Cisco Compatible Extensions Version 5 Client Devices. They are not support for use with non-Cisco Compatible Extensions Version 5 Client Devices or with clients running an earlier version.
Diagnostic Channel
The diagnostic channel feature enables you to troubleshoot problems regarding client communication with a WLAN. When initiated by a client having difficulties, the diagnostic channel is a WLAN configured to provide the most robust communication methods with the fewest obstacles to communication placed in the path of the client. The client and access points can be put through a defined set of tests in an attempt to identify the cause of communication difficulties experienced by the client.
Note Only one WLAN per controller can have the diagnostic channel enabled, and all of the security on this WLAN is disabled.
Configuring the Diagnostic Channel
Follow these steps to configure the diagnostic channel:
Step 1 Choose Configure > Controllers.
Step 2 Click an IP address to choose a specific controller.
Step 3 Choose WLANs> WLAN Configuration from the left sidebar menu.
Step 4 Choose Add a WLAN from the Select a command drop-down list to create a new or click the profile name of an existing.
Note We recommend that you create a new WLAN on which to run the diagnostic tests.
Step 5 When the WLANs page appears, click the Advanced tab (see Figure A-1).
Figure A-1 WLANs Advanced Tab
Step 6 If you want to enable diagnostic channel troubleshooting on this WLAN, select the Diagnostic Channel check box. Otherwise, leave this check box unselected, which is the default value.
Step 7 Click Save to commit your changes.
Web Auth Security on WLANs
This section describes the troubleshooting and best practices procedures that are useful when implementing web auth security on WLANs.
Web-auth is a Layer 3 security feature which allows web-based authentication to users on a WLAN. It is used mainly in guest networking scenarios, although not restricted to that usage.
When a WLAN is configured with web-auth security, you are redirected to the login page after passing Layer 2 authentications (static WEP, WPA+PSK, MAC filtering, and so on). The login page is stored on the local device or an external web server, and the page can be modified to allow a customized logo, title, and so on.
After the WLAN is configured with a web-auth WLAN, the HTTP get request is sent by the wireless client to the requested website. The controller firewall allows the DNS resolution of the specified URL. After the resolution, the controller interrupts the HTTP packets from the wireless client and redirects to the login page. When the credentials are entered on the login page and submitted, they are authenticated against the local database. If the user is not found in the local database, the configured RADIUS servers are contacted.
Note PAP and CHAP authentication are used between the client and authentication agent. Make sure your RADIUS server supports both of these protocols so web-auth login is allowed.
Upon successful authentication, you are allowed to pass traffic. After three unsuccessful authentication attempts, the client is excluded. This excluded client cannot associate until the exclusion timeout limit is surpassed. The exclusion timeout limit is configured with aggressive load balancing, which actively balances the load between the mobile clients and their associated access points.
Web-auth WLAN is also configured with a pre-authentication access control list (ACL). This ACL is configured the same as a normal ACL but permits access to resources that the client needs prior to authentication. An administrator must use the interface section to apply an ACL to the client after authentication.
A web-auth WLAN can be configured with a session timeout value. This value defines the time the client needs to re-authenticate with the device. If the value is set to zero, which means infinity, the client never re-authenticates unless the logged out option is used. You can access the logout URL at http://<VirtualIP>/logout.html.
Note Disable all pop-up blockers on the client to see the logout page.
Web-auth can be configured in different modes under Layer 3 security. The most commonly used modes of web-auth are as follows:
•Internal Web—Redirection to an internal page using http://<virtual IP /DNS name >/login.html. Customization is available.
•External Web—Redirection to an external URL.
Debug Commands
The following debug commands are allowed:
debug client <client-mac-address>
debug pm ssh-tcp enable
debug pm ssh-appgw enable
debug pm rules enable
debug pm config enable
show client detail <client-mac-address>
debug pem event enable
Debug Strategy
Use the following strategy for web-auth configured on a WLAN without guest tunneling:
Step 1 Identify a mobile client to work with and write down its wireless MAC address. Use the command prompt > ipconfig /all for all MS Windows-based systems.
Step 2 Disable the radio of the mobile client.
Step 3 Enter the following debug commands via a serial console set for high speed (115200) or SSH session to the management port of the controller:
debug client <client-mac-address>
debug pm ssh-tcp enable
debug pm ssh-appgw enable
debug pm rules enable
debug pm config enable
show client detail <client-mac-address>
debug pem event enable
debug pem state enable
Step 4 Enable the radio and let the client associate. After the client is associated, enter the show client detail client-mac-address command.
$Router1> show client detail 00:0b:85:09:96:10
Client Username ................................. N/A
AP MAC Address................................... 00:0b:85:09:96:10
Client State..................................... Associated
Wireless LAN Id.................................. 1
BSSID............................................ 00:0b:85:09:96:1f
Channel.......................................... 11
IP Address....................................... 10.50.234.3
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 0
Status Code...................................... 0
Session Timeout.................................. 0
Client CCX version............................... 3
Mirroring........................................ Disabled
QoS Level........................................ Silver
Diff Serv Code Point (DSCP)...................... disabled
802.1P Priority Tag.............................. disabled
WMM Support...................................... Disabled
Mobility State................................... Local
Internal Mobility State.......................... apfMsMmInitial
Mobility Move Count.............................. 0
--More-- or (q)uit
Security Policy Completed........................ No
Policy Manager State............................. WEBAUTH_REQD ========**
Policy Manager Rule Created...................... Yes
NPU Fast Fast Notified........................... Yes
Last Policy Manager State........................ WEBAUTH_REQD
Client Entry Create Time......................... 67733 seconds
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
Interface........................................ management
VLAN............................................. 0
Client Capabilities:
CF Pollable................................ Not implemented
CF Poll Request............................ Not implemented
Short Preamble............................. Implemented
PBCC....................................... Not implemented
Channel Agility............................ Not implemented
Listen Interval............................ 0
Client Statistics:
Number of Bytes Received................... 188595
Number of Bytes Sent....................... 19229
Number of Packets Received................. 3074
--More-- or (q)uit
Number of Packets Sent..................... 76
Number of Policy Errors.................... 0
Radio Signal Strength Indicator............ -41 dBm
Signal to Noise Ratio...................... 59 dB
Nearby AP Statistics:
TxExcessiveRetries: 0
TxRetries: 0
RtsSuccessCnt: 0
RtsFailCnt: 0
TxFiltered: 0
TxRateProfile: [0,0,0,0,0,0,0,0,0,0,0,0]
ap:09:96:10(slot 1) .......................
antenna0: 48 seconds ago -45 dBm................. antenna1: 123 seconds ago -128 dBm
Step 5 Make sure the pemstate of the client is WEBAUTH_REQD. Open the browser page on the client and look for the following messages:
Wed Mar 7 17:59:15 2007: ************* sshpmAddWebRedirectRules: POLICY SEMAPHORE LOCKED *************
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: mobile station addr is 10.50.234.3
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: RuleID for ms 10.50.234.3 is 44
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: using HTTP-S for web auth (addr: 10.50.234.15).
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: inbound local http rule created for ms 10.50.234.3 local 1.1.1.1.
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: inbound http redirect rule created.
Wed Mar 7 17:59:15 2007: sshpmRuleIndexInsert: adding rule for RuleID 44
Wed Mar 7 17:59:15 2007: sshpmRuleIndexInsert: computed raw hash index 02ad3271 for rule id 0000002c
Wed Mar 7 17:59:15 2007: sshpmRuleIndexInsert: computed adjusted index 00000c32 for rule id 0000002c
Wed Mar 7 17:59:15 2007: sshpmAddWebRedirectRules: committing rules for ms 10.50.234.3
Wed Mar 7 17:59:15 2007: ************* sshpmPolicyCommitCallback: POLICY SEMAPHORE UNLOCKED - [unconditionally] ************
Wed Mar 7 17:59:15 2007: sshpmPolicyCommitCallback: called; ContextPtr: 0x2c; Success: 1
Wed Mar 7 17:59:15 2007: ************* sshpmPolicyCommitCallback: POLICY SEMAPHORE UNLOCKED - [unconditionally] ************
Wed Mar 7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1234/ssh_pm_appgw_request: New application gateway request for `alg-http@ssh.com': 10.50.234.3.1153 > 10.50.234.1.80 (nat: 10.50.234.1.80) tcp ft=0x00000000 tt=0x00000000
Wed Mar 7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1239/ssh_pm_appgw_request: Packet attributes: trigger_rule=0x4ecb, tunnel_id=0x0, trd_index=0xddffffff, prev_trd_index=0xddffffff
Wed Mar 7 18:02:32 2007: SshPmAppgw/pm_appgw.c:1240/ssh_pm_appgw_request: Packet:
Wed Mar 7 18:02:32 2007: 00000000: 4500 0030 0308 4000 8006 0f57 0a32 ea03 E..0..@....W.2..
Wed Mar 7 18:02:32 2007: 00000010: 0a32 ea01 0481 0050 2f42 e3a4 0000 0000 .2.....P/B......
Wed Mar 7 18:02:32 2007: 00000020: 7002 4000 42fe 0000 0204 05b4 0101 0402 p.@.B...........
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:403/ssh_pm_st_appgw_start: Calling redirection callback
Wed Mar 7 18:02:32 2007: SshPmAppgw/pm_appgw.c:155/ssh_appgw_redirect: Application gateway redirect: 10.50.234.1.80 -> 10.50.234.1.80
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:445/ssh_pm_st_appgw_mappings: Creating application gateway mappings: 10.50.234.3.1153 > 10.50.234.1.80 (10.50.234.1.80)
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:102/ssh_pm_appgw_mappings_cb: appgw connection cached: init flow_index=5967 resp flow_index=5964 event_cnt=718
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:493/ssh_pm_st_appgw_mappings_done: NAT on initiator side
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:583/ssh_pm_st_appgw_tcp_responder_stream_done: ssh_pm_st_appgw_tcp_responder_stream_done: conn->context.responder_stream=0x0
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:624/ssh_pm_st_appgw_tcp_responder_stream_done: Opening initiator stream 10.50.234.1:61611 > 10.76.108.121:2024
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:154/ssh_pm_appgw_i_flow_enabled: Initiator flow mode has now been set.
Wed Mar 7 18:02:32 2007: SshPmAppgw/pm_appgw.c:507/ssh_appgw_tcp_listener_callback: New initiator stream: src=10.50.234.1:61611, dst=10.76.108.121:2024
Wed Mar 7 18:02:32 2007: SshPmStAppgw/pm_st_appgw.c:646/ssh_pm_st_appgw_tcp_open_initiator_stream: Initiator stream opened
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:531/ssh_appgw_http_conn_cb: New TCP HTTP connection 10.50.234.3.1153 > 10.50.234.1.80
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:535/ssh_appgw_http_conn_cb: Responder sees initiator as `10.50.234.15.1153'
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:539/ssh_appgw_http_conn_cb: Initiator sees responder as `10.50.234.1.80'
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:32 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read -1 bytes (offset 0 data 0)
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:32 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:132/ssh_appgw_http_st_wait_input: appgw_http.c.132: io->src is NULL
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read -1 bytes (offset 0 data 0)
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:32 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read -1 bytes (offset 0 data 0)
Wed Mar 7 18:02:32 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:32 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:36 2007: SshAppgwHttp/appgw_http.c:132/ssh_appgw_http_st_wait_input: appgw_http.c.132: io->src is NULL
Wed Mar 7 18:02:36 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read -1 bytes (offset 0 data 0)
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (i) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read 283 bytes (offset 0 data 0)
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 283 bytes:
Wed Mar 7 18:02:41 2007: 00000000: 4745 5420 2f20 4854 5450 2f31 2e31 0d0a GET / HTTP/1.1..
Wed Mar 7 18:02:41 2007: 00000010: 4163 6365 7074 3a20 696d 6167 652f 6769 Accept: image/gi
Wed Mar 7 18:02:41 2007: 00000020: 662c 2069 6d61 6765 2f78 2d78 6269 746d f, image/x-xbitm
Wed Mar 7 18:02:41 2007: 00000030: 6170 2c20 696d 6167 652f 6a70 6567 2c20 ap, image/jpeg,
Wed Mar 7 18:02:41 2007: 00000040: 696d 6167 652f 706a 7065 672c 2061 7070 image/pjpeg, app
Wed Mar 7 18:02:41 2007: 00000050: 6c69 6361 7469 6f6e 2f78 2d73 686f 636b lication/x-shock
Wed Mar 7 18:02:41 2007: 00000060: 7761 7665 2d66 6c61 7368 2c20 2a2f 2a0d wave-flash, */*.
Wed Mar 7 18:02:41 2007: 00000070: 0a41 6363 6570 742d 4c61 6e67 7561 6765 .Accept-Language
Wed Mar 7 18:02:41 2007: 00000080: 3a20 656e 2d75 730d 0a41 6363 6570 742d : en-us..Accept-
Wed Mar 7 18:02:41 2007: 00000090: 456e 636f 6469 6e67 3a20 677a 6970 2c20 Encoding: gzip,
Wed Mar 7 18:02:41 2007: 000000a0: 6465 666c 6174 650d 0a55 7365 722d 4167 deflate..User-Ag
Wed Mar 7 18:02:41 2007: 000000b0: 656e 743a 204d 6f7a 696c 6c61 2f34 2e30 ent: Mozilla/4.0
Wed Mar 7 18:02:41 2007: 000000c0: 2028 636f 6d70 6174 6962 6c65 3b20 4d53 (compatible; MS
Wed Mar 7 18:02:41 2007: 000000d0: 4945 2036 2e30 3b20 5769 6e64 6f77 7320 IE 6.0; Windows
Wed Mar 7 18:02:41 2007: 000000e0: 4e54 2035 2e31 3b20 5356 3129 0d0a 486f NT 5.1; SV1)..Ho
Wed Mar 7 18:02:41 2007: 000000f0: 7374 3a20 3130 2e35 302e 3233 342e 310d st: 10.50.234.1.
Wed Mar 7 18:02:41 2007: 00000100: 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565 .Connection: Kee
Wed Mar 7 18:02:41 2007: 00000110: 702d 416c 6976 650d 0a0d 0a p-Alive....
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:985/ssh_appgw_parse_request_line: parsing request line GET / HTTP/1.1
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1018/ssh_appgw_parse_request_line: internal http version 3
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1155/ssh_appgw_add_method: caching method 2 for reply 0
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1604/ssh_appgw_check_msg: examining request using service id 34
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:594/ssh_appgw_http_get_dst_host: destination host: 10.50.234.1
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1474/ssh_appgw_inject_reply: injecting 404 reply as msg 0
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:284/ssh_appgw_http_st_write_data: entering state st_write_data
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (i) reading_hdr 1 nmsgs 1
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:136/ssh_appgw_http_st_wait_input: read -1 bytes (offset 0 data 0)
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (r) reading_hdr 1 nmsgs 0
Wed Mar 7 18:02:41 2007: SshAppgwHttpState/appgw_http_state.c:1851/ssh_appgw_http_is_inject: next inject is msg# 0 current msg# 0
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:207/ssh_appgw_http_st_inject: entering state st_inject (r): msgs 0
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:259/ssh_appgw_http_st_inject: closing connection after inject
Wed Mar 7 18:02:41 2007: SshAppgwHttp/appgw_http.c:400/ssh_appgw_http_st_terminate: entering state st_terminate (r): teardown 0 terminate i: 1 r: 1
Wed Mar 7 18:02:45 2007: SshAppgwHttp/appgw_http.c:99/ssh_appgw_http_st_wait_input: entering state st_wait_input: (i) reading_hdr 1 nmsgs 1
Wed Mar 7 18:02:45 2007: SshAppgwHttpState/appgw_http_state.c:2077/ssh_appgw_http_handle_state: handling: 0 bytes:
Wed Mar 7 18:02:45 2007: SshAppgwHttp/appgw_http.c:400/ssh_appgw_http_st_terminate: entering state st_terminate (i): teardown 0 terminate i: 1 r: 1
Wed Mar 7 18:02:45 2007: SshAppgwHttp/appgw_http.c:732/ssh_appgw_http_connection_terminate: service HTTP-REDIR: TCP HTTP connection 10.50.234.3.1153 > 10.50.234.1.80 terminated
Wed Mar 7 18:02:45 2007: SshPmStAppgw/pm_st_appgw.c:1094/ssh_pm_st_appgw_terminate: terminating appgw instance
Step 6 If you do not see the HTTP GET message, the HTTP packet has not reached the controller. After the client completes the redirection, enter your login and submit it.
Step 7 Look at the entry of the client in NPUdevshell hapiMmcDebugScbInfoShow (`client mac address'). If the PEM state is not moved from WEBAUTH_REQD to RUN, a credential problem exists. Check the credentials in the local or RADIUS database (where ever they were configured).
Step 8 When the RUN state appears on the client, perform a check from the client to the gateway and see if traffic is being passed.
RF Heatmap Analysis
Scenario: You see some inconsistent heat maps for access points. One part of the access point shows strong heat maps, whereas the other part shows weak heat maps.
Figure A-2 RF Heatmap Analysis
Analysis: This might happen when you get the RSSI values of the neighboring access point for one part and not for the other part. Using just one side of the RSSI value to predict the heat map is not suggested, as there can be a thick wall or wired housing which might lead to incorrect heat maps.
Scenario: You are unable to view the dynamic heat map correctly.
Analysis: In case you are unable to view the dynamic heat map correctly, check the following:
•Neighbor AP RSSI values if they are same from both controller and Prime Infrastructure.
•Wait for 20 minutes for the heat maps to refresh with most latest dynamic heat map data.
•Check AP Positions.
Best Practices
If the client is not redirected to the login page and you want to avoid DNS resolution in the network, enter http://controller-mgmt-ip. If a redirection occur, the issue is not network related.
Enter config network web-auth-port Port to define the ports on the controller other than the standard HTTP port (80). The controller does not interrupt secure HTTP or HTTPS (443) even if the port is configured for interrupt.
Troubleshooting RAID Card Configuration
Scenario:
Due to accidental power interruption, the information about the RAID card configuration that is stored in the NVRAM (non-volatile RAM) gets corrupted or erased. When the configuration information is lost, the RAID card fails to boot in the normal mode. However, the RAID card backs up the configuration information on the hard drives. Though the RAID card recognizes the backup configuration stored on the hard drive, it does not load the configuration information as the default configuration without manual intervention.
Analysis:
When the system tries to boot, the RAID firmware returns an error message that the information about the previous configuration is lost and you need to press C to load the configuration utility. The error message appears on the serial console and the bootup does not proceed without your input.
You must perform the following steps:
Step 1 On the serial console, press C to load the RAID management tool. Figure A-3 shows the RAID management tool interface. The RAID firmware indicates that a foreign configuration is available. The foreign configuration is the RAID card configuration that was backed up on the hard drive. But, the RAID firmware does not load this configuration information automatically.
Figure A-3 RAID Management Tool Prompt
Step 2 In the RAID management tool, type the following command:
-CfgForeign -Import -a0
Step 3 Reboot the server.