EWC is not sending packets to the mirror L2 port

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I initially had some trouble getting my EWC to talk to my Purview box. That has been resolved, and now my Purview box is receiving flow statistics. However, it's not receiving the actual flow data.

On my controller, I am using esa0 as lag1 which (at present) contains all of my WLAN's. esa1 is defined as a mirror. I have esa1 connected directly to a NIC on my VMWare server, which is then attached via VMWare to my Purview host. Initially I thought this might be related to Purview or the VMWare server.

However - if I ssh' into my controller and run a 'shell', then do a 'tcpdump -i eth1', I am seeing nothing flowing through that NIC.

I have gone over and over my settings on the controller, and just about everywhere I can look I have mirroring "allowed in both directions" and Netflow set to enabled. 

Anyone how an idea on where I can look?

Thanks!!
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
Couple things to check...  Make sure you have both interfaces configured on the Purview box.. do a "ifconfig" and make sure you have the loopback, eth0 and eth1 listed. (sometimes you might need to the command as "ifconfig | more" to see everything), could be you selected a single interface when you installed it?  Check that and let me know...
(Edited)
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
I just ran across this article too... How many cores does the EWC have configured, if 2 or less it looks like things wont work...  https://gtacknowledge.extremenetworks.com/articles/Solution/Netflow-is-not-being-sent-to-the-PurView...
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Bill, yes, I have promisc' set on the VMWare NIC. And my mirror NIC is showing the promisc' flag on the controller in the ifconfig output.

Still seems like doing a tcpdump -i eth1 on the controller should show me something. With it not showing a single packet, that tells me that my mirror is somehow flawed.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Well, I ran a Wireshark capture on that port. Got the same thing ... nothing! :-(
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
Well at least that is good... Now we just have to troubleshoot the C5200 - Have you already started a case on this with TAC? 
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
I hate to ask, but we have the correct port for esa1, correct?

(Edited)
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Yes, my mirror is connected to port "E", esa1 which does show a connection ...

root@EWC.kch.local:~# ethtool eth1Settings for eth1:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 1000Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: pumbg
        Wake-on: d
        Current message level: 0x00000007 (7)
        Link detected: yes


I am going to work on getting a TAC case opened.
(Edited)
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
I opened a TAC case on this today, #01194547. I will let you all know the outcome.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
This was a tough one to get fixed, but with the help of multiple support folks at Extreme, we located and resolved multiple problems. Namely ...

#1 - The management IP on my Wireless Controller was on the same network as my Purview's management interface (eth0). Because I was able to manage my controller from another interface, on a separate network, we opted to move the management interface to an unused subnet and then pulled the plug on that port. We also rebooted, to clear the routes.

#2 - I was looking at the wrong physical NIC on my VMWare server. I had a built-on 4 ports, and 4 more ports on an added NIC. One was numbered right to left, and the other left to right. Nice and confusing. Once I had the right physical port mapped to the VM as my eth1, we were good to go.

Resolved!!
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
Sounds like a nice fun mess :)  Glad you got it sorted out and are up and running.

Thanks for coming back to update the thread!
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
Great to hear... Thank you for letting us know!