000013053 - App 3.0 - AMX - how to cut over from eth0 to eth1 if the NIC eth0 dies

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013053
Applies Toneed to cut over to a working nic
need to cut over to eth1
Appliance 3.0
Authentication Manager Express
AMX
Issueneed to use eth1 (second nic)
need to cut over to a working nic while awaiting RMA
use different nic on appliance
nic problems eth0
hardware failure on the nic
Resolution

 The real fix for this problem is to RMA the non-working appliance, however, it is fairly easy to swap over to the currently unused eth1 from eth0,

as a temporary measure, to keep the appliance in production while awaiting RMA.

Short summary :

a) flip the roles of the /etc/sysconfig/network-scripts ifcfg-eth0 file and ifcfg-eth1 file,

b) and adjust the routing table [if needed], to eth1 with the /sbin/route command. 

Detailed steps:

1) establish access to the appliance with a direct keyboard and monitor

2) login as emcsrv

3) become root user with 'sudo su' and emcsrv password

4) become user rsaadmin with 'sudo su rsaadmin'

5) shut down rsa services cleanly with ./rsaam stop all (appliance 3.0), or ./rsaserv stop all (AMX)

6) 'exit' to become root user

7) go to /etc/sysconfig/network-scripts directory

8) make backup copies of ifcfg-eth0 file andifcfg-eth1

     a) cp ifcfg-eth0 bak-ifcfg-eth0

     b) cp ifcfg-eth1 bak-ifcfg-eth1

NOTE: the backup files cannot begin with 'ifcfg'

If the system boots and sees any files named 'ifcfg...' it will try to load them.

So here we name the backups 'bak-ifcfg' instead of 'ifcfg-bak...' to prevent problems later

9) get the MAC addresses of each interface

     a) cat ifcfg-eth0

     make note of the mac address

     b) cat ifcfg-eth1

     make note of the mac address

10) flip the files and make eth1 the active interface

     a) rm ifcfg-eth0

     b) rm ifcfg-eth1

     c) cp bak-ifcfg-eth0 ifcfg-eth1

     d) cp bak-ifcfg-eth1 ifcfg-eth0

     e) now edit file ifcfg-eth0 and change the first line to say eth0 (it will say eth1)

     f) and also change the mac address in here to be eth0 mac address (should only be the last octet needing change)

     g) now edit file ifcfg-eth1 and change the first line to say eth1 (it will say eth0)

     h) and also change the mac address in here to be eth1 mac address (should only be the last octet needing change)

11) reboot

     a) /sbin/shutdown -r now

     b) also, now move the network cable to eth1

12) Chances are that now, you are finished.

But you still need to check the network and routing table to make sure everything is set to use eth1.

Once the server is started up, and you can login with direct keyboard, log back in and become root user (steps 1-3 again)

13) go to /sbin directory

14) dump out the routing table to check it

     ./route

15) you'll see something like this. Your IP's and masks will be unique to your installation.

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.101.96.0     *               255.255.240.0   U     0      0        0 eth0

169.254.0.0     *               255.255.0.0     U     0      0        0 eth0

default         10.101.96.1     0.0.0.0         UG    0      0        0 eth0

 

16) now,if any of the routes above say eth1, you don't need to touch it.  If they all say eth1 you are finshed.

But for example,

     any routes that show eth0, you need to delete that route, then once they are deleted, add them back, but bind them to eth1

17) delete: (only if needed, check step 15 output)

./route del default

./route del -net 10.101.96.0 netmask 255.255.240.0 eth0

./route del -net 169.254.0.0 netmask 255.255.0.0 eth0

 

18) create the new routes (if needed, re-check step 15 output)

 

     a) add in the new routes (same routes, just different interface) 

 

./route add -net 10.101.96.0 netmask 255.255.240.0 eth1

 

./route add -net 169.254.0.0 netmask 255.255.0.0 eth 1      

NOTE: I didn't need to do this one...169 automatically found eth1 after the reboot,

so by checking item (15) output...verify what is really needed

 

     b) finally, add the default gateway

./route add default gateway 10.101.96.1 netmask 0.0.0.0 eth1

 

and in a few seconds after adding the default gateway, eth1 should become active and all network

activity should start to work again. check replication and the web interfaces.

Legacy Article IDa56516

Attachments

    Outcomes