Article Content
Article Number | 000033319 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Security Analytics Server / Head Unit RSA Version/Condition: 10.x |
Issue | On a physical appliance the virtual bridge eth9 should be mapped to em3 interface by default. There might be cases where this special bridge is unmapped due to a reimage or a NIC replacement or simply to avoid license ID duplicate conflicts we need to force the mapping manually and persistently. |
Tasks | SSH to the sa server and issue the below command:brctl show Observe your output and compare it with the ones below: bridge name bridge id STP enabled interfaces in the first case eth9 is using em3 as a slave interface for the bridge and in the latter eth9 is completely unmapped. Run the following command for a further investigation about the NICs configured in the system and also compare with the following output: ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN In this configuration em3 is mapped to eth9 and we can observe the same MAC address for both interface that ends with :a3 We can confirm by running brctl show: #brctl show You can also notice that em1 is configured with an ip address, infact it's the interface used for management we are using to connect to the appliance with SSH! Please note make sure to not map eth9 to any em* interface configured as management otherwise you will lose connectivity! |
Resolution | In order to map a different interface to eth9 (in our case we will use em4) we need to remove the previuos interface (em3) from the bridge and then readd the new one back again:brctl delif eth9 em3 if we run brctl show and ip addr we can confirm that the configuration has been applied successfully: brctl show #ip addr Now If we browse into the SA UI under Administration--System-->Info we should be able to see that the Server ID is changed to a new one that ends with :a4 In order to apply this configuration persistently at every boot we need to modify the fneserver init script. We can achieve this by running sed command: sed -i 's/em3/em4/g' /etc/init.d/fneserver If we reboot the machine we can confimr that the Server ID and the Mac address are both stick with the same :a4 |
Notes | Please note that Bond interfaces are supported only if we will leave at least an em* available for eth9 mapping hence licensing purpose. |