000033319 - How to change the Server ID / MAC address persistently on an RSA Security Analytics server appliance

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Jul 4, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033319
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server / Head Unit
RSA Version/Condition: 10.x
IssueOn a physical appliance the virtual bridge eth9 should be mapped to em3 interface by default.
There might be cases where this special bridge is unmapped due to a reimage or a NIC replacement or simply to avoid license ID duplicate conflicts we need to force the mapping manually and persistently.
 
TasksSSH to the sa server and issue the below command:
 
brctl show

Observe your output and compare it with the ones below:
 
bridge name     bridge id               STP enabled     interfaces
eth9            8000.c81f66dc55a4       no              em3
eth9            8000.c81f66dc55a4       no

in the first case eth9 is using em3 as a slave interface for the bridge and in the latter eth9 is completely unmapped.
Run the following command for a further investigation about the NICs configured in the system and also compare with the following output:
 
ip addr

 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether c8:1f:66:xx:xx:a1 brd ff:ff:ff:ff:ff:ff
    inet 10.xx.xx.xx/xx brd 10.xx.xx.xx scope global em1
    inet6 fe80::xxxx:66ff:xxxx:55a1/64 scope link
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether c8:1f:66:xx:xx:a2 brd ff:ff:ff:ff:ff:ff
4: em3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether c8:1f:66:xx:xx:a3 brd ff:ff:ff:ff:ff:ff
5: em4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000
    link/ether c8:1f:66:xx:xx:a4 brd ff:ff:ff:ff:ff:ff
6: eth9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether c8:1f:66:xx:xx:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ca1f:66ff:xxxx:xxa3/64 scope link
       valid_lft forever preferred_lft forever

In this configuration em3 is mapped to eth9 and we can observe the same MAC address for both interface that ends with :a3 
We can confirm by running brctl show:
#brctl show
bridge name bridge id STP enabled interfaces
eth9            8000.c81f66dc55a4       no              em3

You can also notice that em1 is configured with an ip address, infact it's the interface used for management we are using to connect to the appliance with SSH!
Please note make sure to not map eth9 to any em* interface configured as management otherwise you will lose connectivity!
ResolutionIn order to map a different interface to eth9 (in our case we will use em4) we need to remove the previuos interface (em3) from the bridge and then readd the new one back again:
 
brctl delif eth9 em3
brctl addif eth9 em4

if we run brctl show and ip addr we can confirm that the configuration has been applied successfully:
 
brctl show
bridge name     bridge id               STP enabled     interfaces
eth9            8000.c81f66dc55a4       no              em4

 
#ip addr
5: em4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000
    link/ether c8:1f:66:xx:xx:a4 brd ff:ff:ff:ff:ff:ff
6: eth9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether c8:1f:66:xx:xx:a4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ca1f:66ff:xxxx:xxa3/64 scope link
       valid_lft forever preferred_lft forever

Now If we browse into the SA UI under Administration--System-->Info we should be able to see that the Server ID is changed to a new one that ends with :a4
In order to apply this configuration persistently at every boot we need to modify the fneserver init script.
We can achieve this by running sed command:
 
sed -i 's/em3/em4/g' /etc/init.d/fneserver

If we reboot the machine we can confimr that the Server ID and the Mac address are both stick with the same :a4
NotesPlease note that Bond interfaces are supported only if we will leave at least an em* available for eth9 mapping hence licensing purpose.

Attachments

    Outcomes