Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034915 - How to update udev rules after installing a 10G Fiber Daughter Card in RSA NetWitness Logs and Packets Series 5 appliances

Document created by RSA Customer Support

on Mar 13, 2017•Last modified by RSA Customer Support on Jan 30, 2018

Version 5Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034915
Applies To	RSA Product Set: RSA NetWitness Suite RSA Product/Service Type: NetWitness Logs and Packets Seires 5 appliances RSA Version/Condition: 10.6 and higher Platform: CentOS O/S Version: 6
Issue	When installing a 10G Fiber Daughter Card to replace the 10G Copper Daughter card, it is best to reimage the appliance to automatically generate the necessary udev rules. However, in many cases, a reimage is not possible and sometimes data destructive (in the case of a hybrid appliance). This document will explain how to update these rules when installing a card and not subsequently reimaging the appliance.
Tasks	Back up all ifcfgs in /etc/sysconfig/network-scripts/ Shutdown the appliance and install the card (See RSA University Training “RSA NetWitness Logs and Packets 10G Interface Installation and Configuration” for more information) Log into the appliance with the root account via the console (physical or out of band). You will not be able to SSH into the appliance because the appliance will not recognize the old ifcfgs Update the udev rules by navigating to the rules.d directory, backing up the 70-persisent-rules file, and examining it. em1 and em2 should always be the 1G interfaces (igb) and em3 and em4 should be the 10G Interfaces (ixgbe). Please see the below commands. [root@NW10GPKTDEC ~]# cd /etc/udev/rules.d/ [root@NW10GPKTDEC rules.d]# cp 70-persistent-net.rules 70.rules.old [root@NW10GPKTDEC rules.d]# vi 70-persistent-net.rules Existing Rules Updated Rules Note: You can also find how the existing rules are configured in dmesg with the first half of your 10g mac address dmesg \|grep 24:6e:96:0e Reboot the appliance with the below command. [root@NW10GPKTDEC rules.d]# reboot After the reboot, log back in and config the management interface by editing the ifcfg-em1 file and restarting networking. When entering the networking information, ensure the two lines BOOTPROTO=static and ONBOOT=yes exist. [root@NW10GPKTDEC ~]# cd /etc/sysconfig/network-scripts/ [root@NW10GPKTDEC network-scripts]# vi ifcfg-em1 [root@NW10GPKTDEC network-scripts]# service networking restart Updated ifcfg with correct interface name and MAC to match udev rules After confirming networking, continue to setup the decoder and interfaces accordingly. In troubleshooting, ethtool is very useful to determine the exact interface name to physical port mappings if there are any issues. Determining link state and 1G vs 10G is quick and easy. Please see the example below.
Resolution	There is currently no permanent resolution to this issue. It is advised to reimage the appliance after installing the card, but if that is not possible, these steps must be followed.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

000033027 - How to install a Fiber NIC on a Series 5 appliance for RSA Security Analytics