MSE 3310 unreachable from NCS PI

MSE3310 has been up and running almost a year now and talking to the NCS Prime Infrastructure server with no problem. This morning arrived and checked the wireless via NCS Prime and now it shows the MSE as unreachable. The MSE and the Prime servers are both virtual and on the same network. I am able to ping to and from the MSE and Prime cli's with no problem. I have tried reboots and restarting the MSE services with no luck. Waiting on response from TAC, but was hoping somebody else had experienced this issue. Thanks for any info.

As per Matrix these version are compatiable:
If the MSE is unreachable from NCS make sure the service is running using one or all of these:
[root@MSE /]# /opt/mse/setup/msed status
[root@MSE /]# /opt/mse/setup/msed start
[root@MSE /]# /opt/mse/setup/msed restart
Regards

Similar Messages

MSE often unreachable from WCS

Hi,
I have upgraded MSE in my network from 7.0.105.0 to 7.0.201.204 a week ago.
After the upgrade, often MSE is going to unreachable state from WCS. A restart on MSE with "shutdown -r now" resolves the issue. But again after 2-3 days, it becomes unreachable from WCS. The IP reachability is fine from WCS and WCS communication password also matches.
"/etc/init.d/msed stop" command keep on showing "Shutting down MSE Platform ..." but never actually shuts down. only "shutdown -r now" helps.
getserverinfo is not giving any results.
Please let me know, what can be the possible issue.
Regards,
Madhan kumar G

Hi,
After restarting MSE, here is the output of Getserverinfo. Can "DB free size (kbytes): 0" be an issue?
Starting MSE Platform, Waiting to check the status.
MSE Platform is up, getting the status
Server Config
Product name: Cisco Mobility Service Engine
Version: 7.0.201.204
Hw Version: V01
Hw Product Identifier: AIR-MSE-3350-K9
Hw Serial Number: MXQ008A5S4
Use HTTP: false
Legacy HTTPS: false
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2
Services
Service Name: Context Aware Service
Service Version: 7.0.200.204
Admin Status: Enabled
Operation Status: Up
Service Name: Wireless Intrusion Protection Service
Service Version: 1.0.2077.0
Admin Status: Disabled
Operation Status: Down
Server Monitor
Server start time: Sun May 20 10:42:40 AST 2012
Server current time: Sun May 20 10:46:05 AST 2012
Server timezone: Asia/Riyadh
Server timezone offset: 10800000
Restarts: 4
Used Memory (bytes): 443802112
Allocated Memory (bytes): 994770944
Max Memory (bytes): 1908932608
DB virtual memory (kbytes): 0
DB virtual memory limit (bytes): 0
DB disk memory (bytes): 7104153216
DB free size (kbytes): 0
Active Sessions
Session ID: 12713
Session User ID: 2
Session IP Address: 172.18.5.15
Session start time: Sun May 20 10:43:06 AST 2012
Session last access time: Sun May 20 10:45:08 AST 2012
Context Aware Service
Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 1107
Active Wireless Clients: 1107
Active Tags: 0
Active Rogue APs: 0
Active Rogue Clients: 0
Active Interferers: 0
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 6000
Active Sessions: 1
Wireless Clients Not Tracked due to the limiting: 250
Tags Not Tracked due to the limiting: 0
Rogue APs Not Tracked due to the limiting: 0
Rogue Clients Not Tracked due to the limiting: 0
Interferers Not Tracked due to the limiting: 0
Wired Clients Not Tracked due to the limiting: 0
Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 250
Context Aware Sub Services
Subservice Name: Aeroscout Tag Engine
Admin Status: Disabled
Operation Status: Down
Subservice Name: Cisco Tag Engine
Admin Status: Enabled
Operation Status: Up
Regards,
Madhan kumar G

MSE is unreachable on WCS until Java program is killed

Hi
I have a problem with my 2700 series Wireless Location Appliance. It works for about a week, then suddenly WCS shows the device as unreachable. If I kill the Java program and then perform a shutdown, it works for about a week before the same fault occurs.
Has anyone experienced this before?
Thanks
TT

JMR1: MSE becomes unreachable from periodically.
CSCtk82237
Description
Symptom:
MSE becomes unreachable from WCS periodically.
Conditions:
MSE 7.0.105.0, WCS 7.0.164.0.
CSCsy13994
Description
Symptom:
MSE shows as unreachable in WCS. The MSE service is up and running and credentials used are correct too.
Conditions:
N/A
Workaround:
Restart WCS services or reboot the WCS server.
Further Problem Description:
There is a problem with the HTTPS session being established between the WCS and the MSE which causes this issue.

Lenovo W530/W540 Getting Destination host Unreachable from our Firewall

Hey Everyone!
I'm having some bizarre issues with all of my Lenovo W530/W540's. I'm not sure when the issue started, the first time it was reported to me was around March, and it has been persistant since the issue was discovered. The issue is that, quite frequently, our Lenovo W530/W540's will get Destiantion Host Unreachable if I run a continuous ping (ping -t ...) to anything outside our firewall.
I have run a ping to things inside our firewall (other computers/servers, etc.) and they will return good ping until the cows come home.
However, if I try to ping anything outside our firewall (google.com, google DNS 8.8.8.8, yahoo.com, etc.) about every 30 seconds (every 30-35 returns) it starts returning Destitnation Host Unreachable from our Firewall. This will last for around 10-25 returns, and then traffic goes back to normal.
We are a majority Apple Shop, and when I attempt to ping from any Apple on the network, it get fine returns consistently. I also tried pinging from the few non-Lenovo Windows Machines we have as well (my personal machine which is self-built Windows rig, a couple of windows test machines, and a Windows 2008 Server we have) and they also have consistently good returns as well.
It is ONLY the Lenovo's that have this problem. To compound things, they have no issue when they are connected to a different network other than the company network. This ONLY happens when they try to interact with traffic going THROUGH our Firewall on our company network. It happens regardless of whether they hardwired or wireless. Also, during the Destination Host Unreachable moments, Windows does not detect a disruption, it keeps registering good connection. I do not know how often Windows checks for connection, but these Destination Host Unreachable moments are so quick, I'm fairly certain that Windows can't even detect them.
Our Firewall is a Linux CentOS server that is running Shorewall Firewall Software. The Destination Host Unreachable notice is coming from our Firewall directly, not from our ISP, so for some reason, the Lenovo is having a problem talking to our FW.
We currently only have 3 of these machines in circulation, but its having a pretty big impact on those with the machines, as going to a website is even a chore, as they often get "Page Not Found" and other errors when they try to load a website.
I'm a bit stumped, I've never seen a machine act this way where it only has problems on a particular network; usually its a global issue it has with everything. Any and all help would be appreciated.
Thanks!
-Chris

DNS is set to be automatic, though I did try setting a permenent DNS server in the IPv4 settings to our local DNS server AND Google DNS, and the issue still occurred.
The 2 Conflicting firewalls could be it, so I tested that. I logged into the Local Administrator account on the machine so I could temporarily disable the firewall. I disabled it, pinged out, and I still get Destination host unreachable, though weirdly, it seems to happen less than when on the other account (only about every 50-60 pings do I get Destination host Unreachable).

New Install - ICMP Host Unreachable from gateway

Hi team,
I'm configuring a new solaris x86 box for the first time in a long time and I'm running into a problem that has me stumped.
I just installed Solaris 10 v7 on a P4 Dell box with an intel pro1000 adapter loaded.
Installed using ZFS and install went well. I set a static IP of 192.168.1.70 on a proper 192.168.1.x lan.
After install, everything seems to work fine but cannot ping a FQDN such as www.google.com, etc.
at first, I tried to join a local domain - maxximgroup.com and my computer name is set to sunzilla.
Here's my network config files;
sunzilla is set up with static IP = 192.168.1.70
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.70 netmask ffffff00 broadcast 192.168.1.255
ether 0:1b:21:27:56:2c
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
inet6 fe80::21b:21ff:fe27:562c/10
ether 0:1b:21:27:56:2c
And /etc/hosts shows host name sunzilla associated w/ 192.168.1.70...
# cat /etc/hosts
# Internet host table
::1 localhost
127.0.0.1 localhost
192.168.1.70 sunzilla loghost
And my resolv.conf file shows my internal DNS routers as well as a 3rd I added (4.2.2.2) just in case...
# cat /etc/resolv.conf
domain maxximgroup.com
nameserver 192.168.1.20
nameserver 192.168.1.22
nameserver 4.2.2.2
search maxximgroup.com
I noticed the /etc/defaultrouter file was MISSING... so I created one pointing to my router...
# cat /etc/defaultrouter
192.168.1.1
And finally, I checked the /etc/nsswitch.conf file and it does indeed show hosts & ipnodes --> files & dns ...
# cat /etc/nsswitch.conf
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# /etc/nsswitch.dns:
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# DNS service expects that an instance of svc:/network/dns/client be
# enabled and online.
passwd: files
group: files
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
I can ping local IP addresses ...
# ping 192.168.1.1
192.168.1.1 is alive
But not external addresses ...
# ping 67.15.211.8
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
^C#
and naturally, I can ping a FQDN either (confirmed to be pingable on a computer on the same lan) ...
# ping mycloud.local
ping: unknown host mycloud.local
Can anyone provide some guidance pls?

Thanks Robert. You were absolutely on the right track. It turns out that in my "rush" to get my new ZFS "toy" up and running, during the install, I gave Solaris a static address but told it to automatically find the gateway. Oops! When solaris 10 installed, it correctly decided that since it had a static IP, it should assign the gateway as itself! So, naturally, when I ran netstat -m, It showed my gateway as myself! 192.168.1.70 sunzilla.
I'm used to running Solaris on a Sparc platform and I'm a bit uncomfortable with reboots and I figured there would surely be a network restart command somewhere. After finding out that things have now changed in Solaris 10 quite a bit from Solaris 8, I just decided to init 6.
After the system came up, everything was happy : -)
So again, thanks to Robert for helping save the day!

How to recovery MSE 3310

Hi ALL
MSE can not boot.MSE show error log
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "3" respawning too fast: disabled for 5 minutes
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: Id "6" respawning too fast: disabled for 5 minutes
INIT: cannot execute "/sbin/mingetty"
INIT: cannot execute "/sbin/mingetty"
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: cannot execute "/sbin/mingetty"
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: no more processes left in this runlevel
How to recovery MSE 3310,I find in documents not show method recovery
Please recommend solution recovery MSE 3310

Do you have data you need? If not, just reinstall the MSE. You can do this by burning an ISO of the image to CD and running that. But maybe it would be faster just to open up a TAC case to see if that is the best way or if something went wrong with the hardware.

Migrating from NCS 1.1.2 to Prime 1.2? Possible?

According to this:
http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/quickstart/guide/cpi_qsg.html#wp73107 it mentions that migrating from NCS 1.1.2 to CPI 1.2 isn't possible.
How can I get around this?

TAC has a patch to upgrade off of 1.1.2.12.
I don't recall but kinda' think it is to get to 1.3.0.20 and not to 1.2.1.12
Basically you take a backup from the 1.1.2.12 server then restore it into a newly build 1.3 server that has had the patch applied.
I've 3 or 4 and it works just fine...

Cisco WLC with Bonjor services - MSE 3310 compatibility

Hi All,
We have a Cisco WLC 5508 currently running on code 7.2. We have Cisco MSE 3310 appliance (which is EoS & EoS) and it is running on code 7.2 as well.
Now, we want to implement Bonjor Gateway services to support Apple Services such as Apple TV, Apple Printer etc.
My understanding is that in order to deploy Bonjour gateway the controller needs to be at least on version 7.4.
I can upgrade the Controller Code, but I need to know the compatibility between Cisco WLC code 7.4 (7.4.100.0) with Cisco MSE 3310 code (7.3.101.0, as it the highest code available). MSE 3310 appliance compatibility with WLC Code 7.4 ?
I checked the Cisco Software Compatibility Matrix, and it's not clear at all.
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#pgfId-148309
Thanks and Regards,
CJ

If you really want to keep everything compatible, you might want to look at another route, like using Avahi as an mDNS gateway. Take a look at this document... there are other mDNS gateways out there which can work, but this doc is strictly for the Avahi:
http://www.cisco.com/c/en/us/support/docs/wireless/aironet-1100-series-access-point/113443-cuwn-apple-bonjour-dg-00.html
http://www.timabbott.com/computers/multi-vlan-airplay-with-avahi/
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****

Upgrade from NCS to Prime

Hi.
I am trying to upgrade from NCS ver 1.1.1.24 to Prime 1.2. With the script ncs_patch-1.1.1.24-upgrade-pi_1.2.tar.gz.
And everything runs smooth until Stage 6 of 7., when Updating Database Schema .. is starting
Stage 6 of 7: Updating Database Schema ...
             : This could take long time based on the existing data size.
                 Stage 1 of 5: Pre Migration Schema Upgrade ...
                                       -- complete. Time Taken : 0 hr, 0 min, 52 sec
                 Stage 2 of 5: Schema Upgrade ...
                               : This could take long time based on the existing data size.
Here everything stops. I have waited for 5 hours now is this normal?
Regards
Johan

It looks like you may be able to restore the data as it says here but you may need to simply export the database, install PI and restore.
http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/quickstart/guide/cpi_qsg.html#wp56790
Upgrading Cisco Prime Infrastructure
You can upgrade the following Cisco Prime Network Control System products to Cisco Prime Infrastructure 1.2:
•Cisco Prime Network Control System 1.0.0 (NCS 1.0 MR2, 1.0.2.29)
•Cisco Prime Network Control System 1.1.0 (NCS 1.1 FCS, 1.1.0.58)
•Cisco Prime Network Control System 1.1.1 (NCS 1.1 K MR1, 1.1.1.24)
•Cisco Prime Network Control System (WAN) 1.1.0 and Cisco Prime Assurance Manager 1.1.0 (NCS-WAN/PA 1.1 FCS, 1.1.0.1114)
•Cisco Prime Network Control System (WAN) 1.1.1 and Cisco Prime Assurance Manager 1.1.1 (NCS-WAN/PA 1.1.1 MR1 FCS, 1.1.0.1116)
You can upgrade using either of the following methods:
1. Standard—Upgrades your existing system to version 1.2. All existing data is retained and you will be using the same size OVA at the end. The existing product will not be operational until the upgrade is complete. This is the normal option for most users. For details, see Performing a Standard Upgrade.
2. Migration—Allows you to back up the data from your existing system, install Cisco Prime Infrastructure 1.2 as a new system, and restore the existing system's data to the new system. You can then decommission the old system. This option is preferred if you want to migrate to a larger OVA, cannot disturb your production system, or have a large network. For details, see Performing a Migration Upgrade.

About MSE 3310 license

Dear sir:
     We are doing the wireless network now, but there has some problems. After add the plus license we can not add the MSE license at the GUI of WCS., the system tell us “Cannot detect valid MSE”, also at the controller item. We delete the plus license and add it again , its also cannot do. We use the modules:WS-SVC-WISM-1-K9, WSC-STANDARD-K9, WCS-PLUS-100, AIR-MSE-3310-K9, AIR-CAS-1KC-K9, the software : CSACS-4.2-WIN-K9(Cisco Secure ACS 4.2 for Windows) ,WCS( 6.0 for Windows 2003 server) the IOS: MSE( 5.2.91.0) , WISM (4.2.205.0).
       Thank you !
       Best regard to you

Hello
Did you ever resolve this issue? I have exactly the same thing happenning!
Thanks
Anthony

Ping return a lot of "ICMP Port Unreachable from gateway"

hi all,
continues getting many "ICMP Port unreachable" messages while i ping a host that is within same subnet. both servers are running solaris 10 U6. is there any wrong configuration of IPMP ?
PING rac-dbs-a2: 1024 data bytes
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=0. time=0.830 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=1. time=0.608 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=2. time=0.547 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=3. time=0.611 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=4. time=0.543 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=5. time=0.616 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=6. time=0.663 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=7. time=0.596 ms
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=8. time=0.672 ms ICMP Port Unreachable from gateway rac-dbs-a2 (10.1.3.27) for udp from rac-dbs-c2 (10.1.3.36) to rac-dbs-a2 (10.1.3.27) port
37833
1032 bytes from rac-dbs-a2 (10.1.3.27): icmp_seq=9. time=0.582 ms
----rac-dbs-a2 PING Statistics----
10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max/stddev = 0.543/0.6268/0.830/0.0828
ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
bge0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
inet 192.168.1.27 netmask ffffff00 broadcast 192.168.1.255
groupname internal-multipath
bge0:1:
flags=201040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,CoS> mtu 1500 index 2
inet 192.168.1.37 netmask ffffff00 broadcast 192.168.1.255
bge1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 172.22.100.27 netmask ffffff00 broadcast 172.22.100.255
groupname smtm-multipath
bge2: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 10.1.4.27 netmask ffffff00 broadcast 10.1.4.255
groupname crf-multipath
bge2:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
bge3: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
inet 10.1.3.27 netmask ffffff00 broadcast 10.1.3.255
groupname rac-multipath
bge3:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 5
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
ce0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 6
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname internal-multipath
ce1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 7
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname smtm-multipath
ce2:
flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
mtu 0 index 8inet 0.0.0.0 netmask 0
groupname crf-multipath
ce3:
flags=249000842<BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,INACTIVE,CoS
mtu 0 index 9inet 0.0.0.0 netmask 0
groupname rac-multipath
Edited by: hello78 on May 11, 2009 9:02 PM

This isn't a Java question. Try the Solaris forum.

ICMP Host Unreachable from gateway localhost (127.0.0.1)

I had a functional zone. But we had an outage and for some reason one of my zones is unreachable. Looks like the problem is that the default route has changed. How can I add a default route to a zone?
Thanks
Manish
--- global zone ---
-bash-3.00# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 www running /export/zones/www native shared
4 java running /export/zones/java native shared
--- zone java ---
-bash-3.00# ping 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
-bash-3.00# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0:3: flags=4001000842<BROADCAST,RUNNING,MULTICAST,IPv4,DUPLICATE> mtu 1500 index 2
inet 131.247.16.149 netmask ffffff80 broadcast 131.247.16.255
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
127.0.0.1 127.0.0.1 UH 4 61 lo0:1
-bash-3.00# route add default 131.247.16.254
add net default: gateway 131.247.16.254: insufficient privileges
--- zone www ---
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 131.247.16.254 UG 1 47
131.247.16.128 131.247.16.131 U 1 13 bge0:2
224.0.0.0 131.247.16.131 U 1 0 bge0:2
127.0.0.1 127.0.0.1 UH 4 108 lo0:2

ifconfig -a will show when you have a duplicated IP address.
It appears along with the text values for the interface flags ie
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
You would see DUPLICATE or DUPLICATED in that field, and the flags would be different. Sorry, I don't have a duplicate IP situation going on right now, but my memory says it looked something like this:
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,DUPLICATE> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
Cheers,

Cant add MSE 7.4 to NCS 1.2

Hi Guys,
I am experiencing the same issue that is described here:
https://supportforums.cisco.com/thread/2159887#sthash.li7gjM3I.dpuf
Please note that this is a new install of both NCS and MSE.
Both NCS and MSE are running on the same VMware box
Both are in the same subnet 10.1.50.X - NCS 10.1.50.100 and MSE 10.1.50.101
From both consoles; NCS can ping MSE and MSE can ping NCS
In NCS (1.2) when i attempt to add an MSE i get the error -
"No response from Server. It may be unreachable, or server is down or HTTPS connection to server failed."
When i change the default username "admin" to something different say "admin1" i get the following error -
"Login Failure: Incorrect login credentials. You have entered an incorrect username or password. Please try again."
So when i leave the default username and password and enter the IP of the MSE (10.1.50.101) it tells me that it is getting no response and when i change the default username it tells me that the login is incorrect!!!
I have reinstalled the MSE 3 times
I have tried different browsers (Firefox, IE, Safari)
I have restarted the network services on the MSE
Can anyone else offer any advice?
Thanks
Mark Julier

Hi Scott
These are my outputs:
MSE STOP ------------------------------------------------------
[root@DAMSE01 ~]# /etc/init.d/msed stop
Stopping MSE Platform
Shutting down framework and services ...
Shutting down framework and services .............
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
MSE START -------------------------------------------------
[root@DAMSE01 ~]# /etc/init.d/msed start
Starting MSE Platform
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Starting Health Monitor, Waiting to check the status.
Health Monitor successfully started
Starting Admin process...
Started Admin process.
Starting database ....
Database started successfully. Starting framework and services ............
Framework and services successfully started
MSE Status ------------------------------------------------------
[root@DAMSE01 ~]# /etc/init.d/msed status
STATUS:
Health Monitor is running
Starting MSE Platform, Waiting to check the status.
MSE services are up, getting the status
Server Config
Product name: Cisco Mobility Service Engine
Version: 7.4.100.0
Health Monitor Ip Address: 1.1.1.1
High Availability Role: 1
Hw Version: V01
Hw Product Identifier: AIR-MSE-VA-K9
Hw Serial Number: DAMSE01.digitalairwireless.com_e3290306-83f0-11e2-b92c-000c29f9ba2a
Use HTTP: false
Legacy HTTPS: false
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2
Services
Service Name: Context Aware Service
Service Version: 7.4.0.38
Admin Status: Enabled
Operation Status: Up
Service Name: WIPS
Service Version: 1.0.4041.0
Admin Status: Disabled
Operation Status: Down
Service Name: Mobile Concierge Service
Service Version: 2.0.0.37
Admin Status: Disabled
Operation Status: Down
Service Name: Location Analytics Service
Service Version: 1.0.0.12
Admin Status: Disabled
Operation Status: Down
Server Monitor
Server start time: Sun Mar 03 16:40:00 GMT 2013
Server current time: Sun Mar 03 16:46:52 GMT 2013
Server timezone: GB
Server timezone offset: 0
Restarts: 4
Used Memory (bytes): 111663584
Allocated Memory (bytes): 514523136
Max Memory (bytes): 514523136
DB virtual memory (kbytes): 0
DB virtual memory limit (bytes): 0
DB disk memory (bytes): 2048272000
DB free size (kbytes): 0
Context Aware Service
Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 0
Active Wireless Clients: 0
Active Tags: 0
Active Rogue APs: 0
Active Rogue Clients: 0
Active Interferers: 0
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 100
Active Sessions: 0
Wireless Clients Not Tracked due to the limiting: 0
Tags Not Tracked due to the limiting: 0
Rogue APs Not Tracked due to the limiting: 0
Rogue Clients Not Tracked due to the limiting: 0
Interferers Not Tracked due to the limiting: 0
Wired Clients Not Tracked due to the limiting: 0
Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0
Context Aware Sub Services
Subservice Name: Aeroscout Tag Engine
Admin Status: Disabled
Operation Status: Down
Subservice Name: Cisco Tag Engine
Admin Status: Enabled
Operation Status: Up
so the two errors that are given are:
when i stop
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
and when i start:
iptables v1.3.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.3.5: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Let me know your thoughts
Thanks
Mark

Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Hi,
I've to upgrade the NAC Enviroment from 4.1.6 version to 4.7.2 version.
This is the scenario.
2 CAM
2 CAS
on 3310 Platform in HA-Pairs.
On Cisco WebSite i found that upgrading to 4.7.2 is possible by this way: 4.1.6 --> 4.1.8 --> 4.5.1 --> 4.7.2. I think that the direct upgrade 4.1.6 --> 4.5.1 is possible. Can you confirm me that?
Well, I've some questions about this upgrade.
1) If the upgrade fails, is there any rollback task to do? Reinstall the CAM/CAS and restore the backup or what?
2) Can you tell me the downtime for the upgrade 4.1.8 --> 4.5.1?
3) The downtime for the upgrade 4.5.1 --> 4.7.2 ?
Thanks in advance for the support!!!

Thanks you very much, really appreciate your help!
I will follow the procedures that Cisco indicates and i hope that everything will work fine!
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/418/418rn.html#wp75888
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp75888
http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/472rn.html#wp75888
I noticed that the tar.gz for the 4.7.2 frome 4.5.x upgrade is an ISO file. Is this the correct file?
The attach image shows the content of the file: cca_upgrade-4.7.2-from-4.5.x-4.6.x.tar.gz
Is right?

Migrating from NCS 1.0 to Prime Infrastructure 1.2

Hi friends
I know i had short discussion about this before but here it comes again and this time in detail.
I have NCS 1.0 with 100 devices support license installed. Now knowing it has reached end of sale, and also for the fact that Prime does cover devices like routers, i went ahead to the upgrade path via PUT (Product Upgrade Tool).
Finally I received an email (OBA) advising my order is ready. This email included two items in the shipment,
L-N-PI12-100-M=
NCS 1.0 to Prime Infrastructure 1.2 Minor Upg 100 Device
L-PILMS42-100-M
Prime Infrastructure LMS 4.2 - 100 Device Upgrade Lic
When i click to the link in the same email to download the license, it only shows me one file which is
L-PILMS42-100-M
I tried using this file and installing on the NCS1.0 but it gives me error that this file is not a license file. The license name suggests me that it is not the license to be installed on the NCS. The file should be L-N-PI12-100-M=
Thanks for reading this all and would appreciate all your inputs here.
Regards,
Mohit

Marvin Rhoads wrote:Your PI 1.2 also includes the right to install and use LMS 4.2 - a separately installed and licensed server.If you want Assurance (or Compliance) licenses for PI, they will have to be ordered separately. The license files delivedred when you buy those product SKUs will allow you to use those features. The starting point (base) in PI 1.2 is Lifecycle.
when i followed the inpath upgrade, i receved an email from the licensing that the license file is ready for download. the order said,
Product Name : L-PILMS42-100-M
Product Description : L-PILMS42-100-M : Prime Infrastructure LMS 4.2 - 100 Device Upgrade Lic
and the attached lic file "LMS2013021XXXXXXX.lic" came along from them.
but when i installed that lic file, i got the error message from the upgarded the PI 1.2 that the file is not a license file.
The trouble is i cannot generate another lic file (if the exsting generated file was corrupt) cos the PAK is already been used once.
Now i am wondering i can avail that LMS file that would be good, but when i spoke to the TAC, i was told that this file name doesnt seem correct as this is PI and it wont understand LMS file. It was only useful if you were upgraing from LMS to PI and because my case was NCS to PI, this will not work.
Any suggestions?

MSE 3310 unreachable from NCS PI

Similar Messages

Maybe you are looking for