08-04-2023 08:51 AM
Hi,
We deployed a new expressway-c and -e Cluster.
Traversal Zone Port is configure with TCP 7001 on both C and E. We dont have any certs right now, so Just TCP as a first start.
Firewalls rules seems to be Ok. Exp-e receives the pakets on Ports 7001, but dont Reply to Exp-c. Tcpdump Just Shows received pakets on Eth0 on Port 7001 from both Exp-c. But no pakets back to Exp-c.
Anything we missed here?
Regards.
Thomas
08-04-2023 10:27 AM
Just to mention that static routes are Ok, I can also ping the exp-c from exp-e.
08-05-2023 01:17 AM
What do the network logs say?
Have taken any logs and try to analyze with this tool https://cway.cisco.com/csa-new?
What happens, when you try to "open" the port, via Exp-C CLI:
Login with "root" and try the following command "wget <EXP-E IP>:7001"
08-06-2023 08:29 AM
Hi @b.winter
Wget can't connect to expe:7001, in Network logs I can't see anything with port 7001 on expe.
Only tcpdump shows me incoming packets from exp-c to e on Port 7001. I will increase log Details tomorrow and see if it gives me anything.
Best,
Thomas
08-07-2023 02:36 AM
Hi all,
weird finding: I had DMI LAN3 enabled until now. If i disable "Use dedicated management interface" and restart the units all works. Enabled DMI again and restart and connection between Exp-C and -E fails again.
For me it works now without DMI enabled, we have version X14.0.11 running. Not sure if this a bug in that release but just to mention it.
Best Regards,
Thomas
08-07-2023 02:52 AM
If you don't use the DMI, then I would disable it.
But to your problem: Did you maybe point the zone in EXP-C to the wrong interface? So EXP-C speaks to the DMI of EXP-E and not the "real" interface?
And one notice:
You better use X14.3 or later, where a lot of critical bugs of older versions were resolved.
08-07-2023 05:40 AM
Hi @b.winter ,
i had issues connecting to web interface on LAN1 first, thats why i enabled DMI. LAN3 interface is in the same subnet than Exp-C, thats why I could get access and preconfigure everything.
Access now works via LAN1, so i disabled DMI.
LAN1 is in a different VLAN than LAN3, and Traversal Zone is pointing to LAN1 IP address definitely.
No clue
Regards,
Thomas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide