Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
6
Replies

Expressway-C failed to connect to Ecpressway-E

Thomas-B
Level 1
Level 1

‎08-04-2023 08:51 AM

Hi,

We deployed a new expressway-c and -e Cluster.

Traversal Zone Port is configure with TCP 7001 on both C and E. We dont have any certs right now, so Just TCP as a first start.

Firewalls rules seems to be Ok. Exp-e receives the pakets on Ports 7001, but dont Reply to Exp-c. Tcpdump Just Shows received pakets on Eth0 on Port 7001 from both Exp-c. But no pakets back to Exp-c. 

Anything we missed here?

Regards.
Thomas

 

0 Helpful
6 Replies 6

Thomas-B
Level 1
Level 1

‎08-04-2023 10:27 AM

Just to mention that static routes are Ok, I can also ping the exp-c from exp-e. 

0 Helpful

b.winter
VIP
VIP

‎08-05-2023 01:17 AM

What do the network logs say?
Have taken any logs and try to analyze with this tool https://cway.cisco.com/csa-new?

What happens, when you try to "open" the port, via Exp-C CLI:
Login with "root" and try the following command "wget <EXP-E IP>:7001"

0 Helpful

Thomas-B
Level 1
Level 1
In response to b.winter

‎08-06-2023 08:29 AM

Hi @b.winter 

Wget can't  connect to expe:7001, in Network logs I can't see anything with port 7001 on expe.

 

Only tcpdump shows me incoming packets from exp-c to e on Port 7001. I will increase log Details tomorrow and see if it gives me anything. 

 

Best,

Thomas 

0 Helpful

Thomas-B
Level 1
Level 1
In response to Thomas-B

‎08-07-2023 02:36 AM

Hi all,

weird finding:  I had DMI LAN3 enabled until now. If i disable "Use dedicated management interface" and restart the units all works. Enabled DMI again and restart and connection between Exp-C and -E fails again.

For me it works now without DMI enabled, we have version X14.0.11 running. Not sure if this a bug in that release but just to mention it.

 

Best Regards,

Thomas

 

0 Helpful

b.winter
VIP
VIP
In response to Thomas-B

‎08-07-2023 02:52 AM

If you don't use the DMI, then I would disable it.

But to your problem: Did you maybe point the zone in EXP-C to the wrong interface? So EXP-C speaks to the DMI of EXP-E and not the "real" interface?

And one notice:
You better use X14.3 or later, where a lot of critical bugs of older versions were resolved.

0 Helpful

Thomas-B
Level 1
Level 1
In response to b.winter

‎08-07-2023 05:40 AM

Hi @b.winter ,

 

i had issues connecting to web interface on LAN1 first, thats why i enabled DMI.  LAN3 interface is in the same subnet than Exp-C, thats why I could  get access and preconfigure everything.  

Access now works via LAN1, so i disabled DMI. 

 

LAN1 is in a different VLAN than LAN3, and Traversal Zone is pointing to LAN1 IP address definitely.

 

No clue

 

Regards,

Thomas

0 Helpful
Customers Also Viewed These Support Documents