Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Smart Net Total Care Community!

Our community includes Cisco experts to answer your questions about the Smart Net Total Care (SNTC) portal and CSP-Collector.
Click the navigation links below to access materials for using our service and supported collectors.

812
Views
10
Helpful
13
Replies
Highlighted
CommKeeper
Beginner
Beginner
‎02-07-2019 07:46 AM
‎02-07-2019 07:46 AM

No Ping Response from C-SPC after Upgrade to 2.8.1

I ran the GUI update to the lastest version last night and all went well. However this morning I was told server alerts were going off since they could no longer get a ping response from the server. I logged into the admin user of the CLI and I can see where ICMP type 8 is allowed on the firewall of the C-SPC.

 

Does anyone else have this issue? We have stopped ping checks for now, but would like to resume so we can ensure our inventory is happening regularly.

4 people had this problem
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
brawall
Cisco Employee
Cisco Employee
‎02-13-2019 12:36 PM
‎02-13-2019 12:36 PM

It looks like iptables is being overwritten and the icmp permit rule is not there anymore after upgrade. This looks like a bug but for now instead of disabling iptables you can run "iptables -L --line-numbers" to get the numbered rules and in the INPUT chain add the icmp permit with "iptables -I INPUT 13 --match icmp --protocol icmp --icmp-type any --jump ACCEPT" where 13 is the line number at the end of INPUT chain. If there is a LOG_DROP entry at the end of the input chain, change the number to whatever line is 1 above it.

 

Thanks,

Brandon

View solution in original post

Reply
13 REPLIES 13
Highlighted
brawall
Cisco Employee
Cisco Employee
‎02-07-2019 12:04 PM
‎02-07-2019 12:04 PM

Is it still not replying to ping requests? I checked and it looks like your collector has uploaded multiple times today so it seems to have at least upgraded properly. It would make sense to lose pings for a while while the CSPC rebooted, which can sometimes take a while.

 

On a side note, it looks like you are getting uploads silenced due to them coming in so frequently. I would check the configuration to prevent this from happening.

 

Thank you,

Brandon

0 Helpful
Reply
Highlighted
CommKeeper
Beginner
Beginner
In response to brawall
‎02-07-2019 01:13 PM
‎02-07-2019 01:13 PM

They have not worked all day. We had to silence it in our monitoring system.

How often should it upload?

0 Helpful
Reply
Highlighted
jofrumki
Cisco Employee
Cisco Employee
In response to CommKeeper
‎02-07-2019 02:12 PM
‎02-07-2019 02:12 PM

Uploads to SNTC are typically scheduled for at most once a week since we do not collect any syslog data and contract and EOX information does not fluctuate that frequently.
0 Helpful
Reply
Highlighted
mdsmith200
Beginner
Beginner
‎02-11-2019 07:10 AM
‎02-11-2019 07:10 AM

I have the same issue.  Version 2.8.1 installed on Saturday morning, and my monitoring system has been unable to ping since the upgrade.  I am able to log into the web interface, and my Sunday morning collection and upload job ran without issue.  Did a firewall get enabled during the upgrade?

Reply
Highlighted
CommKeeper
Beginner
Beginner
In response to mdsmith200
‎02-11-2019 07:32 AM
‎02-11-2019 07:32 AM

@mdsmith200 wrote:

I have the same issue.  Version 2.8.1 installed on Saturday morning, and my monitoring system has been unable to ping since the upgrade.  I am able to log into the web interface, and my Sunday morning collection and upload job ran without issue.  Did a firewall get enabled during the upgrade?

From what I could see, the firewall was allowing ICMP, but nothing was responding. Not sure if there is another layer of firewall I am not seeing. Either way, we still cannot ping our C-SPC, but its up and working.

0 Helpful
Reply
Highlighted
brawall
Cisco Employee
Cisco Employee
In response to CommKeeper
‎02-11-2019 08:47 AM
‎02-11-2019 08:47 AM

We've upgraded some collectors internally and don't have the ping issue. What monitoring system are you pinging from? Are you able to ping it from your workstation? Are you able to ping out from the collector itself? 

0 Helpful
Reply
Highlighted
brawall
Cisco Employee
Cisco Employee
In response to mdsmith200
‎02-11-2019 09:12 AM
‎02-11-2019 09:12 AM

Can you login to CLI as root user and temporarily disable iptables to see if you can ping? 

 

service iptables stop

0 Helpful
Reply
Highlighted
trapasso
Beginner
Beginner
‎02-11-2019 11:21 AM
‎02-11-2019 11:21 AM

My CSPC server just upgraded to version 2.8.1 this morning and the server stopped replying to pings after the reboot.  I am able to get access to the server via SSH and https but cannot ping.

 

The suggestion brawall was dead on.  Shutting down iptables did workaround the issue, I am able to ping with iptables stopped.  I hope there is a version 2.8.2 out soon to fix this issue or a quick fix I can apply.

0 Helpful
Reply
Highlighted
brawall
Cisco Employee
Cisco Employee
In response to trapasso
‎02-11-2019 11:32 AM
‎02-11-2019 11:32 AM

Can you please PM me the output of "iptables -L" as root user?

 

Thank you,

Brandon

0 Helpful
Reply
Highlighted
brawall
Cisco Employee
Cisco Employee
‎02-13-2019 12:36 PM
‎02-13-2019 12:36 PM

It looks like iptables is being overwritten and the icmp permit rule is not there anymore after upgrade. This looks like a bug but for now instead of disabling iptables you can run "iptables -L --line-numbers" to get the numbered rules and in the INPUT chain add the icmp permit with "iptables -I INPUT 13 --match icmp --protocol icmp --icmp-type any --jump ACCEPT" where 13 is the line number at the end of INPUT chain. If there is a LOG_DROP entry at the end of the input chain, change the number to whatever line is 1 above it.

 

Thanks,

Brandon

View solution in original post

Reply
Highlighted
CommKeeper
Beginner
Beginner
In response to brawall
‎02-13-2019 12:46 PM
‎02-13-2019 12:46 PM

Thanks for the reply. Working on changing this now.

0 Helpful
Reply
Highlighted
CommKeeper
Beginner
Beginner
In response to CommKeeper
‎02-13-2019 01:25 PM
‎02-13-2019 01:25 PM

This works. Pinging is alive again.
0 Helpful
Reply
Highlighted
jvujcich
Beginner
Beginner
‎03-05-2019 01:48 PM
‎03-05-2019 01:48 PM

Adding the ICMP to the IPTABLEs worked for me, But, after a restart of the collector, the ping issues came back. The IPTABLES ICMP entry had to be re-added. How do I make it stick?

0 Helpful
Reply
Latest Contents
Failed to Generate a new CSP-C entitlement
Created by SergioZ on 11-11-2020 09:45 AM
7
0
7
0
Hi,I'm unable to generate new Collector entitlement file. Could you please help? CCO ID s.zavialov
DNS config on a new 2.9 collector
Created by hgieselman on 10-29-2020 02:12 PM
3
0
3
0
I just installed a new 2.9 collector. During initial config, setting the DNS server kept failing so I continued anyway. Now I am in the admin shell and trying:admin# conf dns -a 192.168.10.4but it keeps failing with:execute % Error occured while executing... view more
Problem to Registered in Smart Net Total Care (SNTC)
Created by ecorodoviasti on 10-26-2020 01:15 PM
4
0
4
0
Hi,The registration in the "smart net total care" was successful.We have received the email from cisco that you are reviewing our request, but we have not received another email from Cisco with the registration status.A TAC was opened, but it instructs to... view more
Unable to log into SNTC Portal
Created by snicolaus82 on 09-30-2020 01:08 PM
5
0
5
0
It looks like I few others have had the same issue recently.  When I browse to services.cisco.com and login with my account, I am redirected to the splash screen for requesting access. I was recently given permissions on our account to access th... view more
I can't download CIR reports from the SNTC portal
Created by jcraviot on 09-22-2020 01:32 PM
1
0
1
0
Hi team I can't download CIR reports from the SNTC portal, could you please add me the credentials?   Thansk & regards, Josue
Right-rail
Navigation
Be sure to bookmark these support pages and use them in the future to find all the self-help information.
Helpful Links
Access the SNTC Portal
Comunidad en Español
Provide Feedback about the Community