Skip to main content
Start a Conversation

Unsolved

_

_iDell_

6 Posts

3928

February 13th, 2019 11:00

Can't access PS4110 using mgmt IP address.

We have a Equallogic PS4110 server - lost the GUI access via Mgmt IP after the power outage.

I'm not an expert in Dell servers by any means (took over this device recently) but managed to get in the device via console and researched few CLI commands and noticed the mgmt IP is missing.

Tried to configure the same using grpparms commands but it is giving 'too many parameters' error while configuring the IP and the mgmt gateway.

Please advise....

dwilliam62

1 Rookie

 • 

1.5K Posts

February 13th, 2019 12:00

Hello, 

Are you sure it had Dedicated Management IP configured?   

What is the exact command you are typing to set the IPaddress? 

You also need to see that the physical Mgmt port IP address is.  Even if the Group Dedicated management address is gone, the physical port IP should be there. 

GrpName>member select MEMBERNAME show eths 

E.g. I have a member named PS6210E

GrpName>member select PS6210E show eths
Name ifType ifSpeed Mtu Ipaddress Status Errors DCB
---- --------------- ---------- ---- ----------------------------- ------ ------ ------
eth0 ethernet-csmacd 10 Gbps 9000 100.85.232.230 up 0
off
eth1 ethernet-csmacd 10 Gbps 9000 100.85.232.231 up 0
off
eth2 ethernet-csmacd 10 Mbps 1500 192.168.1.3 down 0
off
NDCSUPTA36> member select PS6210E eth sel 2
NDCSUPTA36(member_PS6210E eth_2)> show
_______________________________ Eth Information _______________________________
Name: eth2 Status: down
Changed: Sat Dec 29 07:03:43 2018 Type: ethernet-csmacd
DesiredStatus: down Mtu: 1500
Speed: 10 Mbps HardwareAddress: F0:1F:AF:D7:1C:E5
IPAddress: 192.168.1.3 NetMask: 255.255.255.0
IPv6Address: Description:
SupportsManagement: only ManagementStatus: mgmt
DCB: off Controller: primary

 

So you should be able to connect to that member by that physical port IP address also. 

I would try pinging the IP that your array shows first. 

But the command to set the Well Known Management IP address for the group is: 

grpparams management-network ipaddress X.X.X.X 

E.g.

grpparams management-network ipaddress 192.168.1.99

Regards,

Don

 

_iDell_

6 Posts

February 13th, 2019 12:00

Thanks for your response Don, appreciate it.

The mgmt IP configured was 172.25.1.200 (was able to access it via GUI-ssl).

I configured 172.25.1.201 on eth1 [there is only one physical port (mgmt) other than the iscsi port] and

172.25.1.200 as mgmt IP using the < grpparams management-network ipaddress 172.25.1.200>

I'm still not sure where the mgmt IP(172.25.1.200) needs to be configured - using the member sel eth or the grpparams mgmt-network command

The group IP(cluster) is 10.64.60.10

This is what i configured and see it now on the PS4110...

--------------------------------------------------------------------------------

DellGroup> grpparams show
______________________________ Group Information ______________________________
Name: DellGroup Group-Ipaddress: 10.64.60.10
Group-Mgmt-Gateway: 172.25.1.1
!

snip

!

Management-Ipaddress: 172.25.1.200

----------------------------------------------------------------------------------------

DellGroup> grpparams management-network show
Ip Address
-----------------------------------
172.25.1.200

---------------------------------------------------------------------------------

DellGroup> member select DellEQL show eths
Name ifType ifSpeed Mtu Ipaddress Status Errors DCB
---- --------------- ---------- ---- ----------------------------- ------ ------ ------
eth0 ethernet-csmacd 10 Gbps 9000 10.64.60.11 up 0
off
eth1 ethernet-csmacd 100 Mbps 1500 172.25.1.201 up 0
off

--------------------------------------------------------------------------------

DellGroup> member select DellEQL eth sel 1
DellGroup(member_DellEQL eth_1)> show
_______________________________ Eth Information _______________________________
Name: eth1 Status: up
Changed: Wed Feb 13 14:00:56 2019 Type: ethernet-csmacd
DesiredStatus: up Mtu: 1500
Speed: 100 Mbps HardwareAddress: D4:AE:52:7F:B3:86
IPAddress: 172.25.1.201 NetMask: 255.255.255.0
IPv6Address: Description:
SupportsManagement: only ManagementStatus: mgmt
DCB: off Controller: primary
_______________________________________________________________________________

dwilliam62

1 Rookie

 • 

1.5K Posts

February 13th, 2019 13:00

Hello, 

 You are welcome. 

 It has to be configured in BOTH places. 'grpparams' is Group Parameters options so it affects all members of that group. 

 If you and another EQL member in that array, you would be able to access the Group GUI using that Group Management IP address. Even though only of the arrays would actually host that IP.  

 But each individual physical port on the management network must be configured so the members can talk to each other.  If you restarted one member that had the '172.25.1.200' management address it would be moved to another one in that same group. It is called the "Management Well Known IP address" since it is group wide. WKMA for short.  The iSCSI has the same thing.  A Well Know Address (WKA), and each member has their own physical port IP addresses.  When you try to login to the WKA, you are automatically redirected to a Physical port on a member.  Yours only has the one, so it's easy.  But if you added a 6100 later, there would now be 5x physical iSCSI ports total in the group. 

 Does that help? 

 Regards, 

Don

 

 

 

_iDell_

6 Posts

February 13th, 2019 13:00

It surely does Don, appreciate the insight.

I acquired the responsibility of this device as the Engineer that used to manage it is no longer with the organization.

Thanks much...

_iDell_

6 Posts

February 13th, 2019 13:00

Deleted the mgmt default gateway and enabled webaccess-noecrypt and now able to access the gui-ssl with http using both the .200 and .201 mgmt ip address...

Could you please share any other CLI command to access the gui using ssl /https (webaccess is enabled already)... thanks

DellGroup> show account active
Name          Type     StartTime                  Remote IP     Local IP
---------------- --------- -------------------- --------------- ---------------
grpadmin console 2019-02-13:14:01:59 not available not available
grpadmin gui-ssl 2019-02-13:15:04:18 10.x.x.x 172.25.1.200
grpadmin gui-ssl 2019-02-13:15:07:50 10.x.x.x 172.25.1.201

 

 

 

dwilliam62

1 Rookie

 • 

1.5K Posts

February 13th, 2019 15:00

Hello, 

 OK, I think I know what your other issue is.  Your PC has an updated version of Java.  Likely 8 build 201. 

Oracle disabled some TLS protocols by default with that upgrade.  If disabling "webadmin-crypt" resolves it that's almost assuredly your issue.  it's the same as unchecking the "encrypt communications" on the login screen. 

ava 8 release changes

  • Change: TLS anon and NULL Cipher Suites are Disabled
    The TLS anon (anonymous) and NULL cipher suites have been added to the jdk.tls.disabledAlgorithms security property and are now disabled by default.

 

To resolve this issue, you have to edit the 'Java.Security' file and re-enable the TLS anonymous feature

Do this for both the 32bit and 64bit  Java.Security file(s) if they have both java runtimes installed.

The location is installation dependent by typically the file(s) are found at:

 C:\Program Files (x86)\Java\jre1.8.0_201\lib\security\Java.Security

 C:\Program Files\Java\jre1.8.0_201\lib\security\Java.Security

Use notepad++ or any other text editor that allows proper formatting

Edit the Java.Security file 

 The line to be edited starts with:  jdk.tls.disabledAlgorithms

You have to remove the keyword 'anon' from the line.  

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \

    EC keySize < 224, 3DES_EDE_CBC, anon, NULL    

 
The line should then look like this: 

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \

    EC keySize < 224, 3DES_EDE_CBC, NULL
 

 

 Regards, 

Don

 

_iDell_

6 Posts

February 14th, 2019 13:00

Hi Don,

          I had ver 8 update 181 running and i checked the location /path for java security file - the line jdk.tls.disabledAlgorithms did not have keyword anon in it.

Upgraded java to ver 8 build 201 and followed your guideline to remove anon from the java security file - line jdk.tls.disabledAlgorithms.... still no change.

GUI /SSL access using Mgmt IP is working for http and still not for https.

 

 

dwilliam62

1 Rookie

 • 

1.5K Posts

February 14th, 2019 17:00

Hello, 

 Glad to hear that all the issue are resolved. 

 Re: HTTPS:   That was removed from EQL arrays a few years ago.  The Java applet uses encryption to actually talk to the array.  The only purpose for the webserver on the array is to deliver that Java Applet. 

  Since the certificate was self-signed the HTTPS: would generate Security Alerts on more recent Browsers.  Causing calls and confusion.  Since there is no additional protection of HTTPS over HTTP so HTTPS support was removed. 

 Regards,

Don

_iDell_

6 Posts

February 18th, 2019 11:00

Thanks much Don for the provided info, really appreciate your help in this matter.

dwilliam62

1 Rookie

 • 

1.5K Posts

February 18th, 2019 12:00

Hello, 

 Thank you!  I was glad that I could help you. 

 Have a great day! 

Don 

View More

View All

No Events found!

Top