Guest

Preview Tool

Cisco Bug: CSCvw01221 - CIMC Port Forwarding Unavailable

Last Modified

Oct 08, 2020

Products (1)

  • Cisco Enterprise NFV Infrastructure Software

Known Affected Releases

NFVIS-3.12.3

Description (partial)

Symptom:
After some time, the connection between NFVIS and CIMC via the network fails
`system settings cimc-access enable` does not provide CIMC access over ssh port 20227

Conditions:
`system settings cimc-access enable` configured

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: GE0-0 GE0-1 MGMT int-LAN int-mgmt-net-br lan-br wan2-br wan-br
  sources: 
  services: ssh dhcpv6-client snmp
  ports: 830/tcp 1610/udp 22/tcp 80/tcp 443/tcp
  protocols: 
  `masquerade: no`
  forward-ports: port=20226:proto=udp:toport=161:toaddr=192.168.50.2
        port=20227:proto=tcp:toport=22:toaddr=192.168.50.2
        port=20228:proto=tcp:toport=80:toaddr=192.168.50.2
        port=20229:proto=tcp:toport=20229:toaddr=192.168.50.2
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="192.168.50.0/24" masquerade

After getting to NFVIS Linux shell I found that this internal IP is unreachable, neither ARP records nor icmp reachability,

[root@emea-spcloud-encs01 admin]# arp -a
? (192.168.10.12) at 52:54:00:49:55:59 [ether] on csxbr
? (10.20.0.2) at 52:54:00:2a:c6:8e [ether] on int-mgmt-net-br
? (192.168.50.2) at <incomplete> on int-LAN-vf-2
? (192.168.0.1) at 00:50:56:9e:01:58 [ether] on MGMT
gateway (172.16.0.1) at 00:50:56:9e:12:f2 [ether] on wan-br
? (169.254.1.0) at 00:81:c4:37:69:52 [ether] on int-LAN.2363
? (192.168.0.211) at 08:cc:a7:e6:d6:c1 [ether] on MGMT

The following steps fixed the issue,
system settings cimc disable -> commit -> enable -> commit 
[root@emea-spcloud-encs01 admin]# ping 192.168.50.2
PING 192.168.50.2 (192.168.50.2) 56(84) bytes of data.
64 bytes from 192.168.50.2: icmp_seq=2 ttl=64 time=0.619 ms
64 bytes from 192.168.50.2: icmp_seq=3 ttl=64 time=0.616 ms
64 bytes from 192.168.50.2: icmp_seq=6 ttl=64 time=0.635 ms
64 bytes from 192.168.50.2: icmp_seq=7 ttl=64 time=0.678 ms
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.