Fibre Channel (SAN)

Reply
Contributor
Posts: 25
Registered: ‎09-20-2007
Accepted Solution

This is odd...

A while back I replaced some 48K's with DCX8510's.  Every Friday around 18:40 I this this message in the log on two of them:

 

2017/05/05-18:47:44, [IPAD-1002], 33747, SLOT 7 | FID 128, INFO, PRODUCTION-DIR2, Switch name has been successfully changed to PRODUCTION-DIR2

 

It happens at the same time on both directors, but there are no messages immediately prior to this entry or after it that would help me understand how (or who) is doing this.

 

One Friday I had their network cable disconnected for about 20 minutes during the time when this "event" usually happens and the name change did not occur. This tells me that something on my network (outside the switch) is doing this.

 

I previously ran an old version of Network Advisor, but the version I bought wasn't compatible with the 8510's so I have uninstalled it. Was thinking it might have been responsible, but apparently not.

 

Anyone have any ideas what could be doing this?  Can't easily sniff the network so I need other suggestions to figure out what address is sending the commands.

 

Thanks,

Daryl

 

Brocade Moderator
Posts: 300
Registered: ‎08-31-2009

Re: This is odd...

[ Edited ]

Hello,

 

Looking like an external equipement is doing this.

Check CLI history:

clihistory --showall

 

Check your SNMP acess control and change the snmp configurations from read/write (RW) to read only (RO) is some are (RW).

 

 Sample:

 

snmpconfig --show accesscontrol

SNMP access list configuration:
Entry 0: No access host configured yet
Entry 1: No access host configured yet
Entry 2: No access host configured yet
Entry 3: No access host configured yet
Entry 4: No access host configured yet
Entry 5: No access host configured yet

 

snmpconfig --set accesscontrol

SNMP access list configuration:
Access host subnet area : [0.0.0.0] 192.168.0.0 Read/Write? (true, t, false, f): [false] Access host subnet area : [0.0.0.0] Read/Write? (true, t, false, f): [true] Access host subnet area : [0.0.0.0] Read/Write? (true, t, false, f): [true] Access host subnet area : [0.0.0.0] Read/Write? (true, t, false, f): [true] Access host subnet area : [0.0.0.0] Read/Write? (true, t, false, f): [true] Access host subnet area : [0.0.0.0] Read/Write? (true, t, false, f): [true] Committing configuration.....done.
GSC-DCX8510-8:FID128:admin> snmpconfig --show accesscontrol

SNMP access list configuration:
Entry 0: Access host subnet area 192.168.0.0 (ro) Entry 1: No access host configured yet Entry 2: No access host configured yet Entry 3: No access host configured yet Entry 4: No access host configured yet Entry 5: No access host configured yet

 

 

 

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Contributor
Posts: 25
Registered: ‎09-20-2007

Re: This is odd...

My results for 'snmpconfig --show accesscontrol' look like this:
SNMP access list configuration:
Entry 0: No access host configured yet
Entry 1: No access host configured yet
Entry 2: No access host configured yet
Entry 3: No access host configured yet
Entry 4: No access host configured yet
Entry 5: No access host configured yet

Do I still need to set access control to RO?
Is there any way to enable more verbose logging of the system log?
Brocade Moderator
Posts: 300
Registered: ‎08-31-2009

Re: This is odd...

Can you run?:

 

snmpconfig --set accesscontrol

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Brocade Moderator
Posts: 304
Registered: ‎03-29-2011

Re: This is odd...

Try the following command (CLI) to check out any http request

 

appLoginHistory --show

 

Use this command to display the history of HTTP login sessions from external management applications such as Brocade Network Advisor or Web Tools. The command displays both current sessions and a history of past sessions. For each entry, the command output shows the following information

 




If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Contributor
Posts: 25
Registered: ‎09-20-2007

Re: This is odd...


Thierry.Zimmermann wrote:

 

Can you run?:

 

snmpconfig --set accesscontrol


I can run this command, but not sure what IP settings to use. 

 

Also, the command 'clihistory --showall' does not show any cli commands at the time of the event.  Here is the command history from 5/4 - 5/6:

 

Thu May  4 22:00:01 2017         backup, x.x.x.x, configupload

Fri May  5 22:00:01 2017         backup, x.x.x.x, configupload

Sat May  6 22:00:03 2017         backup, x.x.x.x, configupload

 

Here are some of the entries from 'errdump' of the name change events:

 

2017/04/07-18:40:37, [IPAD-1002], 6773, SLOT 7 | FID 128, INFO, PRODUCTION-DIR1, Switch name has been successfully changed to PRODUCTION-DIR1.
2017/04/14-18:36:51, [IPAD-1002], 6808, SLOT 7 | FID 128, INFO, PRODUCTION-DIR1, Switch name has been successfully changed to PRODUCTION-DIR1.
2017/04/21-18:42:37, [IPAD-1002], 6844, SLOT 7 | FID 128, INFO, PRODUCTION-DIR1, Switch name has been successfully changed to PRODUCTION-DIR1.
2017/04/28-18:50:47, [IPAD-1002], 6886, SLOT 7 | FID 128, INFO, PRODUCTION-DIR1, Switch name has been successfully changed to PRODUCTION-DIR1.
2017/05/05-18:47:44, [IPAD-1002], 6926, SLOT 7 | FID 128, INFO, PRODUCTION-DIR1, Switch name has been successfully changed to PRODUCTION-DIR1.

 

Thinking event this must be happening via snmp because there is no cli command history or login.  Would that be a correct assumption??

Contributor
Posts: 25
Registered: ‎09-20-2007

Re: This is odd...


Martin.Sjölin wrote:

Try the following command (CLI) to check out any http request

 

appLoginHistory --show

 

Use this command to display the history of HTTP login sessions from external management applications such as Brocade Network Advisor or Web Tools. The command displays both current sessions and a history of past sessions. For each entry, the command output shows the following information

 


Thanks for the command, unfortunately there are no commands listed for the dates/time of the name change event.

Brocade Moderator
Posts: 304
Registered: ‎03-29-2011

Re: This is odd...

And the following which complements the clihistory (only saves the most recent 256 entries, though)

 

auditdump --show

 

Option for modification is snmp; ssh; http(s); cal used by BNA

 

 




If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution".


Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers. All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider. If this provided you with a solution to this issue, please mark it with the button at the bottom "Accept as solution"
Contributor
Posts: 25
Registered: ‎09-20-2007

Re: This is odd...


Martin.Sjölin wrote:

And the following which complements the clihistory (only saves the most recent 256 entries, though)

 

auditdump --show

 

Option for modification is snmp; ssh; http(s); cal used by BNA

 

 


Bingo!  Found this entry from the auditdump -s command:

 

69 AUDIT, 2017/05/05-18:47:44 (EDT), [IPAD-1002], INFO, CONFIGURATION, NONE/admin/x.x.x.x/snmp/snmp, ad_255/PRODUCTION-DIR2/FID 128, , Switch name has been successfully changed to PRODUCTION-DIR2.

 

This tells me that it was coming in via SNMP and it tells me the IP where it is coming from.  Will do some digging to see who that is. 

 

Thanks Martin and everyone else that contributed.

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.