Troubleshooting
Problem
If hardware fails on a managed host requiring that the system board (NIC) be replaced, after replacement, the MAC address in the management interfaces config file needs to be mapped to the new MAC address of the replacement system board NIC.
Symptom
The manage host cannot communicate to the console in the deployment. No traffic is sent or received on NIC management interface.
Cause
Network interface config file needs to have new MAC address of installed replacement system board (NIC).
Environment
These instructions are specific for managed hosts running QRadar 7.3.0 or QRadar 7.3.1.
Resolving The Problem
Before you begin
- You must be an administrator with root access to complete this procedure.
- This procedure requires remote management, such as IMM, iDRAC, or direct console connection.
- Back up the configuration file for the interface before you make any changes. For example, to back up a configuration file, type:
cp /etc/sysconfig/network-scripts/ifcfg-<interface>/storetmp
Procedure
This procedure informs administrators how to determine the interface name, verify the MAC address, and update the configuration file to ensure that the configuration file for the network interface includes the correct MAC address for the replaced system board.
1. Connect to the QRadar management host using IMM, iDRAC, or a direct console connection.
2. To locate the name of the management interface, type:
cat /etc/management_interface
The management interface name is returned in the output, for example eno1.
3. To determine the MAC address for the named management interface. Administrators should note the MAC address as you will need this value for step #7.
ifconfig eno1 | grep ether ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
4. Navigate to the following directory:
cd /etc/sysconfig/network-scripts
5. To list the MAC address for the replaced system board, type:
grep HWADDR ifcfg-*
NOTE: After the system board has been replaced, you should see a different MAC address for HWADDR in the ifcfg-eno1 file or for whichever configuration file your management interface happens to be on per step #1. This mismatch indicates that the network-scripts file for that interface needs to be updated with the correct MAC address for the replacement system board.
6. Back up your configuration file. In this example, the configuration file is ifcfg-eno1.
cp /etc/sysconfig/network-scripts/ifcfg-eno1 /tmp
7. To edit the configuration file, type:
vim ifcfg-en01
8. Locate the HWADDR= field and replace the value with the MAC address found in step #3.
To save your changes, type:
esc :wq
9. To restart the network service, type:
systemctl restart network
10. After the network service restarts, verify communications on the management interface by attempting to copy a file to another server or by running a search from the QRadar Console.
Note: ICMP ping responses are disabled by default on QRadar appliances. If you want to enable ping responses on a QRadar appliance, see: QRadar: Enabling ping response on appliances.
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2022
UID
ibm10733937