Troubleshooting firewall configuration issues – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

518

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Troubleshooting Firewall configuration issues

B

•

Enable rogueap detection global flag.

•

After enabling rogueap and anyone of the detection mechanisms, look in the roguelist context
for detected APs. If no entries are found, do the following:

•

Check the global rogueap flag by doing a show in rogueap context. It should display Rogue
AP status as "enable" and should also the status of the configured detection scheme.

•

Check for the "Brocade AP" flag in rulelist context. If it is set to "enable", then all the
detected APs will be added in approved list context.

•

Check for Rulelist entries in the rulelist context. Verify it does not have an entry with MAC
as "FF:FF:FF:FF:FF:FF" and ESSID as "*"

•

If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not
send a scan request to an inactive or unavailable radio.

•

Just enabling detectorscan will not send any detectorscan request to any adopted AP. User
should also configure at least a single radio as a detectorAP. This can be done using the set
detectorap command in rogueap context.

Troubleshooting Firewall configuration issues

Brocade recommends adhereing to the following guidelines when dealing with problems related to
Brocade Mobility RFS7000-GR Controller Firewall configuration:

A Wired Host (Host-1) or Wireless Host (Host-2) on the untrusted side is not able to connect to the
Wired Host (Host-3) on the trusted side

1. Check that IP Ping from Host1/Host2 to the Interface on the Trusted Side of the Brocade

Mobility RFS7000-GR Controller works.

CLI (from any context) - ping

2. If it works then there is no problem in connectivity.

3. Check whether Host-1/Host-2 and Host-3 are on the same IP subnet.

If not, add proper NAT entries for configured LANs under FireWall context.

4. After last step, check again, that IP Ping from Host1 to the Interface on the Trusted Side of the

Brocade Mobility RFS7000-GR Controller works.

If it works then problem is solved.

A wired Host (Host-1) on the trusted side is not able to connect to a Wireless Host (Host-2) or Wired
Host (Host-3) on the untrusted side

1. Check that IP Ping from Host1 to the Interface on the Untrusted Side of the switch works.

2. If it works then there is no problem in connectivity.

3. Now check whether Host-1 and Host-2/Host-3 are on the same IP subnet.

If not, add proper NAT entries for configured LANs under FireWall context.

4. Once step 3 is completed, check again, that IP Ping from Host1 to the Interface on the

Untrusted Side of the switch works.

If it works then problem is solved.