Troubleshooting Tips

Upgrade Firmware

To upgrade your Host, connect to CLI via SSH or Console:

1. Check current firmware version

mbox# show version
 ##########################Device Info
 Kernel version: 3.14.39-mbox
 Hardware model: HSG-100
 Version: 20201111-1000   --------------- > Current Version
 ##########################Changelogs##
 ...

[Press Ctrl + C] to stop/clear the line

2. Check available firmware versions

mbox# upgrade list
20200916-0030
20200824-1200

3. Upgrade to your desired version

Syntax = # upgrade <version>

mbox# upgrade 20200916-0030

NOTE

If the current version is not desirable, you can roll back to the earlier version.

.

4. Reset to factory default

In some circumstances (eg. re-use some devices or reset some historical data), you may want to reset your device to factory default settings.

NOTE

Reset will erase all local data!!!. Make sure you have backups if you want to restore back to your existing data.

Just in case you need to re-flash HSA/UA base image, please follow this link to flash.

To reset your device to factory defaults, follow below guide.

  1. Console/SSH into mbox
  2. Login to unprivileged mode (‘support’ login credential)
  3. Login to privileged mode (‘enable’ login credential)
  4. Type ‘write erase’ 
mbox# write erase
Do you want to erase current CLI config "y" or "n": y
[info] resetting start-up config to default…
[note] Please restart mbox to apply the default config.
Remove local captive portal contents. Remove all "y" or "n": y
Remove mbox portal user files (e.g. Historical Reports). Remove all "y" or "n": y
Do you want to reset all databases "y" or "n": y
[info] ...
Do you want to erase local config backup files "y" or "n": y
Do you want to erase MAP statistics "y" or "n": y
mbox# reboot

After the box comes up, the box will be pre-loaded with a default set of configuration.

NOTE

1. Make sure you don’t type the command “write memory” before reboot else you will save back the configured current config again instead of reboot with the default startup-config).

2. The default startup-config allows basic Internet connection through eth0 and LAN connection over eth1. Management of the Host is only allowed through ethernet port eth2.

3. sometimes you may just want to reset the database only, and still keep the CLI/network configurations, during the ‘write erase’ command process, So in each of the prompted steps enter “y”. For the question ‘Do you want to reset all databases “y” or “n”‘: y, and answer “n” for the rest of the steps.

If you want to have a complete empty start-up configuration (to start from scratch) to configure the box, just type “write erase all” and after the write erase all process is completed, type reboot command.

  1. Use “show startup-config” command under privileged mode ( mbox# show startup-config), To verify the default configs for HSG / CMG / HSA / UA
mbox# show startup-config
!
hostname mbox
!
interface eth0
description "Default connection to WAN"
enable
ip address dhcp
!
interface eth1
description "Default connection to LAN"
enable
ip address 192.168.8.1/22
dhcp-server
lease-time 86400 86400
router 192.168.8.1
dns 8.8.8.8 8.8.4.4
range 192.168.8.10 192.168.11.254
enable
!
interface eth2
description "Default OOB-Mgmt"
enable
ip address 10.10.10.1/24
dhcp-server
lease-time 86400 86400
router 10.10.10.1
dns 8.8.8.8 8.8.4.4
range 10.10.10.10 10.10.10.20
enable
!
interface eth3
description "Reserved network"
!
interface loopback
enable
ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host macc.ransnet.com 2.1.2.1 rewrite
ip host splash.ransnet.com 2.1.2.1 rewrite
!
firewall-input 10 permit all tcp dport 80 src 10.0.0.0/8 admin remark "WEB mgmt OOB"
firewall-input 11 permit all tcp dport 22 src 10.0.0.0/8 remark "SSH mgmt OOB"
!
firewall-access 10 permit outbound eth0
!
firewall-snat 10 overload outbound eth0

Reset MAP to factory default setting (delete config.text)

Find the procedure below:

  1. Connect to MAP console port (using baud rate 9600), log in with the credential admin/admin.
  2. Delete existing config (in case MAP is ever used elsewhere). under enable mode, delete config.text, and use the command reload, to reboot the MAP.

Basic Configuration

Product : CMG, HSG, LOG

Mostly mbox is deployed as a gateway appliance with minimum router & firewall functions. A working mbox must have the below points configured:

Prerequisites

  • Interface IP addresses for both WAN and LAN interfaces
  • Default IP gateway route and name-server (optional if WAN is DHCP)
  • DHCP address assignment for LAN users
  • Basic firewall access rules and address translation rules

Provisioning Procedure

  • Enable & configure WAN (eth0) interface IP
  • Enable & configure LAN (eth1) interface (assume there’s another LAN switch to connect internal PC)
  • Enable DHCP server on LAN (eth1) to assign DHCP IP addresses to internal users
  • Configure default gateway and name-server (not needed if WAN is on DHCP)
  • Configure firewall rules to permit outbound Internet access and Port Address Translation to hide internal private IP addresses.

This is the default startup-config after mbox bootstrap (or write erase), for the above simple scenario. 

mbox# show startup-config
!
hostname mbox
!
interface eth0
description "Default connection to WAN"
enable
ip address dhcp
!
interface eth1
description "Default connection to LAN"
enable
ip address 192.168.8.1/22
dhcp-server
lease-time 86400 86400
router 192.168.8.1
dns 8.8.8.8 8.8.4.4
range 192.168.8.10 192.168.11.254
enable
!
interface eth2
description "Default OOB-Mgmt"
enable
ip address 10.10.10.1/24
dhcp-server
lease-time 86400 86400
router 10.10.10.1
dns 8.8.8.8 8.8.4.4
range 10.10.10.10 10.10.10.20
enable
!
interface eth3
description "Reserved network"
!
interface loopback
enable
ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host macc.ransnet.com 2.1.2.1 rewrite
ip host splash.ransnet.com 2.1.2.1 rewrite
!
firewall-input 10 permit all tcp dport 80 src 10.0.0.0/8 admin remark "WEB mgmt OOB"
firewall-input 11 permit all tcp dport 22 src 10.0.0.0/8 remark "SSH mgmt OOB"
!
firewall-access 10 permit outbound eth0
!
firewall-snat 10 overload outbound eth0

SQL Problem

Occasionally you may experience problem to load default databases, due to the current system busy with SQL processing, and you may get errors as below:

info: loading default databases…
 taking longer. please wait…
 Info: mysql is stopped.
 Info: mysql is stopped.
 Error: MySQL is not running. Can't restore databases.
 initializing all databases…
 Current Version: 201608010100
 Installing Version: 201706031500
 stop mysql events
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2003 (HY000): Can't connect to MySQL server on 'mysqldb' (111)
 ERROR 2003 (HY000): Can't connect to MySQL server on 'mysqldb' (111)
 Error: mbox mysql user not permitted to mboxadmin.
 init DB mboxadmin
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 mysqlshow: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 upgrade DB mboxadmin
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
  • After the last step is completed, restart your mbox (it should boot up with a basic default config without any SQL running).
  • Execute ‘# write erase’ command, This will be able to reset your mbox completely

If it’s still not resolved, then it might be due to the SQL dynamic pass generation issue.
Follow the below steps to pass-rest

mbox# 
mbox# configure 
mbox(config)# mfusion mysql-server 
mbox(config-mysql)# pass-reset
……
……
[info] mysql DB pass normalized successfully.
mbox(config-mysql)# end
mbox# write erase

Troubleshooting mfusion connectivity

Once a mbox is properly licensed and becomes online, it will initiate contact with the mfusion server and start monitoring automatically. It can take up to 5 minutes for a newly added mbox to turn green on the mfusion dashboard.

But sometimes it remains in-active (red) in mfusion all the time. A few things to check:

  • Check connectivity to mfusion server
  • Check mfusion agent status
  • Host name parameter
  • Tcpdump

Check connectivity to mfusion server

  1. Console/SSH to mbox
  2. Under enable mode, execute the command ‘ping portal.ransnet.com‘ to make sure the box can reach to the CORRECT mfusion server. Especially if you are using on-premise or private mfusion server (you’ve used ‘ip host portal.ransnet.com x.x.x.x‘ to point to your own mfusion server IP), make sure portal.ransnet.com is resolved to the correct IP address.

NOTE:

“ip host x.x.x.x y.y.y.y” is used to alter default DNS resolution results. But sometimes you may experience the command is not working or doesn’t produce the expected result. The likely root cause is because the DNS server (configured under “ip name-server m.m.m.m n.n.n.n) is wrong or unreachable (especially in a private/MPLS network).

If you are sure that your configured name-server is indeed unreachable or you don’t need it at all and you just want “ip host x.x.x.x y.y.y.y” command to work, simplely set name-server to the box itself, eg. ‘ip name-server 127.0.0.1 127.0.0.1’

Check mfusion agent running status

  1. Console/SSH to mbox
  2. Under enable mode, execute the command ‘show mfusion agent‘ to check whether the agent is running
mbox# show mfusion agent
mFusion agent is running…

Check mfusion provisioning accuracy

  1. Login to mfusion
  2. Navigate to ‘ADMIN > Hosts‘ and check whether the host name is equal to the MAC address of the mbox eth0 interface, in the format of xx-xx-xx-xx-xx-xx. All alphabet characters have to be in lower case.

Use tcpdump to check two-way communication

  1. Console/SSH to mbox
  2. Under enable mode, execute the command ‘tcpdump interface eth0 port 10051 filter <ip address of mfusion>‘ to check whether the traffic communication between mbox and mfusion.
    • Syntax : tcpdump interface <WAN Interface> port <mfusion communication port > filter <ip address of mfusion>
mbox# tcpdump interface eth0 port 10051 filter 129.126.175.80 
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
 20:25:18.456577 IP 220.247.217.202.4964 > 129.126.175.80.10051: Flags [S], seq 4074193707, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
 20:25:18.508602 IP 129.126.175.80.10051 > 220.247.217.202.4964: Flags [R.], seq 0, ack 4074193708, win 0, length 0
 20:25:19.520935 IP 220.247.217.202.4965 > 129.126.175.80.10051: Flags [S], seq 879021307, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 9], length 0
 20:25:19.573501 IP 129.126.175.80.10051 > 220.247.217.202.4965: Flags [R.], seq 0, ack 879021308, win 0, length 0

wpChatIcon