Interfaces do not restore to new hardware

codeblue2k

Im trying to migrate to newer hardware by restoring a configuration. During the restore the system notices that the interfaces are different and gives me the option to select the new NICs for the interfaces. After I hit apply the system reboots successfully, but its no longer manageable. If I run ifconfig none of the newly interfaces appear to be configured. The original LAN configuration that was setup during the install, 192.168.1.1, is there but not accessible. I rebuilt the server 3 times and each time I was identical.

Every article and post that I find says its a backup/restore… DONE. Thats not the case.

Derelict

Edit the backup file and replace the old interface names with the new.

Be careful you don't just s/re0/em0/g because there are probably instances of re0 in some of the base64-encoded objects.

Should take all of 5 minutes.

codeblue2k

@Derelict:

Edit the backup file and replace the old interface names with the new.

Be careful you don't just s/re0/em0/g because there are probably instances of re0 in some of the base64-encoded objects.

Should take all of 5 minutes.

Thanks for the suggestion. I did as you suggested and the restore no longer complained about missing interfaces. It rebooted and everything looks good. But now if I do a "ifconfig -u" all of the interfaces are listed as UP, even though there is nothing plugged into the NICs. The UP status persists even after reboots. Also, when I connect to a NIC there is no notifications on the console that the interface is going up or down. So its as if its stuck in a weird UP state.

Derelict

What is not working?

codeblue2k

@Derelict:

What is not working?

Managment WebUI is not acceptable from the reconfigured interface.

Derelict

Then you have to block it using firewall rules. This is completely normal.

Or disable the interface. It's not a Cisco.

codeblue2k

@Derelict:

Then you have to block it using firewall rules. This is completely normal.

Or disable the interface. It's not a Cisco.

Sorry, its not accessible from the new interface. didn't mean mean to say acceptable. Autocorrect :)

Derelict

I have no idea what you're saying is not working. You'll probably have to be more specific.

codeblue2k

@Derelict:

I have no idea what you're saying is not working. You'll probably have to be more specific.

Replacing the old interface names in the backup file solved the issue with the restore. I can see that the IPs are properly configured to the proper interfaces. But the issue now is that the management UI is still not accessible via the new interface.

Additionally, which might be related to the above issue, if I do not connect any of the NICs to the network all of the interfaces still appear to be UP and not Down. When connecting and disconnecting the NICs there is also no console notification that an interface went up or down. So all of the interfaces appear to stuck in an UP position and not able to detect when a NIC is connected or disconnected to the network.

Derelict

UP does not mean active. UP means not forced down.

This is with an IP configured and an interface enabled but not patched to a switch.  Note the "no carrier"

em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:30:18:a4:ec:73
inet6 fe80::230:18ff:fea4:ec73%em1 prefixlen 64 scopeid 0x3
inet 192.168.123.1 netmask 0xffffff00 broadcast 192.168.123.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: no carrier

This is the same interface disabled:

em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:30:18:a4:ec:73
inet6 fe80::230:18ff:fea4:ec73%em1 prefixlen 64 scopeid 0x3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: no carrier

You might be over-thinking things.

What firewall rules do you have on the interface that you can't access the webgui on?</performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></broadcast,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

codeblue2k

@Derelict:

UP does not mean active. UP means not forced down.

This is with an IP configured and an interface enabled but not patched to a switch.  Note the "no carrier"

em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:30:18:a4:ec:73
inet6 fe80::230:18ff:fea4:ec73%em1 prefixlen 64 scopeid 0x3
inet 192.168.123.1 netmask 0xffffff00 broadcast 192.168.123.255
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: no carrier

This is the same interface disabled:

em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:30:18:a4:ec:73
inet6 fe80::230:18ff:fea4:ec73%em1 prefixlen 64 scopeid 0x3
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: no carrier

You might be over-thinking things.

What firewall rules do you have on the interface that you can't access the webgui on?</performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></broadcast,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>

Well any rule that would be blocking access to the webgui would also be on the host that the backup was taken and blocking access to its webgui. This is not the case as the backuped host is online and accessible without issue.

Ill check the "no carrier" when i get into the office in the morning

Derelict

You're messing something up.

codeblue2k

@Derelict:

You're messing something up.

I can confirm that the interface name in the config is correct and that interface is the one that is connected to the network. Ill reinstall and rerun the whole process one more time in the morning.

codeblue2k

The root issue was resolved by reseating the NICs. For anyone else looking for a solution to a similar situation here are the steps that I took:

• Export backup XML from originating firewall

• Modify XML, replacing originating firewall interface names with interface names on the new firewall

• Restore XML to new firewall. There should be no warning, if there are check that you got all of the names changed

• Connect new firewall to the network

Derelict

Helps when you can actually talk to the hardware. Glad you found it.

Guest

Modify XML, replacing originating firewall interface names with interface names on the new firewall

To be on the save side I would suggest to do this first with a copy of the .XML file so you will be able to start
even new if it fails until it is not failing anymore.