| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||
Solution Type Technical Instruction Sure Solution 1002407.1 : Sun StorEdge[TM] 6320/6920: "se6000configure" script fails with "Return Code (15) : WAN/Component-LAN IP address overlap" or "Return Code (14) : WAN/SP-LAN IP address overlap"
PreviouslyPublishedAs 203370 Description On performing an initial setup of a Sun StorEdge[TM] 6320 or 6920 system (i.e. logged in as the user "setup" and proceed via the menu driven script se6000configure), if a USER LAN (WAN) address was specified to be in the subnet 192.168.0, the setup script will fail with: Return Code (15) : WAN/Component-LAN IP address overlap ERROR : The Firewall Configuration Failed. Do you wish to continue? (Y/N) If a USER LAN (WAN) address was specified to be in the subnet 10.X.X, the setup script will fail with: Return Code (14) : WAN/SP-LAN IP address overlap ERROR : The Firewall Configuration Failed. Do you wish to continue? (Y/N) Steps to Follow Continuing with the setup will result in a failed state for the firewall configuration and render hosts in USER LAN not able to connect to the service processor. Since the firewall setup did not complete, configuration was not saved in non-volatile memory such that, if the router/firewall is reset or power cycled, the configuration, including ip address of the router reverts back to previously saved setting, which would typically be Sun factory default values. The reason for this is because the subnet 192.168.0 is used within the Sun StorEdge 6320/6920 system as the COMPONENT LAN and subnet 10.X.X is used as the SP LAN. If the USER LAN address falls into the same subnet as the COMPONENT LAN or SP LAN, the SP would mistakenly route packets through. The initial setup script explicitly checked for this condition and fails the setup if an overlap was detected. Product Sun StorageTek 6320 System Sun StorageTek 6920 System Internal Comments Unfortunately the Sun StorEdge 6x20 iinstallation guide did not mention this restriction and it can be quite common for a site to have chosen private LAN address such as those in used by the internal LANs of Sun StorEdge 6x20, for their USER LAN (WAN) address. The se6000configure script calls FW_config script to perform the configuration of the firewall base on user entered values. The FW_config script prevents such configuration to be created. The code in FW_config explicitly checks for these conditions and fails the script with exit code 15 or 14. <code> # Check for address space overlaps between the WAN side and the SP # Check for address space overlaps between the WAN side and the LAN side </code> Reference: Esc 1-11369443 maserati, SE6320, system1, SE6920, se6000configure, FW_config, SPAT Previously Published As 82546 Change History Date: 2006-04-17 User Name: 97961 Action: Approved Comment: Publishing. No further edits required. Version: 7 Date: 2006-04-17 User Name: 97961 Action: Accept Comment: Version: 0 Date: 2006-04-17 User Name: 35753 Action: Approved Comment: Same problem different network, looks ok to put together, would have wish the title to be shorter but searchability outweights cosmetic. Minor edit, added reference also to return code 14 in Internal Only section. Ready for final review. Version: 0 Date: 2006-04-17 User Name: 35723 Action: Approved Comment: Added similar error message for SP-LAN overlap. Please review. Version: 0 Date: 2006-04-17 User Name: 35723 Action: Update Started Comment: Adding SP-LAN IP address overlap error code. Version: 0 Date: 2005-09-16 User Name: 97961 Action: Approved Comment: - Applied trademarking - Made simple sentence/grammatical corrections - Changed title to comply to the standard format Version: 4 Date: 2005-09-16 User Name: 97961 Action: Accept Comment: Version: 0 Date: 2005-09-15 User Name: 35723 Action: Approved Comment: Looks good. Version: 0 Date: 2005-09-13 User Name: 142418 Action: Add Comment Comment: Hi, This document is a good doc. However, a very important point is completely missing. That is, it is the subnet mask that dictates whether subnets are unique or not. NOT the actual decimal IP address. If you are writing a document and only specifiy the IP address of 192.168.0.1. You can NOT know the subnet unless you also look at the subnet mask. For example, you could have an IP address of 192.168.0.1 with a 255.255.255.0 subnet mask. That will be a completely unique subnet from an address of 192.168.0.1 with a 255.255.255.128 subnet mask. The Netgear firewall will absolutely interpret these two uinique subnets properly and m ake correct routing decisions. That's what routers do. Next point: Since the Component LAN uses a 255.255.255.0 subnet mask, The customer *should* be allowed to use any other unique subnet. Sun does NOT get to decide what is and is not a unique subnet. Industry spec defines that notion very very clearly! If this is not the case, based on the lines of code presented, then I would suggest an Info Doc is NOT appropriate and a P1 Bug submitted ASAP. Thank you, Paul Mazzarella Version: 0 Date: 2005-09-08 User Name: 35753 Action: Approved Comment: Edited as per TR comment. Version: 0 Date: 2005-09-08 User Name: 35723 Action: Rejected Comment: This also applies to SE6920. Please add SE6920 wherever SE6320 is referenced. Version: 0 Date: 2005-09-07 User Name: 35723 Action: Accept Comment: Version: 0 Date: 2005-09-07 User Name: 35723 Action: Add Comment Comment: This also applies to SE6920. Please add SE6920 wherever SE6320 is referenced. Version: 0 Date: 2005-09-07 User Name: 35753 Action: Approved Comment: Ready for TR. Version: 0 Date: 2005-09-07 User Name: 35753 Action: Created Comment: Version: 0 Product_uuid 4de60cc2-a08e-4610-b8bf-6a1881cb59c6|Sun StorageTek 6320 System 67794720-356d-11d7-8ef2-ce2ac2bc9136|Sun StorageTek 6920 System Attachments This solution has no attachment |
||||||||||||
|
||||||||||||