APPENDIX B: TROUBLESHOOTING 109
Your Network
Understanding and maintaining your network is the key to success. The Raritan services will help
you understand and troubleshoot your network, as it relates to the CC-NOC. This chapter,
however, is about troubleshooting the CC-NOC.
Raritan Support Structure
Before troubleshooting anything else, you should always make sure that your basic connectivity
to the Raritan support structure is available should you need to utilize it. Maintaining these
connections is the foundation to the health of your CC-NOC.
Contacting Raritan
The CC-NOC will attempt to contact the Raritan server(s) via SSH if you click [establish
support connection] on the Help tab. You may be requested by Technical Support to establish
this connection so we might help you diagnose certain issues.
To ease the administrative burden associated with this function, Raritan ships all CC-NOC
appliances with the ability to attempt SSH connections on multiple ports. These ports map back
directly to the list of protocols most commonly allowed out through firewalls:
• 22 – ssh
• 25 smtp
• 80 – http
• 443 – https
If any of these ports are open in a pure “any traffic outbound” mode, then our SSH
connectivity will be successful. Our secured servers, to support this, run SSH daemons on
each of these ports.
Discovery
To troubleshoot discovery, you must first understand when it runs and how it runs. The discovery
service initially runs after the managed IP address ranges are configured. After that point, it will
run once per day for the entire time that the CC-NOC is installed. It will continue to check your
managed IP address ranges to see if any new devices have appeared on the network.
When you first configure your managed IP addresses, discovery may take a significant amount of
time. This depends on how many addresses you are attempting to discover. A large network, with
multiple class C devices can take as much as 24 hours to complete. Discovery runs as a low
priority task to avoid flooding your network with discovery traffic. Since it is spaced out over
time, the impact on your network will be nearly invisible.
For a device to be discovered, the CC-NOC must be able to PING the device. For ping to work,
the CC-NOC must be allowed to send an ICMP ECHO (Code 8) to the device and must be able to
receive an ICMP ECHO REPLY (Code 0) back from the device. These packets must route
correctly between the CC-NOC and the devices. If any firewalls exist between the CC-NOC and
the device, they must allow the ICMP ECHO to pass through to the device and must allow the
ICMP ECHO REPLY to pass back to the CC-NOC.
To test whether or not ping should work, attach a computer to the same subnet as the CC-NOC.
From that computer, open up a command line and type:
ping <ip address>
where
<ip address> is the IP address of the device for which you are troubleshooting discovery.