This playbook describes steps to resolve issues when the LAN Port is down.
Overview
The Socket LAN port typically serves as the internal network connection for a site. In the case of Socket HA, keepalive signals are transmitted through this port to monitor the health and status of the HA connection. It's vital to be informed if the LAN port goes down, as this could disrupt communication, degrade network performance, and affect critical services.
When responding to Network XDR stories it is important to approach the problem by first verifying the problem is ongoing, then troubleshooting the problem and finally verifying the problem is resolved.
Step 1 - Verifying the LAN Port Is Down
The following are the different ways that a Cato Management Application admin can verify that a LAN Port is showing down.
- An XDR story will be generated when the LAN port is down.
- Go to the Stories Workbench page and use the Network Operations preset, include the filter: Indication In LAN port down, and adjust the time frame if necessary.
- Verify if a story is generated as shown below.
- Click on the story to drill down into the details. It provides information on the site's current status, an incident timeline, and, more importantly, the connectivity status of the Socket interfaces.
- As you scroll further down in the story drill-down, you'll find the Incident Timeline. This timeline highlights any changes in the status of the LAN interface.
NOTE: The LAN Port Down does not generate any CMA Events. To be notified by email when the LAN port is down, you can configure a rule in the Detection and Response Policy.
- Another way to verify that the LAN port is down is to access the Socket WebUI.
- To do that, refer to https://support.catonetworks.com/hc/en-us/articles/4413265669905-Using-the-Socket-WebUI.
- As shown in the below screenshot, we can see that the LAN 01 is Down.
This section covers the tools available in Cato for a structured troubleshooting approach to this type of incident. While the steps are generally meant to be followed in order, the results of each check may influence the next step in the process.
- Review changes in the Audit Trail page and see if there is a configuration change leading to this issue.
- For example, the screenshot below shows that the admin made configuration changes to LAN 02. If the timing of this activity aligns with the LAN interface going down, the admin can revert the changes to determine if the changes are the cause.
- Please verify the physical connectivity or cabling between the Socket and the network device connected to the affected LAN port.
- Additionally, review any recent or ongoing changes to the LAN-side configuration. For example, configuration changes on the switch connected to the Socket LAN interface, such as changes to VLANs or subnets, could be affecting the connection.
- Replacing the cable connected to the Socket LAN port or connecting it to a different port on the switch can help determine if the issue is hardware-related.
After identifying and resolving the issue causing the LAN to go down, verify that the port is now visible in both the Story drill-down and the Socket WebUI.
NOTE: Once the issue is resolved, the status of the story will change from "Open" to "Monitoring." It will remain in this state for the next two hours, provided there are no further incidents. For more information, refer to Understanding the Stories Columns.
Access the Socket WebUI to verify the status of the LAN port is up. To do that, refer to https://support.catonetworks.com/hc/en-us/articles/4413265669905-Using-the-Socket-WebUI.
Raising Cases to Cato Support
If following this playbook has not resolved an issue, submit a Support ticket. To get the most helpful response to a request, an administrator should provide the results of the troubleshooting steps taken.
0 comments
Please sign in to leave a comment.