Question : Problem: WTF's up with my iSCSI network config ???

Experts:

I just purchased an EMC AX4-5i dual-SP SAN appliance; two racks, one for SAS drives and the other with SATA drives. I'm just setting up the appliance and I'm stuck, hoping you all can help me figure something out.

If you look at the attached file you'll notice my vanilla setup: 1 server with 3 NICs connected to a pair of GigE switches configured in a meshed network connecting a pair of SP units, each with two iSCSI ports of their own.

The problem I'm having is that on the server i can only ping one of two switches and only two of four iSCSI ports

C:\Program Files\Support Tools>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : galapagos
Primary Dns Suffix . . . . . . . : xxx.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : xxx.local

Ethernet adapter 192.168.253.98:

Connection-specific DNS Suffix . : xxx.local
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
Physical Address. . . . . . . . . : 00-04-23-AB-6A-0B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.253.98
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter 192.168.253.99:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter #2
Physical Address. . . . . . . . . : 00-04-23-AB-6A-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.253.99
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter 192.168.10.25:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-50-8B-EB-15-1C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.25
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DNS Servers . . . . . . . . . . . : 192.168.10.13
192.168.10.25
Primary WINS Server . . . . . . . : 192.168.10.13
Secondary WINS Server . . . . . . : 192.168.10.25

C:\Program Files\Support Tools>ping 192.168.253.199

Pinging 192.168.253.199 with 32 bytes of data:

Reply from 192.168.253.199: bytes=32 time=3ms TTL=64
Reply from 192.168.253.199: bytes=32 time=2ms TTL=64
Reply from 192.168.253.199: bytes=32 time=1ms TTL=64
Reply from 192.168.253.199: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.253.199:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms

C:\Program Files\Support Tools>ping 192.168.253.198

Pinging 192.168.253.198 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.198:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>ping 192.168.253.200

Pinging 192.168.253.200 with 32 bytes of data:

Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.253.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Program Files\Support Tools>ping 192.168.253.201

Pinging 192.168.253.201 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.201:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>ping 192.168.253.202

Pinging 192.168.253.202 with 32 bytes of data:

Reply from 192.168.253.202: bytes=32 time=1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.253.202:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Program Files\Support Tools>ping 192.168.253.203

Pinging 192.168.253.203 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.203:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>

So before I go any further and start configuring iSCSI initiators or LUNs, etc...I wanted to clear up this networking mystery

Thanks,
juckyt

Answer : Problem: WTF's up with my iSCSI network config ???

You will need to add a service and a rule:

From the Admin guide:

Add Service
To add a service not listed in the Services window, click Access on the left side of the browser
window, and then click the Add Service tab.
The list on the right side of the window displays the services that are currently defined. These
services also appear in the Services window.
Two numbers appear in brackets next to each service. The first number indicates the service's IP
port number. The second number indicates the IP protocol type (6 for TCP, 17 for UDP, or 1 for
ICMP).
Tip There can be multiple entries with the same name. For example, the default configuration has
two entries labeled Name Service (DNS) for UDP port 53 and TCP port 53. Multiple entries with
the same name are grouped together, and are treated as a single service. Up to 128 entries are
supported.
Add a Known Service
1. Select the name of the service you want to add from the Add a known service list.
2. Click Add. The new service appears in the list box on the right side of the browser window. Note
that some services add more than one entry to the list.
Add a Custom Service
1. Select [Custom Service] from the Add a known service list.
2. Type a unique name, such as CC:mail or Quake in the Name field.
3. Enter the beginning number of the IP port range and ending number of the IP port range in the
Port Range fields. If the service only requires one IP port, enter the single port number in both
Port Range fields.
Tip Visit <http://www.ietf.org/rfc/rfc1700.txt> for a list of IP port numbers.
Network Access Rules Page 131
4. Select the IP protocol type, TCP, UDP or ICMP, from the Protocol list.
5. Click Add. The new service appears in the list on the right side of the browser window.
Tip If multiple entries with the same name are created, they are grouped together as a single service
and can not function as expected.

Add A New Rule
1. Click Add New Rule... in the Rules window to open the Add Rule window.
2. Select Allow or Deny in the Action list depending upon whether the rule is intended to permit or
block IP traffic.
3. Select the name of the service affected by the Rule from the Service list. If the service is not
listed, you must define the service in the Add Service window. The Default service encompasses
all IP services.
4. Select the source of the traffic affected by the rule, either LAN or WAN, (both), from the Source
Ethernet menu.
If you want to define the source IP addresses that are affected by the rule, such as restricting
certain users from accessing the Internet, enter the starting IP addresses of the address range
in the Addr Range Begin field and the ending IP address in the Addr Range End field. To include
all IP addresses, enter in the Addr Range Begin field.
5. Select the destination of the traffic affected by the rule, either LAN or WAN or , from the
Destination Ethernet menu.
If you want to define the destination IP addresses that are affected by the rule, for example, to
allow inbound Web access to several Web servers on your LAN, enter the starting IP addresses
of the address range in the Addr Range Begin field and the ending IP address in the Addr Range
End field. To include all IP addresses, enter in the Addr Range Begin field.
6. Select always from the Apply this rule menu if the rule is always in effect.
7. Select from the Apply this rule to define the specific time and day of week to enforce the rule.
Enter the time of day (in 24-hour format) to begin and end enforcement. Then select the day of
the week to begin and end enforcement.
Tip If you want to enable the rule at different times depending on the day of the week, make
additional rules for each time period.
8. If you would like for the rule to timeout after a period of inactivity, set the amount of time, in
minutes, in the Inactivity Timeout in Minutes field. The default value is 5 minutes.
Network Access Rules Page 135
9. Do not select the Allow Fragmented Packets check box. Large IP packets are often divided into
fragments before they are routed over the Internet and then reassembled at a destination host.
Because hackers exploit IP fragmentation in Denial of Service attacks, the SonicWALL blocks
fragmented packets by default. You can override the default configuration to allow fragmented
packets over PPTP or IPSec.
10. Enable Bandwidth Management, and enter the Guaranteed Bandwidth in Kbps.
11. Enter the maximum amount of bandwidth available to the Rule at any time in the Maximum
Bandwidth field. Assign a priority from 0 (highest) to 7 (lowest).
12. Click Update. Once the SonicWALL has been updated, the new rule appears in the list of Current
Network Access Rules.
Tip Although custom rules can be created that allow inbound IP traffic, the SonicWALL does not
disable protection from Denial of Service attacks, such as the SYN Flood and Ping of Death attacks.
For example, to configure the SonicWALL to allow Internet traffic to your Web server with an IP
address of 208.5.5.5 (Standard mode), create the following rule:
1. Verify that HTTP has been added as a Service as outlined previously.
2. Click the Rules tab, and click Add New Rule....
3. Select Allow, then Web (HTTP) from the Service menu.
4. Select WAN from the Ethernet Source menu, and leave the Addr Range Begin and Addr Range
End as they appear.
5. Select LAN from the Ethernet Destination menu, and enter in the IP address of the Web server,
208.5.5.5 in the Addr Range Begin field. No IP address is added in the Addr Range End since
the destination is not a range of IP addresses.
6. Select always from the Apply this rule menu.
7. Enter a value (in minutes) in the Activity Timeout in Minutes field.
8. Do not select the Allow Fragmented Packets check box.
Page 136 SonicWALL Internet Security Appliance Administrators Guide
9. If you want the Rule to have guaranteed bandwidth, select Enable Outbound Bandwidth
Management, and enter values for Guaranteed Bandwidth, Maximum Bandwidth, and
Bandwidth Priority.
10. Click Update to add the rule to the SonicWALL.
Tip The source part (WAN or LAN) can be limited to certain parts of the Internet using a range of IP
addresses on the WAN or LAN. For example, the following rule can be used to configure the same
Web server to be only visible from a single C class subnet on the Internet: Allow HTTP, Source WAN
216.77.88.1 - 216.77.88.254, Destination LAN 208.5.5.5.
Add New Rule Examples
The following examples illustrate methods for creating Network Access Rules.
Blocking LAN Access for Specific Services
This example shows how to block LAN access to NNTP servers on the Internet during business
hours.
1. Click Add New Rule in the Rules window to launch the Add Network Access Rule Web browser
window.
2. Select Deny from the Action menu.
3. Select NNTP from the Service menu. If the service is not listed in the list, you must to add it in
the Add Service window.
4. Select LAN from the Source Ethernet menu.
5. Since all computers on the LAN are to be affected, enter * in the Source Addr Range Begin field.
6. Select WAN from the Destination Ethernet menu.
7. Enter * in the Destination Addr Range Begin field to block access to all NNTP servers.
8. Select Apply this rule "from" to configure the time of enforcement.
9. Enter "8:30" and "17:30" in the hour fields.
10. Select Mon to Fri from the menu.
11. Click Update to add your new Rule.
Enabling Ping
By default, your SonicWALL does not respond to ping requests from the Internet. This Rule allows
ping requests from your ISP servers to your SonicWALL.
1. Click Add New Rule in the Rules window to launch the "Add Network Access Rule" window.
2. Select Allow from the Action menu.
3. Select Ping from the Service menu.
4. Select WAN from the Source Ethernet menu.
5. Enter the starting IP address of the ISP network in the Source Addr Range Begin field and the
ending IP address of the ISP network in the Source Addr Range End field.
6. Select LAN from the Destination Ethernet menu.
Network Access Rules Page 137
7. Since the intent is to allow a ping only to the SonicWALL, enter the SonicWALL LAN IP Address
in the Destination Addr Range Begin field.
8. Select Always from the Apply this rule menu to ensure continuous enforcement.
9. Click Update to add your new Rule.

Hope this helps

Random Solutions

Problem: ActiveSync 4.5: Works with Bluetooth but not via USB cable

Problem: How to clear a network connection caches

Problem: Dell XPS 600 Power Supply

Problem: Reallocating hard drive space in Server 2003

Problem: Memtests

Problem: Can Send but not recieve from Blackberry phone using BES Server and Exchange 2203

Problem: Setting up a VLAN with iner VLAN routing

Problem: DST .Reg & .Vbs to Win2000 via SMS2003?

Problem: Aggregate Bandwidth Rate Limiting with CiR/CAR Rate Limiting

Problem: Cisco 2950 not accepting keyboard input using hyperterminal