How to troubleshoot controller connectivity issues
8141
Created On 01/18/21 19:06 PM - Last Modified 12/14/23 05:17 AM
Symptom
- ION Device is offline in the portal and not coming online.
- Alarms display "device disconnected from controller"
Environment
- Prisma SD-WAN
- ION device
Cause
Could be due to multiple reasons such as:
- Internet down
- Device hardware/chip issues
- DNS issue
- Routing issue
- Lower layer down issue(downstream Switch)
- An issue with the firewall or proxy
Resolution
- Ensure the Site is in Control Mode.
- Login to the CLI of the ION device.
Note: If the device is offline, the remote access on the portal will not work. Hence we need to console into the ION device.
- Check the controller status by running the following commands
dump overview
dump controller status
debug controller reachability <interface>
- Check if the device has reachability to the internet
ping <src_interface> <internet_public_ip>
For example - ping controller a.b.c.d
- Check if the DNS is working
nslookup locator.cgnx.net
nslookup controller.<region>.cgnx.net
For example - nslookup controller.elcapitan.cgnx.net
- Make sure port 443 is open
tcpping <src_interface> locator.cgnx.net:443
For example - tcpping controller1 locator.cgnx.net:443
- Do a packet capture on the interface to check the traffic flow.
tcpdump <interface> args="host <locator_ip_address> and port 443" show
- Check the mrl_agent logs (logs that display all controller connectivity issues) to find the specific error.
file view log mrl_agent
file tailf log mrl_agent
- If the above steps does not help isolate and resolve the issue, contact Support for assistance.