Configure CIMC on FMC and Troubleshoot Common Issues

Introduction

This document describes the configuration of CIMC (Cisco Integrated Management Controller) on FMC and how to troubleshoot common issues.

Prerequisites

It is important to note that the CIMC can only be configured on a physical FMC.

Some FMCs come with an outdated version of CIMC, and the only way to upgrade it is by applying the BIOS Hotfix: Cisco_Firepower_Mgmt_Center_BIOSUPDATE_XXX_EN-11.sh.REL.tar (On version 6.2.3, the filename is: Sourcefire_3D_Defense_Center_S3_BIOSUPDATE_623_EL-7.sh.REL.tar).

The hotfix is identified as 7.4 (to the exception on 6.2.3, which is identified as 7.1), however, the device is not going to upgrade to that version, is only affecting the BIOS and CIMC version. The bug that further explains about why it is being detected as 7.1 is Cisco bug ID CSCwd47327. This also applies to 7.4.

Adobe has deprecated flash-based content since 2020-12-31, with this accessing any page with Flash is not longer be possible.

The upgrade is necessary as old CIMC versions require Flash, this would mean that the release trains earlier than 3.1(3a), which includes the 2.2(x) release train are Java-based, therefore, it needs to be upgraded to be accessible again through the GUI. This information can be verified at Specific Releases of UCS Manager Affected by Adobe Flash End-of-Life.

Requirements 

• Physical access to the FMC.
• USB Keyboard
• VGA Monitor

Components Used

• FMC 2600

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Configure

1. As initially stated, it is important to ensure that the CIMC is on a version that does not require Flash. The only way for this, is by accessing through the GUI. Therefore, the recommendation is to upgrade if you have not applied the BIOSUPDATE before, otherwise, you can skip to step 6.

Flash-based CIMC version

HTML5 CIMC Version

2. To upgrade, you must look for the file Cisco_Firepower_Mgmt_Center_BIOSUPDATE_XXX_EN-11.sh.REL.tar, this is under the base version (with the exception of 6.2.3). 

For example:

if you are running version 7.0.3, you must look on 7.0.0:

BIOSUPDATE on 7.0.0

If you are running version 6.6.7, you must look on 6.6.0:

BIOSUPDATE on 6.6.0

If you are running version 6.2.3, you can safely look for 6.2.3:

BIOSUPDATE on 6.2.3

3. Upload the file to the FMC through System > Updates:

Upload Hotfix

4. Once the file is uploaded, you proceed to click on "install" and install the Hotfix:

5. Once the upgrade finishes, the CIMC no longer requires Flash.

6. Now, reboot the FMC in order to configure CIMC.

     a. Through the GUI, go to System > Configuration > Process and choose Reboot Management Center:

Reboot FMC GUI

     b. Through CLI, do "system reboot":

Reboot FMC CLI

7. Now, it starts booting, you can check the CIMC IP assigned at "Cisco IMC IPv4", this can be modified later. Initially, can be shown as 0.0.0.0:

CIMC IP

8. Once it reaches the menu to access BIOS and CIMC Configuration, press F8:

Enter CIMC Setup

9. The CIMC configuration is shown as below: 

CIMC IP Configuration

a. For the NIC Mode you can choose Dedicated in order to use the interface that is labeled as "M" on the FMC. 

b. For the NIC redundancy, you can choose None.

c. VLAN you can leave it as disabled, as it can cause connectivity issue unless you know how to configure external devices.

d. For IP, you can choose IPv4, IPv6 or IPv4 and IPv6 based on how you would like to set up the configuration.

e. If you have DHCP server for this, you can enable it, otherwise configure the IP.

f. Once you have finished the network configuration you can use F10 to save. 

For more information regarding NIC modes, check Setting Up the System With the Cisco IMC Configuration.

h. Now, press F1 for hostname and password configuration.

CIMC Password and save settings

a. Here, you can set the Hostname as you wish.

b. For default user, you can set the password as desired.

c. Once you are done, press F10 and the ESC.

Default passwords

If you have used factory reset or the CIMC is requesting a password you can try one of the following:

Cisco12345
password
Cisco
p@ssw0rd.

Tip: Make sure to have NUM LOCK on the Keyboard disabled.

You must now, be able to access the CIMC GUI:

CIMC GUI

Troubleshoot

There is a known issue in which if the FMC is rebooted, it may go into a CLI called "startup.nsh":

Press ESC in 0 seconds to skip startup.nsh or any other key to continue. 

Shell> _ 

In order to exit from this shell, type "exit" and the next thing to happen is to automatically boot the image.

In this situation, it is a matter of boot order that can be checked on the CIMC. The reason for the device going to this boot is that the "EFI" component is booting first than the other components:

1. Click on the three lines at the top left and look for "COMPUTE"

2. Once you are on compute, make sure the boot order and any other configuration is as follows:

CIMC Boot options

3. If the issue persists, click on "Configure Boot Order", choose "EFI" and click the right arrow:

CIMC Boot Configuration

4. Make sure that it is the last item and click on "Save changes" and then "Close":

CIMC Boot configuration changed

5. Now, you can reboot the appliance and it must not show the previous shell anymore.