11 Replies Latest reply on Dec 3, 2017 9:36 AM by johnw230873

    Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network

    nfa1080 Lurker

      Hi ,  i have  an issue with esxi vpshere .

       

      I built  a windows server  2012 vm using workstation   made all the connection test  (ping  gateway , ping other computers in the network ...)  everything worked  fine

       

      Then i put my Windows server VM  in  a esxi vsphere server   everything work  great

       

      The weird thing is when i start my vm  in the esxi server UI    my windows server  receive his ip adresse through the dhcp  server   but i cant  ping the gateway anymore and cant ping other computers in the network ?

       

      briefly ....

      1)The  VM can ping  the ESXI  SERVER

      2)THE  ESXI server Can ping  the VM

      3)The esxi server can ping the default gateway

      4) the vm CAN't ping the default gateway

       

       

      Any ideas ?

        • 1. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
          daphnissov Guru
          Community WarriorsvExpert

          Please describe your network schemas and how you've configured networking on the host.

          • 2. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
            nfa1080 Lurker

            Pretty simple  network  ;  PC connected to 1 switch   (port 1-4) and that switch (port 24) is connected  to the router (subinterface GigabitEthernet0/1.99)

             

            1 vlan (99)

             

            Router also do nating (interface GigabitEthernet0/2) because  it's an dev lab in school  who has another  network   higher

             

            the windows server  vm  and  the  esxi server  has  a static   adresse       (172.16.1.x)  subnet 255.255.255.0

             

            Default gateway is  172.16.1.1

             

            -------------------------------------------------------------------------------------------------------------------------------------------------

             

            Router config

            Last configuration change at 19:07:53 UTC Fri Dec 1 2017

            version 15.2

            service timestamps debug datetime msec

            service timestamps log datetime msec

            no service password-encryption

            !

            hostname Router

            !

            boot-start-marker

            boot-end-marker

            !

            !

            !

            no aaa new-model

            !

            ip cef

            !

            !

            !

            !

             

             

             

             

            !

            ip dhcp excluded-address 172.16.1.1 172.16.1.30

            !

            ip dhcp pool ClIENT_LAN

            network 172.16.1.0 255.255.255.0

            dns-server 8.8.8.8

            default-router 172.16.1.1

            !

            !

            !

            no ipv6 cef

            !

            multilink bundle-name authenticated

            !

            !

            !

            !

            license udi pid CISCO2921/K9 sn FTX1824AH1U

            !

            !

            !

            redundancy

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            interface Embedded-Service-Engine0/0

            no ip address

            shutdown

            !

            interface GigabitEthernet0/0

            no ip address

            shutdown

            duplex auto

            speed auto

            !

            interface GigabitEthernet0/1

            no ip address

            duplex auto

            speed auto

            !

            interface GigabitEthernet0/1.99

            encapsulation dot1Q 99

            ip address 172.16.1.1 255.255.255.0

            ip nat inside

            ip virtual-reassembly in

            !

            interface GigabitEthernet0/2

            ip address dhcp

            ip nat outside

            ip virtual-reassembly in

            duplex auto

            speed auto

            !

            !

            ip forward-protocol nd

            !

            no ip http server

            no ip http secure-server

            !

            ip nat inside source list 1 interface GigabitEthernet0/2 overload

            !

            access-list 1 permit 172.16.0.0 0.0.255.255

            !

            !

            !

            control-plane

            !

            !

            !

            line con 0

            line aux 0

            line 2

            no activation-character

            no exec

            transport preferred none

            transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

            stopbits 1

            line vty 0 4

            login

            transport input all

            !

            scheduler allocate 20000 1000

            !

            end

             

             

            SWITCH

             

            Switch

             

             

            no aaa new-model

            switch 1 provision ws-c3750e-24td

            system mtu routing 1500

            ip routing

            !

            !

            !

            !

            crypto pki trustpoint TP-self-signed-1754980992

            enrollment selfsigned

            subject-name cn=IOS-Self-Signed-Certificate-1754980992

            revocation-check none

            rsakeypair TP-self-signed-1754980992

            !

            !

            crypto pki certificate chain TP-self-signed-1754980992

            certificate self-signed 01

              3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

              31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

              69666963 6174652D 31373534 39383039 3932301E 170D3036 30313032 30303031

              33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

              4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353439

              38303939 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

              8100BA65 24C7C75C 0C7B461D E7C11F12 EFEC20C0 35812AEE 9258E5F7 C67B1596

              99A2A4B3 D1EE15BE 021974AD 5C44FDD6 FEE27D81 F4C10A82 830646AC 5E332FAE

              A8B4C7B6 9BA0D659 4745BD31 8E552B6D A235ECDF 2F00FCB2 4872F077 24C8DF9E

              F7C4D855 8723FCC3 2F372CE1 C1755FDB 9C176D23 257C27B0 3D86B166 4A8398DA

              2CF30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

              551D2304 18301680 1417D019 2B4EFF4C 55029B3F 3A0F9912 D7C7919F FC301D06

              03551D0E 04160414 17D0192B 4EFF4C55 029B3F3A 0F9912D7 C7919FFC 300D0609

              2A864886 F70D0101 05050003 818100A3 CAC50E44 5D6A8532 4175AF87 875420D5

              2A1C0AB1 9248EF06 57E700DA D2881FEF 1625FC7A A90AAE43 C6369AA8 022D41AA

              D87A5A3A 013CAE7D 35B6DAF3 049C8FBE 93396963 D449B294 EED36BD2 506EBFD1

              D4207A40 7C2EBA86 2FF68159 31C3EA12 DDE49CB4 98D91101 19D0E84B AA6B3D12

              DB101D27 D1093AE5 D09090C2 911FD9

                    quit

            spanning-tree mode pvst

            spanning-tree extend system-id

            !

            !

            !

            !

            !

            !

            !

            !

            !

            vlan internal allocation policy ascending

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            !

            interface FastEthernet0

            no ip address

            no ip route-cache

            !

            interface GigabitEthernet1/0/1

            switchport access vlan 99

            switchport mode access

            !

            interface GigabitEthernet1/0/2

            switchport access vlan 99

            switchport mode access

            !

            interface GigabitEthernet1/0/3

            switchport access vlan 99

            switchport mode access

            !

            interface GigabitEthernet1/0/4

            !

            interface GigabitEthernet1/0/5

            !

            interface GigabitEthernet1/0/6

            !

            interface GigabitEthernet1/0/7

            !

            interface GigabitEthernet1/0/8

            !

            interface GigabitEthernet1/0/9

            !

            interface GigabitEthernet1/0/10

            !

            interface GigabitEthernet1/0/11

            !

            interface GigabitEthernet1/0/12

            !

            interface GigabitEthernet1/0/13

            !

            interface GigabitEthernet1/0/14

            !

            interface GigabitEthernet1/0/15

            !

            interface GigabitEthernet1/0/16

            !

            interface GigabitEthernet1/0/17

            !

            interface GigabitEthernet1/0/18

            !

            interface GigabitEthernet1/0/19

            !

            interface GigabitEthernet1/0/20

            !

            interface GigabitEthernet1/0/21

            !

            interface GigabitEthernet1/0/22

            !

            interface GigabitEthernet1/0/23

            !

            interface GigabitEthernet1/0/24

            switchport trunk encapsulation dot1q

            switchport mode trunk

            !

            interface GigabitEthernet1/0/25

            !

            interface GigabitEthernet1/0/26

            !

            interface GigabitEthernet1/0/27

            !

            interface GigabitEthernet1/0/28

            !

            interface TenGigabitEthernet1/0/1

            !

            interface TenGigabitEthernet1/0/2

            !

            interface Vlan1

            no ip address

            !

            interface Vlan99

            ip address 172.16.1.15 255.255.255.0

            !

            ip default-gateway 172.16.1.1

            ip http server

            ip http secure-server

            !

            !

            !

            !

            !

            line con 0

            line vty 0 4

            login

            line vty 5 15

            login

            !

            end

             

             

            Switch#

            • 3. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
              nfa1080 Lurker

              Pretty simple  network  ;  PC connected to 1 switch   (port 1-4) and that switch (port 24) is connected  to the router (subinterface GigabitEthernet0/1.99)

               

              1 vlan (99)

               

              Router also do nating (interface GigabitEthernet0/2) because  it's an dev lab in school  who has another  network   higher

               

              the windows server  vm  and  the  esxi server  has  a static   adresse       (172.16.1.x)  subnet 255.255.255.0

               

              Default gateway is  172.16.1.1

               

              -------------------------------------------------------------------------------------------------------------------------------------------------

               

              Router config

              Last configuration change at 19:07:53 UTC Fri Dec 1 2017

              version 15.2

              service timestamps debug datetime msec

              service timestamps log datetime msec

              no service password-encryption

              !

              hostname Router

              !

              boot-start-marker

              boot-end-marker

              !

              !

              !

              no aaa new-model

              !

              ip cef

              !

              !

              !

              !

               

               

               

               

              !

              ip dhcp excluded-address 172.16.1.1 172.16.1.30

              !

              ip dhcp pool ClIENT_LAN

              network 172.16.1.0 255.255.255.0

              dns-server 8.8.8.8

              default-router 172.16.1.1

              !

              !

              !

              no ipv6 cef

              !

              multilink bundle-name authenticated

              !

              !

              !

              !

              license udi pid CISCO2921/K9 sn FTX1824AH1U

              !

              !

              !

              redundancy

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              interface Embedded-Service-Engine0/0

              no ip address

              shutdown

              !

              interface GigabitEthernet0/0

              no ip address

              shutdown

              duplex auto

              speed auto

              !

              interface GigabitEthernet0/1

              no ip address

              duplex auto

              speed auto

              !

              interface GigabitEthernet0/1.99

              encapsulation dot1Q 99

              ip address 172.16.1.1 255.255.255.0

              ip nat inside

              ip virtual-reassembly in

              !

              interface GigabitEthernet0/2

              ip address dhcp

              ip nat outside

              ip virtual-reassembly in

              duplex auto

              speed auto

              !

              !

              ip forward-protocol nd

              !

              no ip http server

              no ip http secure-server

              !

              ip nat inside source list 1 interface GigabitEthernet0/2 overload

              !

              access-list 1 permit 172.16.0.0 0.0.255.255

              !

              !

              !

              control-plane

              !

              !

              !

              line con 0

              line aux 0

              line 2

              no activation-character

              no exec

              transport preferred none

              transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

              stopbits 1

              line vty 0 4

              login

              transport input all

              !

              scheduler allocate 20000 1000

              !

              end

               

               

              SWITCH

               

              Switch

               

               

              no aaa new-model

              switch 1 provision ws-c3750e-24td

              system mtu routing 1500

              ip routing

              !

              !

              !

              !

              crypto pki trustpoint TP-self-signed-1754980992

              enrollment selfsigned

              subject-name cn=IOS-Self-Signed-Certificate-1754980992

              revocation-check none

              rsakeypair TP-self-signed-1754980992

              !

              !

              crypto pki certificate chain TP-self-signed-1754980992

              certificate self-signed 01

                3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

                31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

                69666963 6174652D 31373534 39383039 3932301E 170D3036 30313032 30303031

                33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

                4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37353439

                38303939 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

                8100BA65 24C7C75C 0C7B461D E7C11F12 EFEC20C0 35812AEE 9258E5F7 C67B1596

                99A2A4B3 D1EE15BE 021974AD 5C44FDD6 FEE27D81 F4C10A82 830646AC 5E332FAE

                A8B4C7B6 9BA0D659 4745BD31 8E552B6D A235ECDF 2F00FCB2 4872F077 24C8DF9E

                F7C4D855 8723FCC3 2F372CE1 C1755FDB 9C176D23 257C27B0 3D86B166 4A8398DA

                2CF30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

                551D2304 18301680 1417D019 2B4EFF4C 55029B3F 3A0F9912 D7C7919F FC301D06

                03551D0E 04160414 17D0192B 4EFF4C55 029B3F3A 0F9912D7 C7919FFC 300D0609

                2A864886 F70D0101 05050003 818100A3 CAC50E44 5D6A8532 4175AF87 875420D5

                2A1C0AB1 9248EF06 57E700DA D2881FEF 1625FC7A A90AAE43 C6369AA8 022D41AA

                D87A5A3A 013CAE7D 35B6DAF3 049C8FBE 93396963 D449B294 EED36BD2 506EBFD1

                D4207A40 7C2EBA86 2FF68159 31C3EA12 DDE49CB4 98D91101 19D0E84B AA6B3D12

                DB101D27 D1093AE5 D09090C2 911FD9

                      quit

              spanning-tree mode pvst

              spanning-tree extend system-id

              !

              !

              !

              !

              !

              !

              !

              !

              !

              vlan internal allocation policy ascending

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              !

              interface FastEthernet0

              no ip address

              no ip route-cache

              !

              interface GigabitEthernet1/0/1

              switchport access vlan 99

              switchport mode access

              !

              interface GigabitEthernet1/0/2

              switchport access vlan 99

              switchport mode access

              !

              interface GigabitEthernet1/0/3

              switchport access vlan 99

              switchport mode access

              !

              interface GigabitEthernet1/0/4

              !

              interface GigabitEthernet1/0/5

              !

              interface GigabitEthernet1/0/6

              !

              interface GigabitEthernet1/0/7

              !

              interface GigabitEthernet1/0/8

              !

              interface GigabitEthernet1/0/9

              !

              interface GigabitEthernet1/0/10

              !

              interface GigabitEthernet1/0/11

              !

              interface GigabitEthernet1/0/12

              !

              interface GigabitEthernet1/0/13

              !

              interface GigabitEthernet1/0/14

              !

              interface GigabitEthernet1/0/15

              !

              interface GigabitEthernet1/0/16

              !

              interface GigabitEthernet1/0/17

              !

              interface GigabitEthernet1/0/18

              !

              interface GigabitEthernet1/0/19

              !

              interface GigabitEthernet1/0/20

              !

              interface GigabitEthernet1/0/21

              !

              interface GigabitEthernet1/0/22

              !

              interface GigabitEthernet1/0/23

              !

              interface GigabitEthernet1/0/24

              switchport trunk encapsulation dot1q

              switchport mode trunk

              !

              interface GigabitEthernet1/0/25

              !

              interface GigabitEthernet1/0/26

              !

              interface GigabitEthernet1/0/27

              !

              interface GigabitEthernet1/0/28

              !

              interface TenGigabitEthernet1/0/1

              !

              interface TenGigabitEthernet1/0/2

              !

              interface Vlan1

              no ip address

              !

              interface Vlan99

              ip address 172.16.1.15 255.255.255.0

              !

              ip default-gateway 172.16.1.1

              ip http server

              ip http secure-server

              !

              !

              !

              !

              !

              line con 0

              line vty 0 4

              login

              line vty 5 15

              login

              !

              end

              • 4. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                daphnissov Guru
                Community WarriorsvExpert

                What does the networking configuration look like from the ESXi side? Show or describe the virtual switch topology and connectivity, please.

                • 5. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                  nfa1080 Lurker

                  Will post at school in 3 hours  . But i kinda didnt really configure the vswitch . so you can assume the default config .   2 interfaces ,  1 for management , 1 for networking    but will post detailed in  3 hours .

                   

                  Thank you for looking daphnissov

                  • 6. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                    nfa1080 Lurker

                    Vswitch settings.jpg

                    Vswitch  settings   if you need more just ask

                    • 7. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                      daphnissov Guru
                      vExpertCommunity Warriors

                      Looks like it has to do with your use of VGT. VGT isn't really recommended in your setup. Create a port group an assign it the 802.1Q tag that's specific to its broadcast domain (VLAN99 in your case) and make sure you clear any guest tags, then try your ping to the gateway.

                      • 8. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                        nfa1080 Lurker

                        My VLAN is set in mode access so the packets flagging shouldnt be an issue.
                        And it's a new config i've tried  because when i start the VM i saw  an error message sayin that promiscuous mode wasnt enable

                        I've read about promiscuous mode and it's seemed it'could be my  issue

                        VMware Knowledge Base

                        In the kb i read  they says it's a good idea to use the 4095 vlan id  because it allow every vlans .

                         

                        Note that my ports on my physical switch are in access mode so it dont really use vlan tagging

                         

                        Also , i will maybe look noob (im a student )  but what do you mean by VGT 

                         

                         

                        Note that my esxy server is also virtual and he run on a Lubuntu machine  i've seen that linux machine have an issue with promiscuous mode (or a special way to activate it )

                         

                         

                        If you still think it could be my issue i will try your idea  but in the beginning i'im pretty sure i've tried to set my vlan as 99  in the  network portgroup and the management portgroup

                         

                        Thank you for your time .:)

                        • 9. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                          daphnissov Guru
                          vExpertCommunity Warriors

                          My VLAN is set in mode access so the packets flagging shouldnt be an issue.

                          If your uplink port is in access mode for VLAN99, you don't need to allow all VLANs. You don't apply tags to the port at all if you want connectivity across that VLAN.

                           

                          Note that my esxy server is also virtual and he run on a Lubuntu machine  i've seen that linux machine have an issue with promiscuous mode (or a special way to activate it )

                          Ok, so you have a Lubuntu machine (physical?) that's running some hypervisor (what is it?) that's running ESXi that's running Windows 2012?

                           

                          Also , i will maybe look noob (im a student )  but what do you mean by VGT

                          VGT = VLAN Guest Tagging. When you tag a port with 4095 you're allowing all VLANs for that port. In your case, if the uplink for that vswitch is in access mode for VLAN99, you don't apply any tags at all. VGT opens up complexity that it sounds like you aren't a candidate for. See this KB if you want some more information.

                          • 10. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                            hussainbte Expert
                            vExpert

                            the below linked KB will give introduction to VGT, VST and EST..

                            In case of access mode with one vLAN on physical switch you are using EST.

                             

                            VMware Knowledge Base

                            • 11. Re: Windows server 2012 VM in esxi server 6.5 can't ping default gateway or network
                              johnw230873 Novice

                              I would be looking at your vswitch as well, no need to have tagged vlans if you physical switch is set to access points, you use these when the point is a trunk and you are sending multiple vlans to the Host