Two ESXi 5.1 hosts, Windows vm's, no PING or RDP b...

bobbyDel · ‎10-31-2014

Layout; two ESXi 5.1 vm host systems. Both have assorted Windows servers (2008R2), Win 2012 and Windows 7 vm's. Hosts are connected via an UNmanaged switch.

Each host A & B has a:

Standard Switch vswitch0 (192.168.1.x) and Standard Switch vswitch01 (10.10.11.x)

vmKernal Port vmk0 (192.168.1.x) and vmKernal Port vmk1 (10.10.11.x)

Each LAN 192.168.1.x AND 10.10.11.x has a physical NIC assigned (the server hardware SuperMicro motherboard has 2 NIC onboard)

All servers are on the 192.168.1.x LAN. Let us focus there.

In addition we have a few phsical PC's on the LAN that can ping the router and each other-no issues (this suggests that the router is not blocking ping packets withing the network LAN 192.168.1.x)

Servers and Desktop vm's and physical desktops are all on the same LAN, 192.168.1.x.

All have Vipre AV softwware

The router has an external firewall turned on.

There are no firewalls turned on inside the network

All vm's can ping the router.at 192.168.1.1

All vm's on A host can ping each other and access the internet

All vm's on B host can ping each other and access the internet

***** No vm's can ping from host A to host B ********

Help!

cclinard1 · ‎10-31-2014

What is the load balancing policy that you have set on the vSwitch?

Route based on the originating port ID or route based on IP hash?

rcporto · ‎10-31-2014

Check if the Windows firewall is enabled and denying ICMP and RDP.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

bobbyDel · ‎11-01-2014

Port ID

bobbyDel · ‎11-01-2014

Route based on the originating virtual port ID

bobbyDel · ‎11-01-2014

No Windows firewall.

VM's can ping router and other vm's on the same vm host.

Cannot ping fron VM1 on hostA to vm12 on hostB

a_p_ · ‎11-01-2014

Does the physical switch support multiple MAC addresses on the same switch port, i.e. no port security enabled?

André

bobbyDel · ‎11-01-2014

First we had a Cisco SG-200-26 with VLAN 1 (ports 1-14 set to 192.168.1.x) and VLAN2 (pots set to 10.10.11.x).

Then we moved the cables from VLAN1 ports 1-14 to a D-Link switch DGS1210-16 to remove the possibility of the managed Cisco switch blocking packets.

I do not know if these switches support multiple MAC addresses on a port. I would guess that the Cisco does.

a_p_ · ‎11-01-2014

It seems that both switches support port-security, so you may want to check whether it is enabled.

On the Cisco switch run the show port-security command to see the global setting. To see the port's settings run e.g. show port-security all.

André

bobbyDel · ‎11-01-2014

have a GUI interface. Port security table shows;

interface status=unlocked, trap= disabled, learning mode = classic lock

bobbyDel · ‎11-01-2014

the sg200 does not support CLI

a_p_ · ‎11-01-2014

I did search the Internet (because I don't know this switch), and found Port Security Configuration on the 200/300 Series Managed Switches which explains the settings. Maybe you can try to set a port to "Limited Dynamic Lock" with an appropriate number of allowed MAC addresses and "Forward" as the violation action!?

André

Burak201110141 · ‎11-02-2014

Hello,
Please go to Windows Firewall advance settings and set to off state on domain, public, and private profile and you have to be sure all vms in same port group...

if you ping gateway layer 3 ( routing )connection normal...

If you want to check OS side, put the vms same host and test ping process, if you see time out problem is firewall state.

If ping success on all vms same host, you have to uplinks on switch side...

I think this problem is in the os firewall side...

------------------------------------------------------------------ http://burakvardar.wordpress.com

bobbyDel · ‎11-02-2014

There are no firewalls turned on the server or desktop vm's. Remember they can ping each other IF they are on the same host.

Also physical boxes can ping vm's on both hosts!

I think we must focus on the vm host settings. Suggestions???????????

Burak201110141 · ‎11-02-2014

your uplink trunk or access mode on the physical swicth side?

If uplinks trunk, you must add vlan tag on the port group...
If uplinks access, remove vswitch ( only contains vm network ) and then add new one default settings

------------------------------------------------------------------ http://burakvardar.wordpress.com

bobbyDel · ‎11-02-2014

Thanks. I reset the Cisco and the changes had no effect

bobbyDel · ‎11-02-2014

Burak How do I do that?

VLAN mode = Trunk

how do I "add VLAN tag on the Port group?

bobbyDel · ‎11-02-2014

Cisco switch uplinks are now access

Still cannot ping from vms on hostA to vm's on host B

Burak201110141 · ‎11-02-2014

Ok, if you are sure physical switch side, remove uplinks from current vswitch and create new vswitch.

create new network, and go to vm > edit settings > Change network, it will be work... ( If Physical switch config is correct )

------------------------------------------------------------------ http://burakvardar.wordpress.com

bobbyDel · ‎11-02-2014

how do I do that?

All

Two ESXi 5.1 hosts, Windows vm's, no PING or RDP between vm's host to host