Hey everybody! I got an interesting issue. I just start to install a new VM with the web client from a client of my physical network. This works so far. Now I want to configure this VM with the new IP address. From my client it is not reachable. Trying to ping the IP is not successful. When I try to ping this VM from another VM like my DC or Exchange, this is no problem. It seems, there is an error with network of the host. The VM is not able to connect to the internet too. Can't really explain to me why. All other VM's are reachable and work fine.
Where should I have a look at to solve this problem? Does it belong to the host or to another component of my network?
Many thanks in advance for your help!
Kind regards
The fact that the VM can question can be reached from your domain controller tells me there are no issues with the VM.
Do you have proper routes configured in the physical network allowing you to access the VM.? ICMP allowed?
what network is that VM on?
any other VM on the same N/W which works normally?
It looks NIC mac address issue.
If you have any older record check for any mac address change of that VM.
Check the network policy if it is set to reject all.
Thanks
My blog, vmwarediary.com, vmwarediary.in
Are you able to ping the gateway from inside the VM ? If you are able to ping the DC or exchange from the VM , may be they are in the same network segment / VLAN but when you are not able to ping client from the VM , because they are in different segment which requires gateway.
This is not an issue at VM level, you have to check if the new VM has proper IP setting (subnet mask and gateway). If you are sure they are proper, involve network team to investigate.
Hey hussainbte,
thanks for your answer!
Our network is pretty simple build up. Inside of our host, there is only one network, we don't work with VLAN and there are only 2 switches in our network.
There is no special configured route in our physical network for accessing the VM. ICMP should be allowed, never configured to disallow.
So, all of our VMs working on the same network and all are working normally.Can ping them from any client. Only the new one not.
Hey Jitu211003,
thanks for your answer!
I've changed the mac address of that VM, with no result. Still not reachable.
The network policy was never touched, so it should be not rejected.
Kind regards
Hey Surehsumar M,
thanks for your answer! I am not able to ping the gateway from inside of the VM. But I am able to ping the DC from the VM. Its hilarious, cant explain to me why. There is only one network configured inside the host and no special VLAN configuration. I used fixed IP and subnet mask, also correct gateway is set. How can I test the network of my host? Are there some features build in the ESXi?
Kind regards
Another interesting issue:
I can't even reach the host directly. Only over the VM running in the host. I assume an issue with the physical switch. Or are there any other thoughts from you guys? Suggestions are really appreciated!
Kind regards
What is your gateway.. is it a physical device or a NLB configured with virtual IP as gateway..?
Is you ESXi Management network and VM production network on the same vLAN.
if you have console access to the ESXi.. please share the output of
esxcfg-vswitch -l
My gateway is a physical device, it's a Cisco RV320. But the host is connected to a Cisco ESW-540-24P switch.
Here is the output of esxcfg-vswitch -l:
esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 4082 13 128 1500 vmnic0,vmnic1
PortGroup Name VLAN ID Used Ports Uplinks
VM Network 0 7 vmnic0,vmnic1
Management Network 0 1 vmnic0,vmnic1
In my mind it is on the same vLAN. I can only access to the shell of the ESXi from a VM, not from a physical client.
so there are vLANs involved.
could you also share the output of below command
vim-cmd hostsvc/net/query_networkhint
you can redirect that to a notepad.. this includes CDP info of you upstream switch if you have CDP enabled(so if you are not OK with sharing such details dont do it)
from the out if you see that vLAN7 and vLAN 1 are allowed on both nics.. that there are no configuration issues from vSPhere side.
BTW what is native vLAN ID
There is a mistake in the output view, both uplinks are on vLAN ID 0, the used ports are 7 and 1. So the standard vLAN ID 0.
here is the output of the command:
(vim.host.PhysicalNic.NetworkHint) [
(vim.host.PhysicalNic.NetworkHint) {
device = "vmnic0",
subnet = (vim.host.PhysicalNic.NetworkHint.IpNetwork) [
(vim.host.PhysicalNic.NetworkHint.IpNetwork) {
vlanId = 0,
ipSubnet = "192.168.1.1-192.168.1.254"
}
],
network = <unset>,
connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) {
cdpVersion = 2,
timeout = 60,
ttl = 136,
samples = 29036,
devId = "ESW-540-24P",
address = "192.168.1.4",
portId = "g20",
deviceCapability = (vim.host.PhysicalNic.CdpDeviceCapability) {
router = false,
transparentBridge = false,
sourceRouteBridge = false,
networkSwitch = true,
host = false,
igmpEnabled = true,
repeater = false
},
softwareVersion = "2.1.21",
hardwarePlatform = "ESW-540-24P",
ipPrefix = "0.0.0.0",
ipPrefixLen = 0,
vlan = 1,
fullDuplex = true,
mtu = 0,
systemName = "",
systemOID = "",
mgmtAddr = "0.0.0.0",
location = ""
},
lldpInfo = (vim.host.PhysicalNic.LldpInfo) null
},
(vim.host.PhysicalNic.NetworkHint) {
device = "vmnic1",
subnet = (vim.host.PhysicalNic.NetworkHint.IpNetwork) [
(vim.host.PhysicalNic.NetworkHint.IpNetwork) {
vlanId = 0,
ipSubnet = "192.168.1.1-192.168.1.254"
}
],
network = <unset>,
connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) {
cdpVersion = 2,
timeout = 60,
ttl = 136,
samples = 29036,
devId = "ESW-540-24P",
address = "192.168.1.4",
portId = "g21",
deviceCapability = (vim.host.PhysicalNic.CdpDeviceCapability) {
router = false,
transparentBridge = false,
sourceRouteBridge = false,
networkSwitch = true,
host = false,
igmpEnabled = true,
repeater = false
},
softwareVersion = "2.1.21",
hardwarePlatform = "ESW-540-24P",
ipPrefix = "0.0.0.0",
ipPrefixLen = 0,
vlan = 1,
fullDuplex = true,
mtu = 0,
systemName = "",
systemOID = "",
mgmtAddr = "0.0.0.0",
location = ""
},
lldpInfo = (vim.host.PhysicalNic.LldpInfo) null
},
(vim.host.PhysicalNic.NetworkHint) {
device = "vmnic2",
subnet = <unset>,
network = <unset>,
connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) null,
lldpInfo = (vim.host.PhysicalNic.LldpInfo) null
},
(vim.host.PhysicalNic.NetworkHint) {
device = "vmnic3",
subnet = <unset>,
network = <unset>,
connectedSwitchPort = (vim.host.PhysicalNic.CdpInfo) null,
lldpInfo = (vim.host.PhysicalNic.LldpInfo) null
}
]
Sorry.. its still not clear for me..
If you have 2 separate vLAN tagging done on virtual switch side, that both the uplinks should allow both vLANs.
If you only have one vLAN than the uplinks need to allow that vLAN. If is required for that vLAN to be other than the native vLAN..
Hey, sorry for my bad explanation..
we have only 1 vLAN, as you can see in the following output:
esxcfg-vswitch -l
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 4082 13 128 1500 vmnic0,vmnic1
PortGroup Name VLAN ID Used Ports Uplinks
VM Network 0 7 vmnic0,vmnic1
Management Network 0 1 vmnic0,vmnic1
How do I check, if the uplinks are allowed to that vLAN? In my mind, they already should be allowed to the native vLAN 0.
Any particular reason why you are tagging the VMs with the native vLAN ID.
If you are saying you native vLAN ID is 0, it is not required for you to be doing virtual switch tagging for the same vLAN.
take a look at this KB for reference:
Thanks for the KB link!
Why do you think I am tagging the VMs with the native vLAN ID? I think this is done by the host automatically, not by myself.
Just looked into the configuration of my Cisco switches, for all connected ports vLAN trunk is active. But still no success.
I can't even reach my gateway out of my host. It is hilarious, don't really know why! What else do I have to check?
I see there are 7 ports in use by the VM Network portgroup.. can you confirm that the other 6 machines can ping the gateway and all communication for them is OK..?
are the Domain Controller and the Exchange server on the same subnet as the new host, if so this would explain why you could ping those machines but not anyother environment. I would first look at the default gateway on the VM,
net I would look for shadow network devices on the VM and delete them if they are present.