VMWare host could not reach Gateway

gmeurb · ‎02-03-2015

Hi all,

i still have some problems with a Installation from virtual Nessus-Scan-Server installed on an ESXi5.1 Server.

Basically i have two network-interfaces vmnic0 and vmnic1. This interfaces are connected to an switch and on this switch the following VLAN-Taggings are made:

for vmnic0 = VLAN111

for vmnic1 = VLAN111, VLAN40, VLAN90 and VLAN60

For each VLAN their was an special Nessus-Scan-Server installed on this ESXi.

All Nessus-Scan-Servers can reach their Gateways and Systems located in this VLAN´s except Nessus-Scanner for VLAN 111.

The only function from VLAN111-Nessus-Scanner is to scan ESXi-Server, but in the moment it is not possible to reach neither the Gateway nor the ESXi-Server located in this VLAN111.

Any ideas or hints?

Thanks and regards

Eric

JMachieJr · ‎02-07-2015

Kind of hard to come up with any sort of real suggestion with the limited information you posted. Have you checked the CDP information to see what VLAN's and networks vmnic1 is seeing? Have you verified that the VLAN's are configured properly on the switch port? Can the vm on VLAN 111 ping anything else on it's own segment? There are lots of things you could check. Sometimes starting at the beginning and retracing your steps helps find the little things that can get missed

VCP-DCV | MCP | Linux+ Twitter: @James_Machie_Jr LinkedIn: https://www.linkedin.com/in/jmachiejr

a_p_ · ‎02-08-2015

Only a guess. What's the native/default VLAN for the physical switch port to which vmnic1 is connected? In case it is VLAN111 you need to remove VLAN-ID 111 from the port group.

André

gmeurb · ‎02-10-2015

OK, thanks, vmnic1 native vlan 111, vmnic0 still the same. CDP-Information shows me for both network-Interfaces VLAN 111

I´ve created a new virtual network for vmnic1 without vlan id, but i can´t ping the own Gateway or an System in the same subnet!

Eric

a_p_ · ‎02-10-2015

Please provide the show run int # output for the two physical interfaces.

André

gmeurb · ‎02-11-2015

Ok, it´s attached, but sorry, i´m using CDP-Information to provide this, because i´m doesn´t know the way to execute the show run command after login via ssh to the console. System told me, this command is unknown!

Eric

a_p_ · ‎02-11-2015

I could be wrong, but I think all VLANs (including the native VLAN) have to be allowed on a trunk port.

André

gmeurb · ‎02-12-2015

I think, you are meaning only port 45! We still have this settings in the past, but we try to do this again!

Thanks Eric

a_p_ · ‎02-12-2015

Yes, exactly.

~snip~

switchport trunk native vlan 111

switchport trunk allowed vlan 40,60,90,111

~snip~

I'd actually remove the native vlan setting from the physical port's configuration (using the default VLAN which is most likely VLAN 1), and assign the VLAN-ID to the port group.

André