VMware Cloud Community
ObibiniKwasi
Enthusiast
Enthusiast

VMs on a particular port group are unable to communicate with the outside world

I added 2 new port groups (A and B) with VLAN IDs 45 and 64 respectively to my vSwitch with 2uplinks. The uplinks are trunked to my physical switch and allows all VLANs to pass through (including VLANs 45 and 64). My problem is that, VMs connected to port group A are able to communicate with other physical computers in the same VLAN throughout the network and are able to get to the Internet just fine. On the other hand, VMs connected to port group B are ONLY able to communicate with themselves but not the rest of the physical computers in the same VLAN including even the gateway for that VLAN (which is on the physical switch). Both VLANs are defined and configured just fine on the physical switch and allowed on the trunked uplinks just fine.  Any suggestions or possible reasons why the second port group will not communicate beyond VSphere?

Reply
0 Kudos
7 Replies
a_p_
Leadership
Leadership

Please explain what kind of "trunk" you are using. Are this Cisco trunk ports (i.e. 802.1Q) or trunked ports in means of a bond? How exacly did you configure the physical ports and how did you set the policies on the vSwitch and/or port groups.

What I could think of is that VLAN 64 is the native/default VLAN on the physical switch/ports. In this case you need to remove the tagging from the port group.

André

Reply
0 Kudos
ObibiniKwasi
Enthusiast
Enthusiast

Yes, these are cisco trunk ports with no special policies on the port groups. There are already over 5 VLANs configured (including the native). This just happens to be 2 additional VLANs I added.

Reply
0 Kudos
grace27
Enthusiast
Enthusiast

Hi

Could you please use nating or port polices .

did you able to do telnet of port and dont forget to check firewall settings.

Reply
0 Kudos
a_p_
Leadership
Leadership

Unless already done:

  • confirm that VLAN 64 is defined on all switches (show vlan)
  • check whether VLAN 64 is allowed on the physical ports (show run int <interface>)
  • ensure the native VLAN on these ports is not 64 (show int <interface> trunk)

André

Reply
0 Kudos
ObibiniKwasi
Enthusiast
Enthusiast

All VLANs are already defined and working on all physical switches. What I see however is that the uplinks (vmnic1 and vmnic5) are not listing VLAN64 as one of it's networks.

Reply
0 Kudos
King_Robert
Hot Shot
Hot Shot

1. you have to shut off iptables on all VMs if these are Linux VMs and see.

2. You may need a proxy server to get out to the outside world.

3. check the setting of Vswitch.

Reply
0 Kudos
a_p_
Leadership
Leadership

That's brings me back to the second bullet from my previous reply. Did you double-check that VLAN64 is in the allowed list on the physical switch ports.

André

Reply
0 Kudos