Hello All,
I'm having some issues getting a vswitch up and hoping to get some guidance.
The setup:
There is only a single vmnic, connected to a single vswitch with a single port group. The Vlan ID for the port group is set to 7 and the relevant vmnic is connected to an extreme access switch which is tagging the port for vlan 7. The access switch is trunked to a core switch where the gateway for vlan 7 resides.
I'm using a centos 7 vm and have disabled selinux for connectivity purposes. The vm has one active network interface and the IP/mask/gw and routing tables are all good. Now the odd thing is that the centos vm, access switch and core switch all have complete and correct arp table entries for each other, however the vm cannot ping the gateway nor vice versa.
I also tried changing the portgroup vlan ID to 0 and ALL, but neither worked.
The portgroup security settings are:
Promiscuous Mode: Accept
MAC Address Changes: Accept
Forged Transmits: Accept
Any help is appreciated. Thank you!
There was an erroneous authentication policy being pushed to the physical switch port. Everything works now. Thanks for the input.
We cannot have vLAN tagging done on physical switch and vSwitch both.
You should be setting the physical switchport on trunk mode and allow vLAN 7.
Check the below linked KB.
VMware KB: VLAN configuration on virtual switches, physical switches, and virtual machines
Thank you for the response. We are using Extreme Switches with the Enterasys OS, where dot1q trunking is called Tagging. Apologies for the confusion.
I read the article you provided. We had it setup in EST, where the virtual port group is set to 7 and the physical switch is allowing vlan 7 on the trunk port. I've also just tried to setup VST with the physical switch port as an access port on vlan 7 and the virtual port group set to 0, but we are still seeing the same issue.
Hi,
can you please try to "ping" another IP address?
Have you already checked the firewall-settings of your centos-machine? I had the same issue some weeks ago. I have used the following command to fix this:
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p icmp -s <add your subnet here>/24 -j ACCEPT
Greetings
Falk
There was an erroneous authentication policy being pushed to the physical switch port. Everything works now. Thanks for the input.