VMware Cloud Community
ccsmse
Contributor
Contributor
‎08-14-2013 04:58 AM
Jump to solution

Virtual ESXi 5.1 - Nested VM's have no connectivity

I have installed a Virtual ESXi 5.1 VM inside a Physical ESXi 5.1 host. This works fine, but VM's inside the Virtual ESXi have no connectivity. I can ping from physical ESXi to Virtual ESXi, but not from Physical ESXi to nested VM.

The virtual ESXi is connected to a Port Group on a distributed vSwitch. I have configured the Port group to allow Promiscuous Mode. Virtual ESXi and Nested VM are on the same VLAN, and this VLAN is configured on the Port Group VLAN settings

I can connect to the Virtual ESXi just fine, but it does not seem to be passing traffic through to the nested VM's.

Any thoughts?

0 Kudos
1 Solution

Accepted Solutions
ccsmse
Contributor
Contributor
‎08-14-2013 05:23 AM
Jump to solution

Brilliant. Just tried this, and specifically enabling 'Forged Transmits' fixed it. That step wasn't on any of the guides i was following. It seems that ESXi 5.0 had these policy settings set to reject/accept/accept whereas in 5.1 these settings are set to reject/reject/reject, hence Forged Transmits was allowed by default previously.

Thankyou *very* much Smiley Happy

Here's a couple of relevant links that mention this requirement for further reference.

How The VMware Forged Transmits Security Policy Works via @ChrisWahl | Wahl Network

Nesting ESXi on ESXi 5.1 in vCloud Director 5.1 | vXpertise

View solution in original post

0 Kudos
3 Replies
a_p_
Leadership
Leadership
‎08-14-2013 05:11 AM
Jump to solution

Not sure, but since you are actually cascading switches and dVS will see different MAC addresses, you may want to check whether allowing MAC address changes and Forged transmits is necessary in addition to promiscuous mode.

André

ccsmse
Contributor
Contributor
‎08-14-2013 05:23 AM
Jump to solution

Brilliant. Just tried this, and specifically enabling 'Forged Transmits' fixed it. That step wasn't on any of the guides i was following. It seems that ESXi 5.0 had these policy settings set to reject/accept/accept whereas in 5.1 these settings are set to reject/reject/reject, hence Forged Transmits was allowed by default previously.

Thankyou *very* much Smiley Happy

Here's a couple of relevant links that mention this requirement for further reference.

How The VMware Forged Transmits Security Policy Works via @ChrisWahl | Wahl Network

Nesting ESXi on ESXi 5.1 in vCloud Director 5.1 | vXpertise

0 Kudos
dbutch1976
Hot Shot
Hot Shot
‎09-05-2013 09:19 AM
Jump to solution

Hey guys,

In my case I was deploying nested ESXi hosts using autodeploy.  The first NIC would get an IP, but the second NIC simply wouldn't under any circumstances.  This fixed my issue also.

Thanks!

0 Kudos