VMware Cloud Community
PD223345
Contributor
Contributor
‎04-29-2008 09:15 PM
Jump to solution

Strange problem when using trunking

Hi,

I have the following setup :

- Cisco 4506 IV:

EtherChannel Load-Balancing Configuration:

src-dst-port

interface GigabitEthernet2/13

description VMHOST3 - INT. NETWORK

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 50,60,200,201

switchport mode trunk

switchport nonegotiate

no cdp enable

channel-group 4 mode on

spanning-tree portfast trunk

!

interface GigabitEthernet2/14

description VMHOST3 - INT. NETWORK

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 50,60,200,201

switchport mode trunk

switchport nonegotiate

no cdp enable

channel-group 4 mode on

spanning-tree portfast trunk

interface Port-channel4

description VMware ESX - Trunk

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 50,60,200,201

switchport mode trunk

switchport nonegotiate

speed 1000

spanning-tree portfast trunk

ESX Server 3.5.0,82663

vSwitch3 ( where I have my VMs )

VLAN ID : None

Promiscuous Mode : Reject

MAC Address Changes : Reject

Forged Transmits : Reject

Load Balancing : Port ID

Network Failure Detection : Link Status only

Notify Switches : Yes

Failback : No

Active Adapters: vmnic3, vmnic4

I am getting a mix of errors when doing a ping :

Destination host unreachable.

Destination host unreachable.

Destination host unreachable.

Request timed out.

Request timed out.

Request timed out.

I did some reseach, and this seems the optimal config in both sides ( Cisco and VMWARE ), but I don't understand why is not working...

Now I moved to "switchport mode access" and it's working... But I have some VMs that have different IP from my access VLAN...

Someone has an idea why is not working when using trunking ?

Regards,

Paulo

0 Kudos
1 Solution

Accepted Solutions
stumpr
Virtuoso
Virtuoso
‎04-30-2008 09:37 AM
Jump to solution

What is the VLAN ID of the VLAN you're VMs are on? Each portgroup needs a VLAN ID for that VLAN. You only allowed a few VLAN IDs on your trunk.

switchport trunk allowed vlan 50,60,200,201

VLAN ID 0 is for the Native VLAN. It's not good enough to leave it unset as someone said (at least in my experience and my current enviroment, which is also Cisco). If you do configure a native vlan, which I don't see in your initial configuration, then you would create a portgroup with a VLAN Tag of 0 for that native vlan, the rest would need tags appropriate to their vlan assignment.

Create a portgroup on your virtual switch for each vlan tag you allow on your trunk...here I see 50, 60, 200, 201. Then test (assuming you of course change the ip address of your VM hosts ip stack to match the vlan in question for basic connectivity).

You can also enable portfast on some Cisco IOS versions. I believe the command was 'spanning-tree portfast trunk'. There is no STP from VMware so you can sleep easily there. If you're really concerned about it and don't trust VMware networking configuration, you can enable BDPU guard on the port...though if their is an actual BDPU you will find that port disabled Smiley Happy

Reuben Stump | http://www.virtuin.com | @ReubenStump

View solution in original post

0 Kudos
8 Replies
TheVirtualNut
Enthusiast
Enthusiast
‎04-29-2008 09:51 PM
Jump to solution

So you cant get to the service console or to VM? (not sure what you were trying to ping?)

Anyway, from memory, for service console when trunking you need to set the service console VLAN as the default VLAN on those ports, then dont use any tagging on the S/C port group.

We have experience problems using portfast, memory is shady on this so try enable/dissable it. I just found some stuff on spanning tree that we used, compare it to your settings to see if your problem lies there.

hate to state the obvious, did you configure the VLAN ID on the port group you connected your VM to?

spanning-tree vlan XXX priority 4096

!

interface VlanXXX

description <VLAN name>

ip address 10.X.X.254 255.255.254.0

ip helper-address 10.X.X.X

ip ospf cost 5

standby 25 ip 10.X.X.240

standby 25 priority 105

standby 25 preempt

!

Bit of a scattered reply, but hopefully give some areas to start looking....

Cheers

Nuts!

Rumple
Virtuoso
Virtuoso
‎04-29-2008 10:26 PM
Jump to solution

Be sure to also set the native vlan to a vlan that will NOT be crossing over the trunk (ie, makup one up).

I think if you do not do that it will not tag all the packets...

0 Kudos
happyhammer
Hot Shot
Hot Shot
‎04-30-2008 01:59 AM
Jump to solution

your virtual switch should be IP hash and not port ID if using etherchannel

0 Kudos
kjb007
Immortal
Immortal
‎04-30-2008 07:25 AM
Jump to solution

As TheVirtualNut pointed out, your VLAN id is set to : NONE. You will need to modify this so the vSwitch tags the frames so the physical switch knows which VLAN to pass the traffic to. If you are trunking your service console connection on the allowed VLANs, then you will need to add a VLAN ID on that portgroup as well. If your config works when you're using your port in access mode, then the portgroup you are connecting through is the native VLAN for that port on the switch, which is allowing communication.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
PD223345
Contributor
Contributor
‎04-30-2008 08:48 AM
Jump to solution

Sorry, I forgot to mention.... I am not using trunk with service console, just with the VM Network ( Production Network ). I am incapable to ping the VMs. Service Console is working fine.

Before use channel-port I tried without it...

Config I am using :

interface Vlan50

ip address XXX.XX.XXX.XXX 255.255.255.0

ip pim sparse-dense-mode

ip igmp join-group 230.0.0.1

ip cgmp

standby 3 ip XXX.XX.XXX.XXX

standby 3 timers msec 600 msec 1800

standby 3 preempt delay minimum 1

service-policy input Voice-policy

VLAN ID ( VMWARE ) is set as None ( VLAN ID : None )

0 Kudos
PD223345
Contributor
Contributor
‎04-30-2008 09:22 AM
Jump to solution

I tested both with 0 and 4095 - VLAN ID ( VMWARE)

0 Kudos
stumpr
Virtuoso
Virtuoso
‎04-30-2008 09:37 AM
Jump to solution

What is the VLAN ID of the VLAN you're VMs are on? Each portgroup needs a VLAN ID for that VLAN. You only allowed a few VLAN IDs on your trunk.

switchport trunk allowed vlan 50,60,200,201

VLAN ID 0 is for the Native VLAN. It's not good enough to leave it unset as someone said (at least in my experience and my current enviroment, which is also Cisco). If you do configure a native vlan, which I don't see in your initial configuration, then you would create a portgroup with a VLAN Tag of 0 for that native vlan, the rest would need tags appropriate to their vlan assignment.

Create a portgroup on your virtual switch for each vlan tag you allow on your trunk...here I see 50, 60, 200, 201. Then test (assuming you of course change the ip address of your VM hosts ip stack to match the vlan in question for basic connectivity).

You can also enable portfast on some Cisco IOS versions. I believe the command was 'spanning-tree portfast trunk'. There is no STP from VMware so you can sleep easily there. If you're really concerned about it and don't trust VMware networking configuration, you can enable BDPU guard on the port...though if their is an actual BDPU you will find that port disabled Smiley Happy

Reuben Stump | http://www.virtuin.com | @ReubenStump
0 Kudos
kjb007
Immortal
Immortal
‎04-30-2008 10:20 AM
Jump to solution

As stumpr pointed out, you need port groups on your vSwitch that reference each VLAN. Something has to tag the packets in the correct VLAN. You can either use portgroups with the correct VLAN tags, and select that portgroup in your VM, or you can set 4095 on your switch, and set VLAN id's on your virtual NICs inside of each VM. The portgroups are an easier method, as you won't need to manage VLAN id's on a per vm basis.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos