mrdlnf80
Contributor
Contributor

NSX Security Group can't get VM IP Address

Jump to solution

Hi All,

I have a strange situation in my lab environment, i create a security group consist of 2 VMs but when i checked the addrsets, only one IP is listed there, here is the screenshot :

addrsets.png

It's supposed to 2 IP reported : 192.168.0.34 and 192.168.0.38, but NSX only see one IP. Then i am trying to add another VM with IP 192.168.0.33, NSX can see both IPs :

addrsets2.png

Seems the VM with IP 192.168.0.34 has a problem but i have no idea why the issue is only happened to this VM, any idea how to troubleshoot it?

Thanks alot

BR,

Davy

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
lvschie
Enthusiast
Enthusiast

What NSX version are you running?

There have been improved detection mechanisms since 6.2, which do not rely on VMware tools.

View solution in original post

0 Kudos
5 Replies
showard1
Enthusiast
Enthusiast

Are VMware tools running correctly inside the VM in question?  Are they out of date maybe?

0 Kudos
mrdlnf80
Contributor
Contributor

Hi Sean,

The VMtools is running and vCenter can see the IP, also there is no error at all when the VM join to the SG, actually .34 n .38 using exactly same vmtools version.

Thanks alot

0 Kudos
lvschie
Enthusiast
Enthusiast

What NSX version are you running?

There have been improved detection mechanisms since 6.2, which do not rely on VMware tools.

0 Kudos
mrdlnf80
Contributor
Contributor

Hi Ivschie,

Yes i am running NSX 6.2, i had tried to change the IP Detection using ARP Snooping, and it was worked. I am still confused why with the exactly same VMtools, NSX can't get the IP. Maybe even though the VMtools is running well but there is some glitch. Anyway i will try to reinstall the VMtools from scratch (the VMs are Debian 6).

Thanks alot

0 Kudos
agautschi
Contributor
Contributor

I have observed something similar with open vmware tools where for one VM things worked just fine and for the other the address did not get resolved into an ip address set even though it was properly reported in spoofguard. The issue was caused by open vmware tools not having been properly installed on one of the VMs.

That kind of issue illustrates exactly why using a network based IP detection mechanism may be a better choice.

0 Kudos