VMware Networking Community
AlexAckerman
Enthusiast
Enthusiast
Jump to solution

VM's assigned to new segment default to "Blocked" state

Good Evening/Morning/Whenever!

I'm working through an NSX-T 3.0.1 install on a Home Lab environment and I'm running into a quirky issue that doesn't seem right.  I have a single manager node and each of my hosts configured as transport nodes.  They are all showing up.  However, when I create a segment and it shows up in vCenter, the default behavior when I migrate a VM to the new segment is to have the port default to a "Blocked" state.  I used default settings and profiles when creating the segments (no special segment profile).  The only "custom" thing with my Transport Node profile is the VLAN for the Overlay network.  I'm able to SSH into the Transport Node and use the following command to manually unblock the port:

net-dvs -s com.vmware.common.port.block=false <DSwitch> -p <Port ID>

The result of doing that for 1 of the 2 VMs on the segment is shown in the attachment.  

Environment:

NSX-T 3.0.1.1.0.16567454

vCenter 7.0.1.00200

ESXi, 7.0.1, 17168206

The Distributed Switch is version 7.0.0

I would like to not have to rebuild the environment again if this can be fixed in a setting or switch somewhere.  It has taken me a while to get to the point where the two VMs on the same segment on different hosts can ping each other successfully after I unblock the ports.

Thank you!

Alex

Reply
0 Kudos
1 Solution

Accepted Solutions
AlexAckerman
Enthusiast
Enthusiast
Jump to solution

Hello everyone,

Managed to get this working the 2nd (or was it 8th time now...) around.  I was able to create an overlay segment on the Overlay Transport Zone (which has my 4 virtual ESXi hosts configured as transport nodes).  It showed up in vCenter properly.  I attached 2 vm's to it, set their static IP addresses to the segment ip space, and was able to ping between the two. 

The segment ports show "Link Up" in vCenter and the segment statistics show the ping traffic between the two vms.  

I'm going to chalk this one down to an unclean config due to the many changes and adjustments I was making to transport nodes, zones, etc.

Time to actually see what NSX is all about now...

Alex

View solution in original post

Reply
0 Kudos
4 Replies
aggarwalvinay31
Enthusiast
Enthusiast
Jump to solution

Hi Alex,

Is it possible to send Segment configuration details and Segment Profile configuration details?

Reply
0 Kudos
AlexAckerman
Enthusiast
Enthusiast
Jump to solution

Unfortunately, I decided to rebuild the home lab network stack over the long weekend.  I'm getting closer to being able to test the segments on the new config. I'm hoping it was an issue with leftover crud from the multiple instances of bringing up manager nodes, tearing them down, and such.  I'll post my results here when I finish later this weekend.

 

Thank you!

Alex

Reply
0 Kudos
AlexAckerman
Enthusiast
Enthusiast
Jump to solution

Hello everyone,

Managed to get this working the 2nd (or was it 8th time now...) around.  I was able to create an overlay segment on the Overlay Transport Zone (which has my 4 virtual ESXi hosts configured as transport nodes).  It showed up in vCenter properly.  I attached 2 vm's to it, set their static IP addresses to the segment ip space, and was able to ping between the two. 

The segment ports show "Link Up" in vCenter and the segment statistics show the ping traffic between the two vms.  

I'm going to chalk this one down to an unclean config due to the many changes and adjustments I was making to transport nodes, zones, etc.

Time to actually see what NSX is all about now...

Alex

Reply
0 Kudos
aggarwalvinay31
Enthusiast
Enthusiast
Jump to solution

Good to hear Alex. All the best with NSX. 👍

Reply
0 Kudos