MrSiddiqui
Enthusiast
Enthusiast

Standard vSwitch_Custom VM network(Vlan200_VM Network)port group not working.

Jump to solution

Hi Guys...

Scnerio:

Esxi 5.0

Vcenter 5.0

2 Lan cards connected to vswitich 0 in Active\Active configuration.

VM Name: FSAPP_1

Note: proper VLAN are created in EXTERNAL NETWORK

I have Created another VM Network port group for VLAN 200_VM Network.

I have attached TWO LAN cards to VM. One LAN card is connected to default VM Network port group and another one is connected to VLAN200_VM Network.

One LAN card is connected to LAN (Private IP) and another one is connected to WAN (Public IP) .. IF I CONNECT BOTH VMNICS TO "DEFAULT VM NETWORK" i am able to ping both subnets.


But any vNIC that is connected to VLAN200_VM Network is NOT Working..



Please see the attached snapsshots...

Thanks

0 Kudos
1 Solution

Accepted Solutions
TomHowarth
Leadership
Leadership

I did not ask you to do that, what I asked you to test is the two seperate VM's on the same host be configured to use the VLAN 200 portgroup,   and verify that these two guests are able to talk to each other.

Once you have found out that the above works. go back to your Network team and request them to configure the switch egress ports to be set as Trunk (which will not strip the VLAN tag off the packet on switch egress) as opposed to being set as Access (that does Strip the VLAN tag).

It is my firm beleif that the port group is not working because your switch is misconfigured as per my above statement.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

View solution in original post

0 Kudos
7 Replies
MrSiddiqui
Enthusiast
Enthusiast

Guys where are youuuuuuuuuuuuuu...................   ???

0 Kudos
TomHowarth
Leadership
Leadership

Are you absolutely certain that the VLAN 200 has been created and defined on the upstream switch, as a test can you create another VM with the NIC assigned to VLAN 200 to see if they can speak to each other from your host.

so this is what I want you to do.

VM1 single NIC assigned to PortGroup VLAN 200_VM Network

VM2 single NIC assigned to PortGroup VLAN 200_VM Network

configure IPs and see if they can talk to each other accross the vSS.  if they can then the issue is external to the hosts.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
MrSiddiqui
Enthusiast
Enthusiast

Hi Tom,

Yes VLAN 200 is confiigued in the external network and i am able to Ping the machines in Public subnet  and also LAN subnet  ONLY when both the vNICS are connected to "Default VM Network" port group....

0 Kudos
TomHowarth
Leadership
Leadership

Check with your networking teams that the ports that are asigned to your host are configured as "trunk" and not "access",

What I think is happening is that the VLAN tags are being stripped off the ingress packets.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
MrSiddiqui
Enthusiast
Enthusiast

Hi Tom,

I have connected both vNICS to port grop "VLAN_200".. and was UNABLE to ping both PUB and Private subnets...

When i connect both to default VM network i am ABLE to ping both pub and private subnets.

0 Kudos
weinstein5
Immortal
Immortal

I assume when both are connected to the VLAN_200 VM port group they are able to ping each other -  I have to second Tom's analysis - VLAN tag does nothing more than tag the IP packets as it passes through the switch out to the physical network - if the physical switch is not configured for vlan tag it will not go anywhere -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
0 Kudos
TomHowarth
Leadership
Leadership

I did not ask you to do that, what I asked you to test is the two seperate VM's on the same host be configured to use the VLAN 200 portgroup,   and verify that these two guests are able to talk to each other.

Once you have found out that the above works. go back to your Network team and request them to configure the switch egress ports to be set as Trunk (which will not strip the VLAN tag off the packet on switch egress) as opposed to being set as Access (that does Strip the VLAN tag).

It is my firm beleif that the port group is not working because your switch is misconfigured as per my above statement.

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos