DougBecketlee
Contributor
Contributor

New VLAN not communicating with Cisco

So, brand new to VSphere and having an issue. I'm usually the cisco guy but just getting into VMware.

I built out a new VLAN on a catalyst switch and got it up and running. After the issue started I even opened up a cisco TAC case so they could verify my design and build.

Issue is the switch is sending out arp requests but vsphere is not responding. In Vsphere the IP is set on the new server with correct IP and subnet and gateway. Connected the host with the correct VLAN. Only indication of a problem is the physical adapter does not see the VLAN or subnet...well and the server shows no internet connection.

0 Kudos
8 Replies
a_p_
Leadership
Leadership

Welcome to the Community,

from what you explain, I assume that the switch ports that the ESXi host connects to are configured as "Trunk" (802.1Q) ports, and the new VLAN is in the allowed list.

In order to be able to access this VLAN you need to create a new VM Portgroup with the new VLAN-ID on the vSwitch, and connect the virtual machine to this new port group.

If you've already done this, then please provide some more details about the network configuration, to find out what may be missing.

André

0 Kudos
DougBecketlee
Contributor
Contributor

Thanks for the prompt response. To the first, it is built and allowed on the same switch port (cisco side) that multiple other servers are also connected and functioning.

I watched the person who knows some about vsphere do everything you described but not sure how to verify "connect the virtual machine to this new port group."

By the way, this is VSphere 6.7

And if that is all done, what details about the network configuration would you need?

0 Kudos
a_p_
Leadership
Leadership

I re-read you initial question, and maybe I'm misunderstanding something. Can you please clarify whether the question is related a virtual machine on the host, or the host itself?

... what details about the network configuration would you need?

It would be helpful to see the show run output for the Cisco ports that the host is connected to. In case that the ports are configured as LACP/Etherchannel, post the channel configuration too.

From the ESXi host side post e.g. some screenshots of what has been configured regarding the network, i.e. IP settings, VLAN configuration, teaming&failover settings, port policies, ...

André

0 Kudos
DougBecketlee
Contributor
Contributor

OK, I have 2 VMs on 172.16.0.0 network(it's a unique network that has only the gateway IP and these 2 VMs using IPs from it) that are not pingable and have  no network access. I have no idea how to check if a host is connecting or not other then it says "connected".

The physical adapter the vswitch goes to does not show the new subnet, but shows the subnets for the 6 other VLANs which are all working just fine. They then goto a cisco switch port that has all the existing vlans allowed and are working through said port. Just the new vlan, which is allowed on the exact same port as all the other working VLANs don't work.

Since the cisco switch port has 6 working VLANs containing other VMs machines the port config is probably good.

0 Kudos
a_p_
Leadership
Leadership

Just to rule that out. Can you confirm that the two VMs do not have a firewall rule that blocks ICMP traffic?

VMs configured within the same subnet, and connected to the same port group should be able to reach each other, regardless of the physical network configuration.


André

0 Kudos
DougBecketlee
Contributor
Contributor

OK, verified firewalls on both virtual machines are completely disabled.

But notice now pinging virtual machine from the other gets a "destination host unreachable" response

0 Kudos
a_p_
Leadership
Leadership

Did you verify the subnet mask, and the gateway settings on the VMs?

André

0 Kudos
nachogonzalez
Commander
Commander

Hello, hope you are doing fine?

- Are you using vSS or vDS?
- Which NIC load balancing alogrithm are you using?

- What happens if you place the two VMs in the same ESXi host?
- Are VLANs correctly propagated?
- Is the VLAN backing for the portgroup propagated?

Please let me know if you need further assistance

Warm regards

0 Kudos