ESXi 5 - Nexus 1000v port blocked by admin

kkrogstad · ‎07-08-2012

I have an ESX host that I have added and removed from the Nexus several times, testing a migration method. Now the vMotion ports are showing "port blocked by admin".

I am not a networking person, so if there is a way in the Nexus OS to unblock the ports, I would appreciate some assistance...

chriswahl · ‎07-08-2012

Discussion moved from VMware ESXi 5 to VMware vSphere™ vNetwork

You should be able to check in the networking section of the vSphere client, and can turn off the port block.

Navigate to:

Home > Inventory > Networking > Find the portgroup for the dvSwitch > Ports Tab > Locate port for that vmk > Right click, choose Properties > Miscellaneous

Here's a screenshot of a sample in my lab

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators

kkrogstad · ‎07-12-2012

I don't see Properties. And my "Edit Settings" is greyed out.

Josh26 · ‎07-12-2012

Chris Wahl wrote:
Discussion moved from VMware ESXi 5 to VMware vSphere™ vNetwork
You should be able to check in the networking section of the vSphere client, and can turn off the port block.
Navigate to:
Home > Inventory > Networking > Find the portgroup for the dvSwitch > Ports Tab > Locate port for that vmk > Right click, choose Properties > Miscellaneous
Here's a screenshot of a sample in my lab

I don't believe this applies to a Nexus user.

This occurs any time the VSM cannot communicate with the VEM. Are you using L2 or L3 deployment? I resolved a lot of niggly issues once I moved to L3.

Does the VSM see the redundant VSM and all the VEMs as installed modules?

kkrogstad · ‎07-17-2012

Ok, Now we're on the right track... I did a Show Mod, and it is not showing the second ESXi host. weird, because the uplinks are added. How do I add the second host from the Nexus?

vswitchalphanexus1k(config)# sho mod
Mod Ports Module-Type                       Model               Status
--- ----- -------------------------------- ------------------ ------------
1    0      Virtual Supervisor Module         Nexus1000V          active *
2    0      Virtual Supervisor Module         Nexus1000V          ha-standby
3    248    Virtual Ethernet Module           NA                  ok

Mod Sw                  Hw
--- ------------------ ------------------------------------------------
1    4.2(1)SV1(5.1)      0.0
2    4.2(1)SV1(5.1)      0.0
3    4.2(1)SV1(5.1)      VMware ESXi 5.0.0 Releasebuild-721882 (3.0)

Mod MAC-Address(es)                         Serial-Num
--- -------------------------------------- ----------
1    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
2    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
3    02-00-0c-00-03-00 to 02-00-0c-00-03-80 NA

Mod Server-IP        Server-UUID                           Server-Name
--- --------------- ------------------------------------ --------------------
1    10.100.180.9     NA                                    NA
2    10.100.180.9     NA                                    NA
3    10.100.180.220   8c50db82-b4a0-11e1-00a1-00000000001a 10.100.180.220

Josh26 · ‎07-17-2012

That will be your issue.

The Nexus deployment guide discusses how to do an L2 deployment, and an L3 deployment. Which are you doing? L2 is depreciated.

Gurbatullah · ‎03-25-2013

Hi,

I was having the same issue .showing edit disable and port was block by admin,

The problem was i have had not created the same VLAN as the port profile was created in Nexus switch .

I follwed the following steps its started working.

Adding a new VLAN for VMware Servers As Example VLAN 121 VOICE-SERVER-VLAN

Step 1-

Create Vlan on Nexus1000V

conf t

lan 121

name IPTEL

Step-2

Add a Port profile for vethernet

port-profile type vethernet 121_IPTEL

vmware port-group

switchport mode access

switchport access vlan 121

no shutdown

state enabled

Step-3

Add a port profile ethernet for uplink which is having the original server.

port-profile type ethernet VM-Data-10G

vmware port-group

switchport mode trunk

switchport trunk allowed vlan 2,121

channel-group auto mode on mac-pinning

no shutdown

state enabled

Step-4

Add VLAN on Cisco UCS

Step-5

Allow VLAN on ther Server NIC

virtualzep · ‎03-11-2014

I had a similar problem, for me the solution seems to have been to turn up the interface in the guest OS and make sure the MAC addresses align.

e.g. VM config shows eth1 mac ending in 0a on vlan a, eth2 mac ending in 0b on vlan b, eth 3 mac ending in 0c on vlan c,

in linux I ended up with eth0 having mac 0a, eth1 with mac 0c, eth2 with mac 0b.

to get all ports into 'up' status, I ran "ifconfig eth[012] up"

hope this helps.

kpayne469 · ‎06-23-2014

A very common reason for this is you accidentally patch your ESX host with the update manager with a newer version than the 1K has installed. Your best bet is to run this command on an ESX server that is working (not blocked on your 1K) and your ESX server that doesn't work --

esxcli software vib list

Browse this list for the cisco VEM, it should look like this -

cisco-vem-v162-esx

4.2.1.2.2.1a.0-3.1.1

If the non-functioning ESX server has a newer version of that VEM above, then your nexus 1000V will always show 'port blocked by admin'. You'll need to uninstall that VEM and then manually install the version you see on your other ESX servers. Another way to do it wouod be to remove the non-functioning ESX host from the 1000V, uninstall the VEM, then add the host to the 1000V again. The 1000V should install the proper patch for you.

The command for uninstalling the VEM is located in this KB - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=102162...

Hopefully you'll track it down.

grasshopper · ‎06-24-2014

FYI - this post is 2 years old. Here's a more current one from yesterday:

Re: Failed to connect virtual device ethernet0.