03-05-2010 10:41 AM
Hi,
I'm running into a problem with Guests's ports in a blocked state. From the vSphere interface the ports are in a blocked state (see attachment). From the Nexus CLI I get this:
nexus-1# sh interface status
--------------------------------------------------------------------------------
Port Name Status Vlan Duplex Speed Type
--------------------------------------------------------------------------------
mgmt0 -- up routed full 1000 --
Eth3/6 -- up trunk full 1000 --
Eth3/8 -- up trunk full 1000 --
Eth4/6 -- up trunk full 1000 --
Eth4/8 -- up trunk full 1000 --
Po1 -- up trunk full 1000 --
Po2 -- up trunk full 1000 --
Veth1 TESTMACHINE-Casey, down 1141 auto auto --
Veth2 TESTMACHINE2-Casey down 1141 auto auto --
ctrl0 -- up routed full 1000 --
I can't figure out why that's the case. I made sure that vlan 1141 is trunked all the way up to the VEM and is visible on the network and both the control/packet vlans are visible to the VEM/VSM.
Any guidance is much appreciated.
Casey
03-05-2010 02:54 PM
Can you post the running configuration. There are multiple reasons why the port could be down. Policies applied on the port might be getting rejected during the port bring up , Vlan not being active internally.
03-05-2010 05:24 PM
I meant to include the config...:) Here it is:
nexus-1# sh run
version 4.0(4)SV1(2)
username admin password 5 ******************* role network-admin
telnet server enable
ssh key rsa 2048
ip domain-lookup
ip host nexus-1 10.36.100.14
kernel core target 0.0.0.0
kernel core limit 1
system default switchport
vem 3
host vmware id 34343335-3237-5553-4539-343956574e46
vem 4
host vmware id 34343335-3232-5553-4539-343956574e48
snmp-server user admin network-admin auth md5 0x******************priv 0x***********************localizedkey
snmp-server enable traps license
vrf context management
ip route 0.0.0.0/0 10.36.100.1
hostname nexus-1
vlan 1
vlan 1100
name Management
vlan 1108
name TESTVLAN1
vlan 1109
name TESTVLAN2
vdc nexus-1 id 1
limit-resource vlan minimum 16 maximum 513
limit-resource monitor-session minimum 0 maximum 64
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 256
limit-resource u4route-mem minimum 32 maximum 80
limit-resource u6route-mem minimum 16 maximum 48
port-profile type vethernet GUEST-DATA
vmware port-group
switchport mode access
switchport access vlan 1141
no shutdown
state enabled
port-profile type ethernet SYSTEM-UPLINK
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 1100,1108-1109,1141
channel-group auto mode on sub-group cdp
no shutdown
system vlan 1108-1109
state enabled
port-profile type ethernet Unused_Or_Quarantine_Uplink
description Port-group created for Nexus1000V internal usage. Do not use.
vmware port-group
shutdown
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
description Port-group created for Nexus1000V internal usage. Do not use.
vmware port-group
shutdown
state enabled
interface port-channel1
inherit port-profile SYSTEM-UPLINK
interface port-channel2
inherit port-profile SYSTEM-UPLINK
interface Ethernet3/6
inherit port-profile SYSTEM-UPLINK
interface Ethernet3/8
inherit port-profile SYSTEM-UPLINK
interface Ethernet4/6
inherit port-profile SYSTEM-UPLINK
interface Ethernet4/8
inherit port-profile SYSTEM-UPLINK
interface mgmt0
ip address 10.36.100.14/24
interface Vethernet1
inherit port-profile GUEST-DATA
description TESTMACHINE-Casey, Network Adapter 1
vmware dvport 272
no shutdown
interface Vethernet2
inherit port-profile GUEST-DATA
description TESTMACHINE2-Casey, Network Adapter 1
vmware dvport 264
interface control0
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.2.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.2.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.2.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.2.bin sup-2
svs-domain
domain id 100
control vlan 1108
packet vlan 1109
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 10.36.131.148 port 81
vmware dvs uuid "df 36 2e 50 ee 2f a4 a8-d8 f2 c8 28 5e 32 1f 27" datacenter-name Informatics
connect
nexus-1#
03-06-2010 12:49 AM
Casey,
This type of error is usually a result of the uplink configuration.
- From vCenter can you display and capture the CDP information of the VEM interfaces connecting to the DVS
- Can you give a brief description of the topology used here. (Upstream Switch types/models etc).
- Paste the switchport configuration of the ports to which the VEM's are connected to.
- If your VEM modules show on the VSM (show mod) provide the output of:
module vem 3 execute vemcmd show port
module vem 3 execute vemcmd show trunk
module vem 3 execute vemcmd show pc
- If your VEM modules are not showing up on the VSM, from your VEM CLI can you provide the following outputs:
vemcmd show port
vemcmd show trunk
vemcmd show pc
I see you're using sub-group CDP which is fine as long as you're CDP is functioning correctly. Personally I prefer using mac-pinning as it doesn't require any upstream switchport configuration (other than setting the ports as trunks).
Provide the answers/info requested and we'll sort out whichever method you wish to use.
Regards,
Robert
03-07-2010 12:05 PM
Robert,
Thank you for the troubleshooting tips. I'm sure I'll use those at some point. I didn't have access to the ESX host over the weekend to execute these commands. The problem was a simple lack of VLAN definition on the VSM (see above).
Casey
03-07-2010 11:01 AM
Hi Casey,
the guest-vlan 1141 is missing in your configuration. Just add it, this should resolve the problem. Maybe a shut/noshut on the veth is necessary. Ports that are assigned to a not existing vlan, will show up as blocked in vCenter.
Cheers,
Jens
03-07-2010 11:59 AM
Thank you. That was the problem. The fact that this switch is virtual is getting in the way of my thinking. I had assumed that only the mgmt/control/data vlans needed to be defined but it makes sense that I need to define all vlans to be used here. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide