05-14-2013 03:22 AM
Hello,
I'm using the cisco Nexus 1000v 4.2.1.SV2.1.1a in Layer 2. I'm unable to add host to the N1KV dvSwitch when using the VLAN 901 for control and packet. But when i use the same VLAN that ESXi mgmt, it works. I thought it was a problem of configuration of this VLAN 901. But, after having created vmkernel, every ESXi can ping others ESXi using this VLAN 901.
So, do i forget something ? Is there a way to find where is the problem ? Is it due to 4.2.1.SV2.1.1a (where layer 3 is the default mode) ?
to swap control/packet to vlan 901 or 202, i change the configuration of svs-domain and change nic0 and nic2 to the good dvportgroup (so target vlan). I restart vem on ESXi. Is it enough ?
The configuration is the attached file.
Thanks for help.
Cedric.
Solved! Go to Solution.
05-14-2013 06:00 AM
Then you're missing VLAN 901 somewhere. Check all the switches between your VEM hosts and VSM. Ensure that VLAN 901 is created and allowed on all trunks.
A simple check is to do a "show mac address vlan 901" on each switch in your infrstucture path, and you should see the VSM and VEM's control MAC addresses. If you don't, this should lead you towards where VLAN 901 is missing or pruned from an uplink.
Robert
05-14-2013 04:39 AM
Yes, the SVS domain parameters must be correctly set for your Control & Packet VLANs.
svs-domain
domain id 1
control vlan 202
packet vlan 202
svs mode L2
Looking at the config above, you are using VLAN 202, but you haven't configured your control & packet vEthernet profile as such.
Please change the following port profiles paying attention to the changes in Red.
port-profile type vethernet prod-control-packet
vmware port-group
switchport mode access
switchport access vlan 901
switchport access vlan 202
no shutdown
system vlan 901
system vlan 202
state enabled
After you make these changes, you shouldn't have to do anything else. Ensure that VLAN 202 and allowed on every switch/uplink between your ESX hosts and the VSM.
Robert
05-14-2013 05:24 AM
Thanks,
but the vlan 901 is my target vlan.
The port-group "prod-control-packet" need to access vlan 901. 202 should be only for ESXi mgmt.
When i test the use of vlan 901 for control packet, i swap the vlan to have :
svs-domain
domain id 1
control vlan 901
packet vlan 901
svs mode L2
and i connect the VSM NICs (0 and 2) to "prod-control-packet" (before, it was connected to prod-esxi-mgmt). I restart/reload the VEMs. but they lost VSM connection (VEMs disappear from `show module`). With the command line "vemcmd show port", i can see that ports are blocked (F/B*). Same thing for a new host that i add to the N1KV dvswitch.
To repair, i swap control/packet vlan to 202 (ESXi mgmt vlan), connect VSM NICs back to prod-esxi-mgmt (vlan 202). VEMs reconnect to VSM. Sometimes, i need to restart VEM.
Thanks.
Cedric.
05-14-2013 05:29 AM
VLAN 901 and VLAN 202 are likely not in the same routed L3 subnet... you can't just change the VLANs and expect the subnets to work.
If you have connectivity with the VSM's interfaces in VLAN 902, then whichever subnet likes in this VLAN is the correct one. If you change the VLAN to 202, you'll likely have to change your VSM's IP, Mask, and gateway to match the VLANs accordingly.
Provide a network diagram pls.
Robert
05-14-2013 05:52 AM
I only change the VSM nic 0 (control) and nic 2 (packet). nic 1 with management remain on the prod-esxi-mgmt.
The only thing different between 202 and 901 is that 202 is routed.
Network diagram are attached. Thanks for your help.
Cedric.
when i swap to vlan 901
05-14-2013 06:00 AM
Then you're missing VLAN 901 somewhere. Check all the switches between your VEM hosts and VSM. Ensure that VLAN 901 is created and allowed on all trunks.
A simple check is to do a "show mac address vlan 901" on each switch in your infrstucture path, and you should see the VSM and VEM's control MAC addresses. If you don't, this should lead you towards where VLAN 901 is missing or pruned from an uplink.
Robert
05-15-2013 09:02 AM
Thanks,
the nexus 1000v was not directly involved. I think a change has been made on switches after your answer because today it works.
Thanks,
Cedric.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide