Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1997
Views
0
Helpful
6
Replies

Problem with control/packet VLAN

Go to solution
didier.martin@arumtec.net
Level 1
Level 1

‎05-14-2013 03:22 AM

Hello,

I'm using the cisco Nexus 1000v 4.2.1.SV2.1.1a in Layer 2. I'm unable to add host to the N1KV dvSwitch  when using the VLAN 901 for control and packet. But when i use the same VLAN that ESXi mgmt, it works. I thought it was a problem of configuration of this VLAN 901. But, after having created vmkernel, every ESXi can ping others ESXi using this VLAN 901.

So, do i forget something ? Is there a way to find where is the problem ? Is it due to 4.2.1.SV2.1.1a (where layer 3 is the default mode) ?

to swap control/packet to vlan 901 or 202, i change the configuration of svs-domain and change nic0 and nic2 to the good dvportgroup (so target vlan). I restart vem on ESXi.  Is it enough ?

The configuration is the attached file.

Thanks for help.

Cedric.

Labels:
conf.txt.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to didier.martin@arumtec.net

‎05-14-2013 06:00 AM

Then you're missing VLAN 901 somewhere.  Check all the switches between your VEM hosts and VSM.  Ensure that VLAN 901 is created and allowed on all trunks.

A simple check is to do a "show mac address vlan 901" on each switch in your infrstucture path, and you should see the VSM and VEM's control MAC addresses.  If you don't, this should lead you towards where VLAN 901 is missing or pruned from an uplink.

Robert

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎05-14-2013 04:39 AM

Yes, the SVS domain parameters must be correctly set for your Control & Packet VLANs. 

svs-domain

  domain id 1

  control vlan 202

  packet vlan 202

  svs mode L2 

Looking at the config above, you are using VLAN 202, but you haven't configured your control & packet vEthernet profile as such. 

Please change the following port profiles paying attention to the changes in Red.

port-profile type vethernet prod-control-packet

  vmware port-group

  switchport mode access

  switchport access vlan 901

switchport access vlan 202

  no shutdown

  system vlan 901

  system vlan 202

  state enabled

After you make these changes, you shouldn't have to do anything else.  Ensure that VLAN 202 and allowed on every switch/uplink between your ESX hosts and the VSM.

Robert

0 Helpful

Go to solution
didier.martin@arumtec.net
Level 1
Level 1
In response to Robert Burns

‎05-14-2013 05:24 AM

Thanks,

but the vlan 901 is my target vlan.

The port-group "prod-control-packet" need to access vlan 901. 202 should be only for ESXi mgmt.

When i test the use of vlan 901 for control packet, i swap the vlan to have :

svs-domain

  domain id 1

  control vlan 901

  packet vlan 901

  svs mode L2 

and i connect the VSM NICs (0 and 2) to "prod-control-packet" (before, it was connected to prod-esxi-mgmt). I restart/reload the VEMs. but they lost VSM connection (VEMs disappear from `show module`). With the command line "vemcmd show port", i can see that ports are blocked (F/B*). Same thing for a new host that i add to the N1KV dvswitch.

To repair, i swap control/packet vlan to 202 (ESXi mgmt vlan), connect VSM NICs back to prod-esxi-mgmt (vlan 202). VEMs reconnect to VSM. Sometimes, i need to restart VEM.

Thanks.

Cedric.

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to didier.martin@arumtec.net

‎05-14-2013 05:29 AM

VLAN 901 and VLAN 202 are likely not in the same routed L3 subnet... you can't just change the VLANs and expect the subnets to work. 

If you have connectivity with the VSM's interfaces in VLAN 902, then whichever subnet likes in this VLAN is the correct one.  If you change the VLAN to 202, you'll likely have to change your VSM's IP, Mask, and gateway to match the VLANs accordingly.

Provide a network diagram pls.

Robert

0 Helpful

Go to solution
didier.martin@arumtec.net
Level 1
Level 1
In response to Robert Burns

‎05-14-2013 05:52 AM

I only change the VSM nic 0 (control) and nic 2 (packet). nic 1 with management remain on the prod-esxi-mgmt.

The only thing different between 202 and 901 is that 202 is routed.

Network diagram are attached. Thanks for your help.

Cedric.

goodcisco.jpg

when i swap to vlan 901

problemcisco.jpg

0 Helpful

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to didier.martin@arumtec.net

‎05-14-2013 06:00 AM

Then you're missing VLAN 901 somewhere.  Check all the switches between your VEM hosts and VSM.  Ensure that VLAN 901 is created and allowed on all trunks.

A simple check is to do a "show mac address vlan 901" on each switch in your infrstucture path, and you should see the VSM and VEM's control MAC addresses.  If you don't, this should lead you towards where VLAN 901 is missing or pruned from an uplink.

Robert

0 Helpful

Go to solution
didier.martin@arumtec.net
Level 1
Level 1
In response to Robert Burns

‎05-15-2013 09:02 AM

Thanks,

the nexus 1000v was not directly involved. I think a change has been made on switches after your answer because today it works.

Thanks,

Cedric.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents