cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1264
Views
5
Helpful
9
Replies

Need help troubleshooting connectivity from ESXi on a B440 blade to the upstream LAN

George Sypsomos
Level 1
Level 1

Please excuse my newness. This is my new lab environment where I'm trying to teach myself UCS.

 

Problem: I've created a port-channel in UCSM (on a standalone 6248up, firmware 2.2(3f)) and connected it to my 2960 switch, but I'm only seeing multicast traffic in the input section of the port-channel on the 2960 ("show int p01").

 

2960 config:

G0/21 and G0/22:

switchport trunk allowed vlan 101

switchport mode trunk

channel-protocol lacp

channel-group mode active

Port-channel 1:

switchport trunk allowed vlan 101

switchport mode trunk

 

On my FI in UCSM, I have configured port-channel 1 with the two ethernet interfaces that are connected to the 2960, in the service profile for my ESXi server's blade, I have added two vNIC's and assigned the same VLAN as my upstream network that I'm trying to connect with, and ESXi (6.7) sees both vNIC's with the MAC addresses given to them, but ESXi cannot ping the default gateway nor the DNS server on my upstream network. The only thing I see is multicast counters incrementing on the 2960 port-channel when I perform the network test from the ESXi console.

 

I have 3 questions.

1. Is there a way to view logging / test traffic flow (like in an ASA) / capture traffic on the FI interfaces or port-channel, so I can see what this multicast traffic is?

2. Is my 2960 upstream configured correctly?

3. How does the FI know to send the traffic from the vNIC's through the port-channel I created?

 

Thanks,

George

 

 

1 Accepted Solution

Accepted Solutions

Hello


@George Sypsomos wrote:

Please excuse my newness. This is my new lab environment where I'm trying to teach myself UCS.

 

Problem: I've created a port-channel in UCSM (on a standalone 6248up, firmware 2.2(3f)) and connected it to my 2960 switch, but I'm only seeing multicast traffic in the input section of the port-channel on the 2960 ("show int p01").

 

2960 config:

G0/21 and G0/22:

switchport trunk allowed vlan 101

switchport mode trunk

channel-protocol lacp

channel-group mode active

Port-channel 1:

switchport trunk allowed vlan 101

switchport mode trunk

 

On my FI in UCSM, I have configured port-channel 1 with the two ethernet interfaces that are connected to the 2960, in the service profile for my ESXi server's blade, I have added two vNIC's and assigned the same VLAN as my upstream network that I'm trying to connect with, and ESXi (6.7) sees both vNIC's with the MAC addresses given to them, but ESXi cannot ping the default gateway nor the DNS server on my upstream network. The only thing I see is multicast counters incrementing on the 2960 port-channel when I perform the network test from the ESXi console.


As the default native untagged vlan on a Cisco switch is vlan1 do you also have a untagged vlan 1 on the server and are the vnics assigned to vlan 101

I see you've create a dynamic LACP PC on the switch , Does the esxi support lacp teaming,  Have you tried using a staic PC instead

conf t

no interface portchannel 1
defa interface gig0/21 -22
int ran gig0/21 -22
shut
channel-group 1 mode on
no shut

interface Portchannel 1
switchport
switchport mode trunk


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

9 Replies 9

Hello,

 

I think the 2960 port channel needs to be in a vpc:

 

interface Port-channel 1
switchport mode trunk
vpc1
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
!
interface GigabitEthernet0/21
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/21
switchport mode trunk
channel-group 1 mode active

Hi Georg. This is one physical 6248up FI connected to one physical 2960. Virtual port-channels would be for linking two physically separate 2960's to make the FI think they are one, correct?

There is no vpc command in the port-channel interface configuration mode.

I removed both Gb ports and the po1 from specifically allowing vlan 101 in the trunk, and also blocked the BPDU's with the commands you suggested (except for port type edge trunk, which also didn't exist), but I can still not ping, and am not seeing anything other than multicasts on the Input counters of the port-channel on the 2960.

Is there a way I can do a show config via CLI (I can't figure this out either) on the port-channel and interfaces and service profile of the FI, so I can post them here?

Hello


@Georg Pauwen wrote:

Hello,

 

I think the 2960 port channel needs to be in a vpc:

 

interface Port-channel 1
switchport mode trunk
vpc1
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable


Not sure about applying bpduguard/filter on a trunk, I would say it isn't advisable to do that on a trunk due to stp possible loops being incurred, Also the 2960's dont support vpc?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello


@George Sypsomos wrote:

Please excuse my newness. This is my new lab environment where I'm trying to teach myself UCS.

 

Problem: I've created a port-channel in UCSM (on a standalone 6248up, firmware 2.2(3f)) and connected it to my 2960 switch, but I'm only seeing multicast traffic in the input section of the port-channel on the 2960 ("show int p01").

 

2960 config:

G0/21 and G0/22:

switchport trunk allowed vlan 101

switchport mode trunk

channel-protocol lacp

channel-group mode active

Port-channel 1:

switchport trunk allowed vlan 101

switchport mode trunk

 

On my FI in UCSM, I have configured port-channel 1 with the two ethernet interfaces that are connected to the 2960, in the service profile for my ESXi server's blade, I have added two vNIC's and assigned the same VLAN as my upstream network that I'm trying to connect with, and ESXi (6.7) sees both vNIC's with the MAC addresses given to them, but ESXi cannot ping the default gateway nor the DNS server on my upstream network. The only thing I see is multicast counters incrementing on the 2960 port-channel when I perform the network test from the ESXi console.


As the default native untagged vlan on a Cisco switch is vlan1 do you also have a untagged vlan 1 on the server and are the vnics assigned to vlan 101

I see you've create a dynamic LACP PC on the switch , Does the esxi support lacp teaming,  Have you tried using a staic PC instead

conf t

no interface portchannel 1
defa interface gig0/21 -22
int ran gig0/21 -22
shut
channel-group 1 mode on
no shut

interface Portchannel 1
switchport
switchport mode trunk


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The ESXi server is installed on a B440 blade in a UCS 5108 chassis. I did create vlan 101 in UCSM, and applied it to the vNIC's that are on the VMware service profile for the blade. The vlans should be transparent to the guest on the blade. My only question about that, is how the vNIC's know to use the port-channel as the uplink to the upstream LAN.

I tried pinning the vNIC to the port-channel in question, and it appears to have had no effect. I think this is because that was the only port-channel on the system which is used to connect upstream, and the UCS switch would have automatically used the port-channel anyway. Still no network connectivity other than multicasts.

Is there a way to monitor the traffic in UCSM so I can see what these multicasts are coming from?

Your comment below made me think to check the mac address-table on the FI:

"As the default native untagged vlan on a Cisco switch is vlan1 do you also have a untagged vlan 1 on the server and are the vnics assigned to vlan 101"

When I checked it, I only saw addresses from the Fiber itself, Chassis, etc., but nothing from the ESXi server's interfaces. So I tested changing the management vlan in the ESXi configuration from blank, to 101, and the network came up. Everything network-wise is working smoothly now. So, I take it for future reference, that the blank management vlan setting in ESXi is actually something other than no tagging, or else the traffic would have been allowed through the Fabric.

 

Thanks for your thoughts,

George

To identify the core of the problem - the Native VLAN box was not checked in my vNIC configuration for the interface in the Service Profile, so everything was being tagged to VLAN 1. So, while changing the VLAN of the management interface of the ESXi server fixed a symptom, it did not fix the problem. Checking the Native VLAN box on VLAN 101 in the VLAN assignments of my vNIC's is what resolved the problem. I discovered this by installing Windows 2016 on bare metal as a test to see if the ESXi server/image was somehow the cause of the problem. When I couldn't figure out how to tag VLAN's in Windows 2016's Cisco interfaces, I had to look more into why the traffic was getting tagged incorrectly, and that's when I discovered that "Native VLAN" was not checked in the vNIC config for VLAN 101.

I hope this helps future readers and learners like myself!

-George

Review Cisco Networking for a $25 gift card