Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
2
Replies

Request assistance: routing vlans with ESX

richard.darlington
Level 1
Level 1

‎04-28-2016 09:07 AM - edited ‎03-08-2019 05:32 AM

First - I am a newbie - handle with care....

I have inherited a 'pod' of servers in a data center, with two Nexus 7000 core switches.  There are extenders and other switches involved, but my question relates to ports directly off the core switches.  Default VLAN1 is administratively down, and all ports are set to access mode VLAN2, or VLAN26 (the management VLAN).  Channel groups, vpc, etc are trunked allowing all VLANS.

I have 4 ESX servers directly connected to the cores that are configured in access mode VLAN2 - and they allow connectivity.  I now have the need to isolate a new VLAN (VLAN22) for some new users.  So end game, all VLAN2 traffic needs to go to all servers, channel groups, vpc, ESX, etc... and some VM's in the ESX will need to be isolated on VLAN22.

I created the new VLAN22, and the new VLAN interface to mimic what was already there for VLAN2, but using the .22.x network address instead of the .20.x network (which is what VLAN2 is on).  The running config looks like:

interface Vlan2
  no ip redirects
  ip address 10.10.20.4/24
  description <<** CFS **>>
  no shutdown

interface Vlan22
  no ip redirects
  ip address 10.10.22.4/24
  description FCCMS
  no shutdown

interface Ethernet1/33
  description S4010VH01 Nic1
  switchport
  switchport access vlan 2
  no shutdown

I took one of the ESX servers off line and attempted to trunk its ports, allowing all vlans - but doing that kills all connectivity to the ESX server.  I can't ping it or access any of the VMs.  I thought this would allow any and all traffic through the port, as well as allowing any tagged traffic for any VLAN.  I am assuming that If I ping from a server on the .20 network (and VLAN2), the traffic would flow.  As well, any traffic from other networks would flow as well?

What do I need to look into to better define the issue?

Thanks,

Rich

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-28-2016 09:29 AM

If you trunk the ports on the ESX host, you would need to to the same on the 7000 switches.

I am assuming you are using port e1/33 to connect to the ESX host, if this is the case you need to trunk this port as it is an access port now.

interface Ethernet1/33
 description S4010VH01 Nic1
 switchport mode trunk

switchport trunk allowed vlan 2, 22
  no shutdown

HTH

0 Helpful

richard.darlington
Level 1
Level 1
In response to Reza Sharifi

‎04-28-2016 12:38 PM

Reza,  thanks for the quick response...

Sorry, I did leave that off...

In addition to trunking 'all' on the switch port... On the ESX side I have a dvSwitch configured with a Mgmt distributed port group (not tagged traffic), and a dPG for VLAN2 and VLAN22. 

With the core switch set to trunk mode and not specifying specific vlans to allow through... I thought that traffic would at least flow through to the Mgmt port group which would allow me to ping the ESX server and see it within vCenter... and any VLAN tagged traffic for VLAN2 would go to the VMs in the VLAN2 port group (or the VLAN22 port group).  ??   As I said, with this configuration, I loose all connectivity to the server.

Rich

Edit:  I just thought of something else, the switch mgmt vlan is on network 172.26.x.x and the ESX mgmt port group is on the 10.10.20.x network!

If i move the ESX mgmt pg to 172.26.x.x I should be able to make this work... right?

0 Helpful
Customers Also Viewed These Support Documents