Solved: KenNo problem, at least now

maguro403 · ‎01-26-2015

Hi,

I was wondering if I could get some advice regarding an issue I'm having. I'm sure it's something really trivial but it's been really bugging me to the point where I'm losing sleep. :)

I'm just playing around with ESXi 5.5 and I'm trying to route traffic between two VM's which are on different Vlans. (I attached a network diagram from vSphere.)

I have the cable plugged into the FE8 port on a Cisco 892 which is configured as below.

I'm testing connectivity using the ping command, which fails when I try to ping each other. (I've altered the appropriate settings to Win7 and ESXi to allow for pinging and I've cleared the arpcache.)

I've configured both VMs to use the subinterfaces as their gateways and I can ping those from the VMs. I can even ping the other gateway but nothing further.

"show ip route" on the 892 shows that it can see the 10.0.10.0/25 on interface FE8.10 and 10.0.20.0 on interface FE8.20.

I'm thinking it must be an ESXi thing or just plain stupidity on my part. Most likely the latter...

-----

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco892
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
ip source-route
--More--         !
!
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FGL154123NY
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
--More--          encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
--More--         interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
!
interface FastEthernet8.10
description Vlan 10 from ESXi
encapsulation dot1Q 10
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet8.20
description Vlan 20 from ESXi
encapsulation dot1Q 20
ip address 10.0.20.1 255.255.255.0
!
interface GigabitEthernet0
--More--          no ip address
shutdown
duplex auto
speed auto
!
!
interface Vlan1
no ip address
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
--More--          !
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

Jon Marshall · ‎01-27-2015

If you can ping the other gateway as you say then virtually every time this is a firewall issue on the end device itself because by pinging the other gateway that proves it is routing between vlans.

What happens when you try to ping either server from the router ?

Jon

View solution in original post

Jon Marshall · ‎01-27-2015

If you can ping the other gateway as you say then virtually every time this is a firewall issue on the end device itself because by pinging the other gateway that proves it is routing between vlans.

What happens when you try to ping either server from the router ?

Jon

maguro403 · ‎01-27-2015

Jon,

Thanks for the prompt reply.

I can ping both servers from the router.

However, if I use (for example) : ping ip 10.0.10.101 source 10.0.20.1, it fails. (10.0.10.101 being my VM on vlan 10 and 10.0.20.1 being the subinterface for vlan 20 on my router)

Jon Marshall · ‎01-27-2015

You may find that you cannot remove the subinterfaces with "no int fa8.x".

If so just remove the IP address and the encapsulation command and shut the subinterface down.

Jon

Jon Marshall · ‎01-27-2015

I've not used this router but I don't think this is how you set it up because the port you are using is L2 only as far as I know and not L3.

So can you modify your configuration and try this -

no int fa8.10
no int fa8.20

int fa8
switchport
switchport trunk encapsulation dot1q <--- if this isn't available don't worry, just ignore
switchport mode trunk

int vlan 10
ip address 10.10.10.1 255.255.255.0
no shut

int vlan 20
ip address 10.10.20.1 255.255.255.0
no shut

Jon

maguro403 · ‎01-27-2015

Jon,

This switch actually uses fa8 as a routable interface. Therefore, the switchport command is unavailable for this interface.

After posting my message last night, I actually pulled out a Cisco 3560G and configured two vlans (without configuring svi's and routing so it was just a layer 2 switch). I then plugged in 2 physical computers on different subnets into each vlan and used one port as a trunk to my Cisco 892 as a ROAS.

The router worked fine but when I swapped cables and plugged in the cable from my ESXi host, it wasn't able to route.

I guess it must be an ESXi thing. I'll try posting on the Vmware forum. :(

Ken.

Jon Marshall · ‎01-27-2015

Ken

My apologies, I didn't realise that.

Thanks for letting me know.

Jon

maguro403 · ‎01-27-2015

Jon,

I turned off Windows firewall altogether on both VMs and it's working.

I thought allowing ICMP was enough but I guess it wasn't. I'll work on isolating the exact settings but in the meantime, I'd like to thank you for restoring my sanity. :)

Jon Marshall · ‎01-27-2015

Ken

No problem, at least now you can sleep easy :-)

Jon

Routing on a stick & ESXi