Solved

Any reason why the service console is not reachable outside its own VLAN

Posted on 2007-11-26
12
980 Views
Last Modified: 2012-05-05
I have 2 recently built VMWare ESX3.x servers.  All appeared to be fine on them when I set them up in our server room, i.e. I could access the service console for configuration and building of VM's etc.

I have now relocated to my office and desktop PC, which is on a different VLAN to the ESX servers and the servcie console is not reachable (via ping's of SSH connections).   So ... In summary the service console can only be reached via machines on the same VLAN as the service console.

I have made an SSH session on to the service console and done a ping to my desktop (and several other devices across several VLANS) which responds fine, thus proving the networking and defualt gateway is set up fine.  ALSO when I ping my desktop PC from the service console it appears to open up a hole in the firewall and enables me to access the service console from my desktop PC (shortly after I kill the ping my desktop PC loses the access to service console again).

There doesn't appear to be anything in our network set-up that would cause problems like this, is there something in ESX I need to configure, for example a firewall setting  ?
0
Comment
Question by:stemc
  • 6
  • 5
12 Comments
 
LVL 6

Expert Comment

by:MorDrakka
ID: 20350193
Hi,

On a limb here, but is your physical switch port configured as a trunk port ?

M
0
 

Author Comment

by:stemc
ID: 20350306
Yes.

Some additional info ....

I have the service console connected to a vswitch which uses VMNic's 0, 1 & 2.

VMNic 0 is active with VMNic's 1& 2 as stand-by.  All ports are configured identically (all ports configured as trunks).

Any virtual server also on the same Vswitch (using VMnics's 1 & 2 as active with 0 as standby) work and behave fine, i.e. reachable from any VLAN.
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20361620
Did you assign the VLAN also to the portgroup where the service console is connected to?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:stemc
ID: 20364802
WeHe, thanks for the reply .....

Yes I have the VLAN configured on the same portgroup (the name is VLAN 230).

The VLAN 230 uses vnic 1 & 2 and the service console uses vnic 0 (with vmnic 1 & 2 as standby).  
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20364870
Your answer is confusing me a little.
Which portgroup is the service console connected to? and which VLAN is configured for that pg?
Which portgroup are the virtual servers connected to? and which VLAN is configured for that pg?
0
 

Author Comment

by:stemc
ID: 20364937
Yep, it was a little confusing ...

I have a vswitch (vSwitch0) with 3 network cards assigned to it and active (vmnic 0, 1 & 2).  

This vswitch has 2 VLAN's configured on it : Vlan 230 and Vlan 231, I have servers assigned to both of these VLans and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it, the ip address for it is from the 230 Vlan and the VLAN ID (Optional) setting in the service console properties is set to 230.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The VLANS 230 & 231 use vnic's 1 & 2, with vnic 0 set to unused.

Hope this makes sense !

0
 
LVL 11

Expert Comment

by:WeHe
ID: 20365033
I am sorry but you can not assign a vlan to a vSwitch.
It is allways assigned to a portgroup.
Also VM's are not assigned to a vSwitch, they are assigned to portgroups.
0
 

Author Comment

by:stemc
ID: 20365134
Sorry, I'm not up to speed on the terminology yet, it should have read :

This vswitch has 2 port Groups configured on it, named Vlan_230 and Vlan_231, I have servers assigned to both of these port groups and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it,the VLAN ID (Optional) setting in the service console properties is set to use 230, the same VLAN ID that protgroup VLan_230 is using.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The port groups  VLAN_230 & VLAN_231 use vnic's 1 & 2, with vnic 0 set to unused.
0
 
LVL 11

Assisted Solution

by:WeHe
WeHe earned 250 total points
ID: 20365180
Did you try to use vnic1 for Service console ?
The same issues?
0
 

Author Comment

by:stemc
ID: 20365777
Yes I have tried all vnic's indvidually assigning as active to the service console, still get no response from any PC other than those on the same VLAN as the service console.
0
 
LVL 11

Accepted Solution

by:
WeHe earned 250 total points
ID: 20367106
Strange behaiving.
log into the service console and compare "iptables-save" results with a working one.
compare "esxcfg-vswif -l", "esxcfg-route -l" and  "esxcfg-vmknic -l".
and finaly, how sure are you about your network?
an at this point i am out of ideas.
reinstall this server completle :)
0
 

Author Closing Comment

by:stemc
ID: 31410972
the problem was caused by the secondary service console (added as a backdoor in case there was a problem with the primary service console) .  It had a type on the subnetmask of the vwitch is was connect to, this caused all the issues.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question