?
Solved

Any reason why the service console is not reachable outside its own VLAN

Posted on 2007-11-26
12
Medium Priority
?
982 Views
Last Modified: 2012-05-05
I have 2 recently built VMWare ESX3.x servers.  All appeared to be fine on them when I set them up in our server room, i.e. I could access the service console for configuration and building of VM's etc.

I have now relocated to my office and desktop PC, which is on a different VLAN to the ESX servers and the servcie console is not reachable (via ping's of SSH connections).   So ... In summary the service console can only be reached via machines on the same VLAN as the service console.

I have made an SSH session on to the service console and done a ping to my desktop (and several other devices across several VLANS) which responds fine, thus proving the networking and defualt gateway is set up fine.  ALSO when I ping my desktop PC from the service console it appears to open up a hole in the firewall and enables me to access the service console from my desktop PC (shortly after I kill the ping my desktop PC loses the access to service console again).

There doesn't appear to be anything in our network set-up that would cause problems like this, is there something in ESX I need to configure, for example a firewall setting  ?
0
Comment
Question by:stemc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 6

Expert Comment

by:MorDrakka
ID: 20350193
Hi,

On a limb here, but is your physical switch port configured as a trunk port ?

M
0
 

Author Comment

by:stemc
ID: 20350306
Yes.

Some additional info ....

I have the service console connected to a vswitch which uses VMNic's 0, 1 & 2.

VMNic 0 is active with VMNic's 1& 2 as stand-by.  All ports are configured identically (all ports configured as trunks).

Any virtual server also on the same Vswitch (using VMnics's 1 & 2 as active with 0 as standby) work and behave fine, i.e. reachable from any VLAN.
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20361620
Did you assign the VLAN also to the portgroup where the service console is connected to?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:stemc
ID: 20364802
WeHe, thanks for the reply .....

Yes I have the VLAN configured on the same portgroup (the name is VLAN 230).

The VLAN 230 uses vnic 1 & 2 and the service console uses vnic 0 (with vmnic 1 & 2 as standby).  
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20364870
Your answer is confusing me a little.
Which portgroup is the service console connected to? and which VLAN is configured for that pg?
Which portgroup are the virtual servers connected to? and which VLAN is configured for that pg?
0
 

Author Comment

by:stemc
ID: 20364937
Yep, it was a little confusing ...

I have a vswitch (vSwitch0) with 3 network cards assigned to it and active (vmnic 0, 1 & 2).  

This vswitch has 2 VLAN's configured on it : Vlan 230 and Vlan 231, I have servers assigned to both of these VLans and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it, the ip address for it is from the 230 Vlan and the VLAN ID (Optional) setting in the service console properties is set to 230.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The VLANS 230 & 231 use vnic's 1 & 2, with vnic 0 set to unused.

Hope this makes sense !

0
 
LVL 11

Expert Comment

by:WeHe
ID: 20365033
I am sorry but you can not assign a vlan to a vSwitch.
It is allways assigned to a portgroup.
Also VM's are not assigned to a vSwitch, they are assigned to portgroups.
0
 

Author Comment

by:stemc
ID: 20365134
Sorry, I'm not up to speed on the terminology yet, it should have read :

This vswitch has 2 port Groups configured on it, named Vlan_230 and Vlan_231, I have servers assigned to both of these port groups and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it,the VLAN ID (Optional) setting in the service console properties is set to use 230, the same VLAN ID that protgroup VLan_230 is using.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The port groups  VLAN_230 & VLAN_231 use vnic's 1 & 2, with vnic 0 set to unused.
0
 
LVL 11

Assisted Solution

by:WeHe
WeHe earned 750 total points
ID: 20365180
Did you try to use vnic1 for Service console ?
The same issues?
0
 

Author Comment

by:stemc
ID: 20365777
Yes I have tried all vnic's indvidually assigning as active to the service console, still get no response from any PC other than those on the same VLAN as the service console.
0
 
LVL 11

Accepted Solution

by:
WeHe earned 750 total points
ID: 20367106
Strange behaiving.
log into the service console and compare "iptables-save" results with a working one.
compare "esxcfg-vswif -l", "esxcfg-route -l" and  "esxcfg-vmknic -l".
and finaly, how sure are you about your network?
an at this point i am out of ideas.
reinstall this server completle :)
0
 

Author Closing Comment

by:stemc
ID: 31410972
the problem was caused by the secondary service console (added as a backdoor in case there was a problem with the primary service console) .  It had a type on the subnetmask of the vwitch is was connect to, this caused all the issues.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question