[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 984
  • Last Modified:

Any reason why the service console is not reachable outside its own VLAN

I have 2 recently built VMWare ESX3.x servers.  All appeared to be fine on them when I set them up in our server room, i.e. I could access the service console for configuration and building of VM's etc.

I have now relocated to my office and desktop PC, which is on a different VLAN to the ESX servers and the servcie console is not reachable (via ping's of SSH connections).   So ... In summary the service console can only be reached via machines on the same VLAN as the service console.

I have made an SSH session on to the service console and done a ping to my desktop (and several other devices across several VLANS) which responds fine, thus proving the networking and defualt gateway is set up fine.  ALSO when I ping my desktop PC from the service console it appears to open up a hole in the firewall and enables me to access the service console from my desktop PC (shortly after I kill the ping my desktop PC loses the access to service console again).

There doesn't appear to be anything in our network set-up that would cause problems like this, is there something in ESX I need to configure, for example a firewall setting  ?
0
stemc
Asked:
stemc
  • 6
  • 5
2 Solutions
 
MorDrakkaCommented:
Hi,

On a limb here, but is your physical switch port configured as a trunk port ?

M
0
 
stemcAuthor Commented:
Yes.

Some additional info ....

I have the service console connected to a vswitch which uses VMNic's 0, 1 & 2.

VMNic 0 is active with VMNic's 1& 2 as stand-by.  All ports are configured identically (all ports configured as trunks).

Any virtual server also on the same Vswitch (using VMnics's 1 & 2 as active with 0 as standby) work and behave fine, i.e. reachable from any VLAN.
0
 
WeHeCommented:
Did you assign the VLAN also to the portgroup where the service console is connected to?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
stemcAuthor Commented:
WeHe, thanks for the reply .....

Yes I have the VLAN configured on the same portgroup (the name is VLAN 230).

The VLAN 230 uses vnic 1 & 2 and the service console uses vnic 0 (with vmnic 1 & 2 as standby).  
0
 
WeHeCommented:
Your answer is confusing me a little.
Which portgroup is the service console connected to? and which VLAN is configured for that pg?
Which portgroup are the virtual servers connected to? and which VLAN is configured for that pg?
0
 
stemcAuthor Commented:
Yep, it was a little confusing ...

I have a vswitch (vSwitch0) with 3 network cards assigned to it and active (vmnic 0, 1 & 2).  

This vswitch has 2 VLAN's configured on it : Vlan 230 and Vlan 231, I have servers assigned to both of these VLans and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it, the ip address for it is from the 230 Vlan and the VLAN ID (Optional) setting in the service console properties is set to 230.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The VLANS 230 & 231 use vnic's 1 & 2, with vnic 0 set to unused.

Hope this makes sense !

0
 
WeHeCommented:
I am sorry but you can not assign a vlan to a vSwitch.
It is allways assigned to a portgroup.
Also VM's are not assigned to a vSwitch, they are assigned to portgroups.
0
 
stemcAuthor Commented:
Sorry, I'm not up to speed on the terminology yet, it should have read :

This vswitch has 2 port Groups configured on it, named Vlan_230 and Vlan_231, I have servers assigned to both of these port groups and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it,the VLAN ID (Optional) setting in the service console properties is set to use 230, the same VLAN ID that protgroup VLan_230 is using.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The port groups  VLAN_230 & VLAN_231 use vnic's 1 & 2, with vnic 0 set to unused.
0
 
WeHeCommented:
Did you try to use vnic1 for Service console ?
The same issues?
0
 
stemcAuthor Commented:
Yes I have tried all vnic's indvidually assigning as active to the service console, still get no response from any PC other than those on the same VLAN as the service console.
0
 
WeHeCommented:
Strange behaiving.
log into the service console and compare "iptables-save" results with a working one.
compare "esxcfg-vswif -l", "esxcfg-route -l" and  "esxcfg-vmknic -l".
and finaly, how sure are you about your network?
an at this point i am out of ideas.
reinstall this server completle :)
0
 
stemcAuthor Commented:
the problem was caused by the secondary service console (added as a backdoor in case there was a problem with the primary service console) .  It had a type on the subnetmask of the vwitch is was connect to, this caused all the issues.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now