Solved

Any reason why the service console is not reachable outside its own VLAN

Posted on 2007-11-26
12
981 Views
Last Modified: 2012-05-05
I have 2 recently built VMWare ESX3.x servers.  All appeared to be fine on them when I set them up in our server room, i.e. I could access the service console for configuration and building of VM's etc.

I have now relocated to my office and desktop PC, which is on a different VLAN to the ESX servers and the servcie console is not reachable (via ping's of SSH connections).   So ... In summary the service console can only be reached via machines on the same VLAN as the service console.

I have made an SSH session on to the service console and done a ping to my desktop (and several other devices across several VLANS) which responds fine, thus proving the networking and defualt gateway is set up fine.  ALSO when I ping my desktop PC from the service console it appears to open up a hole in the firewall and enables me to access the service console from my desktop PC (shortly after I kill the ping my desktop PC loses the access to service console again).

There doesn't appear to be anything in our network set-up that would cause problems like this, is there something in ESX I need to configure, for example a firewall setting  ?
0
Comment
Question by:stemc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 6

Expert Comment

by:MorDrakka
ID: 20350193
Hi,

On a limb here, but is your physical switch port configured as a trunk port ?

M
0
 

Author Comment

by:stemc
ID: 20350306
Yes.

Some additional info ....

I have the service console connected to a vswitch which uses VMNic's 0, 1 & 2.

VMNic 0 is active with VMNic's 1& 2 as stand-by.  All ports are configured identically (all ports configured as trunks).

Any virtual server also on the same Vswitch (using VMnics's 1 & 2 as active with 0 as standby) work and behave fine, i.e. reachable from any VLAN.
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20361620
Did you assign the VLAN also to the portgroup where the service console is connected to?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:stemc
ID: 20364802
WeHe, thanks for the reply .....

Yes I have the VLAN configured on the same portgroup (the name is VLAN 230).

The VLAN 230 uses vnic 1 & 2 and the service console uses vnic 0 (with vmnic 1 & 2 as standby).  
0
 
LVL 11

Expert Comment

by:WeHe
ID: 20364870
Your answer is confusing me a little.
Which portgroup is the service console connected to? and which VLAN is configured for that pg?
Which portgroup are the virtual servers connected to? and which VLAN is configured for that pg?
0
 

Author Comment

by:stemc
ID: 20364937
Yep, it was a little confusing ...

I have a vswitch (vSwitch0) with 3 network cards assigned to it and active (vmnic 0, 1 & 2).  

This vswitch has 2 VLAN's configured on it : Vlan 230 and Vlan 231, I have servers assigned to both of these VLans and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it, the ip address for it is from the 230 Vlan and the VLAN ID (Optional) setting in the service console properties is set to 230.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The VLANS 230 & 231 use vnic's 1 & 2, with vnic 0 set to unused.

Hope this makes sense !

0
 
LVL 11

Expert Comment

by:WeHe
ID: 20365033
I am sorry but you can not assign a vlan to a vSwitch.
It is allways assigned to a portgroup.
Also VM's are not assigned to a vSwitch, they are assigned to portgroups.
0
 

Author Comment

by:stemc
ID: 20365134
Sorry, I'm not up to speed on the terminology yet, it should have read :

This vswitch has 2 port Groups configured on it, named Vlan_230 and Vlan_231, I have servers assigned to both of these port groups and they are working fine, respond to ping's and RDP sessions from anywhere on our WAN.  

The vswitch also has the Service Console assigned to it,the VLAN ID (Optional) setting in the service console properties is set to use 230, the same VLAN ID that protgroup VLan_230 is using.

Service console uses vnic 0  with vnic 1 & 2 as standby.   The port groups  VLAN_230 & VLAN_231 use vnic's 1 & 2, with vnic 0 set to unused.
0
 
LVL 11

Assisted Solution

by:WeHe
WeHe earned 250 total points
ID: 20365180
Did you try to use vnic1 for Service console ?
The same issues?
0
 

Author Comment

by:stemc
ID: 20365777
Yes I have tried all vnic's indvidually assigning as active to the service console, still get no response from any PC other than those on the same VLAN as the service console.
0
 
LVL 11

Accepted Solution

by:
WeHe earned 250 total points
ID: 20367106
Strange behaiving.
log into the service console and compare "iptables-save" results with a working one.
compare "esxcfg-vswif -l", "esxcfg-route -l" and  "esxcfg-vmknic -l".
and finaly, how sure are you about your network?
an at this point i am out of ideas.
reinstall this server completle :)
0
 

Author Closing Comment

by:stemc
ID: 31410972
the problem was caused by the secondary service console (added as a backdoor in case there was a problem with the primary service console) .  It had a type on the subnetmask of the vwitch is was connect to, this caused all the issues.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question