Solved

VLAN will not work on ESX server

Posted on 2008-10-27
9
2,093 Views
Last Modified: 2012-05-07
I created a new port group attached to vSwitch1 with a VLAN ID of 4.  I have a guest machine that I moved from VLAN 3 to this new port group.  The guest machine can not talk to ANY computer on it's network although it can ping itself.  I get a "destination unreachable" when I try to ping anything else. If I move the guest back to VLAN 3 and redo the static IP everything works fine.

I've got VMWare ESX Server v3.5 and an HP Procurve 2848 switch.  I want to have multiple VLAN's on the ESX server. I have 3 NICS in a Link Aggregation Group with VLAN tagging enabled.  All servers virtual and physical on VLAN 3 can talk to each other and VLAN 2 no problemo.  The new VLAN 4 simply does not work!  The only other device on VLAN 4 is my router.  I can ping that router from any machine virtual or physical EXCEPT from the machine in this new port group (VLAN4)

I ran "esxcfg-vswitch -l" and everything looked perfect.  I've rebooted the host to no avail.
0
Comment
Question by:damien1234
  • 5
  • 4
9 Comments
 
LVL 22

Assisted Solution

by:65td
65td earned 400 total points
ID: 22820900
Ensure the port on the switch side is set up correctly for VLAN4.

Has this document been reviewed:
http://www.vmware.com/pdf/esx3_vlan_wp.pdf

0
 
LVL 1

Author Comment

by:damien1234
ID: 22821947
I have an untagged port on VLAN4 connected to the router.  The only real difference between Vlan4 and Vlan3 is the Link aggregation group connected to the ESX server is on VLAN3, but it is tagged.
0
 
LVL 22

Expert Comment

by:65td
ID: 22822141
Is there an available nic to test with?
0
 
LVL 1

Author Comment

by:damien1234
ID: 22822319
Yeah... I suppose I could remove one of the NIC's, create a new Vswitch and port group, and have all that live exclusively on VLAN4.  I was also thinking about moving another VM to the VLAN4 portgroup and testing whether the two VM's can ping each other.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 22

Expert Comment

by:65td
ID: 22824149
Just a thought, take one nic and use it for testing vlan4 and ensure that vlan can communicate with the rest of the network.

Moving a VM would be quick enough, I almost think they will ping each other.
0
 
LVL 1

Author Comment

by:damien1234
ID: 22831759
When I added another VM they could ping each other.  After I took a NIC and put this VM by itself everything worked fine.  I rebuilt the trunk (Link Aggregation Group) and added it to VLAN 3.  I did notice something funny in the switch though.  I can make a trunk and tag the trunk ports and join them to VLAN3, BUT the trunk also shows up as untagged in the default_vlan 1.  How can it be tagged and live on vlan3 AND be untagged and live on Vlan 1?  Is this default behaviour for the HP Procurve 2848?  I have installed the most recent firmware and I am following instructions created by HP regarding the creation of Link Aggregates and VLAN trunking.
0
 
LVL 22

Expert Comment

by:65td
ID: 22833295
Unfortunately we use cisco switches, so I'm not sure about the HP stuff.
0
 
LVL 1

Author Comment

by:damien1234
ID: 22835482
I made the assumption this was default behaviour which led me to the question "Do I need to specifically grant a link aggregate group rights on a VLAN?"  So I created a dummy group called TRK5.  I created a dummy VLANs 5 & 6.  I joined TRK5 to BOTH VLANS.  Now TRK5 shows up as a tagged port under each vlan in the switches GUI.  It also explains why the aggregate groups show up under the default vlan since that is usually used for various switch business.  Tonight I will test this setup on my real vlans and see if it works..... I have a feeling it will.
0
 
LVL 1

Accepted Solution

by:
damien1234 earned 0 total points
ID: 22836876
Success!  A Link Aggregration Group (LAG) (HP calls them trunks) on a procurve switch must be added to every VLAN for which it will receive traffic despite the fact that the ports are tagged for any given VLAN.  Additionally each trunk (LAG) is automatically set to "No" for each VLAN created or configured and must be manually changed to "Tagged" or "Untagged".  This must be done from the console.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now