sunhux
asked on
No traffic over trunked ports on C2960 ; non-trunked access ports Ok on ESXi hosts
Refer to attached screen.
We have a pair of C2960-48TS L2 stacked switches
that connects to our ESXi hosts. The management
& vMotion ports on the ESXi hosts are connected
to access (ie non-trunked) ports on these switches
& they're Ok (ie management ports could be pinged
from elsewhere).
However, for the Prod VLANs, we connect up to
trunked ports on these switches but we could only
see VLAN 1 in the dvSwitch (see attached).
There are VMs in each of the four VLans permitted
in the trunked ports but all the VMs can't even
ping their respective VLANs' gateways.
The network guys told me I cannot set
"switchport trunk encapsulation dot1q" on the
trunked interfaces on the switches as this command
is by default (or implicitly) enabled on this L2 C2960
switch.
The vmnics that connect to these switches' trunked
ports in the vCenter showed they're down. In another
site's setup (same model of switch & ESXi hosts) where
all the ports on the switches are set to 'non-trunk' (ie
access ports), we can see all the four VLANs in vCenter
(refer to attached) though each vmnic only showed one
VLAN (ie certain ports showed VLAN 139, certain other
ports showed 423, yet other ports showed VLan 452).
Why is it all my VMs can't ping their respective VLANs'
gateways? What did I miss? Is there such thing in
the ESXi hosts that we set trunked ports or something
needs to be done in the IBM x3850 X5's BIOS setting?
I heard that in another project, they used C3750 stacked
switches which allows "switchport trunk encapsulation
dot1q" & they did not face this issue.
"Show run" outputs of the trunked ports on the switches:
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/1
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/2
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
. . .
dvSwitchVlan1.jpg
We have a pair of C2960-48TS L2 stacked switches
that connects to our ESXi hosts. The management
& vMotion ports on the ESXi hosts are connected
to access (ie non-trunked) ports on these switches
& they're Ok (ie management ports could be pinged
from elsewhere).
However, for the Prod VLANs, we connect up to
trunked ports on these switches but we could only
see VLAN 1 in the dvSwitch (see attached).
There are VMs in each of the four VLans permitted
in the trunked ports but all the VMs can't even
ping their respective VLANs' gateways.
The network guys told me I cannot set
"switchport trunk encapsulation dot1q" on the
trunked interfaces on the switches as this command
is by default (or implicitly) enabled on this L2 C2960
switch.
The vmnics that connect to these switches' trunked
ports in the vCenter showed they're down. In another
site's setup (same model of switch & ESXi hosts) where
all the ports on the switches are set to 'non-trunk' (ie
access ports), we can see all the four VLANs in vCenter
(refer to attached) though each vmnic only showed one
VLAN (ie certain ports showed VLAN 139, certain other
ports showed 423, yet other ports showed VLan 452).
Why is it all my VMs can't ping their respective VLANs'
gateways? What did I miss? Is there such thing in
the ESXi hosts that we set trunked ports or something
needs to be done in the IBM x3850 X5's BIOS setting?
I heard that in another project, they used C3750 stacked
switches which allows "switchport trunk encapsulation
dot1q" & they did not face this issue.
"Show run" outputs of the trunked ports on the switches:
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/1
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/2
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
. . .
dvSwitchVlan1.jpg
ASKER
If trunking is removed, it would work but a non-trunked
(ie access) ports only allow one VLAN, right?
(ie access) ports only allow one VLAN, right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So how exactly do I solve this issue?
Is this a Cisco C2960 issue that needs to be rectified
or it's something I can do in vCenter?
>does not look like traffic is tagged on the VLANs
how do we tag the traffic then?
Is this a Cisco C2960 issue that needs to be rectified
or it's something I can do in vCenter?
>does not look like traffic is tagged on the VLANs
how do we tag the traffic then?
ASKER
We've verified that on C2960, the command below can't be accepted:
switchport trunk encapsulation dot1q
switchport trunk encapsulation dot1q
So how does your switch Tag VLAN traffic?
ASKER
The network chaps who manage the C2960 layer 2 switches told
me for this model of switch, all trunked ports would have
"switchport trunk encapsulation dot1q" implicitly enabled by
default though the switch disallows this command from
being entered
me for this model of switch, all trunked ports would have
"switchport trunk encapsulation dot1q" implicitly enabled by
default though the switch disallows this command from
being entered
ASKER
So by this implicit 'encap dot1q' does it mean VLan tagging
is automatically done?
is automatically done?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Those IBM chaps who support the network switches are CCNPs;
they insisted this connectivity issue lies with ESXi hosts end but
the ESXi hosts' chaps are VCPs
they insisted this connectivity issue lies with ESXi hosts end but
the ESXi hosts' chaps are VCPs
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So how do I bridge the ESXi's NIC to the switches?
As last resort, may need to set all ports to access (ie non-trunk)
ports & designate certain VLAN to certain port, say we have
8 switch/NIC ports, each VLAN gets 2 ports
As last resort, may need to set all ports to access (ie non-trunk)
ports & designate certain VLAN to certain port, say we have
8 switch/NIC ports, each VLAN gets 2 ports
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
> why are you teaming all those NICs on a single vSwitch with all those vlans?
thanks btassure for replying to Netman66
> Duplex and Speed to Auto/Auto
The IBM CCNPs told me they've tried both auto as well as fixed settings (ie
Duplex Full & Speed 1000M). Question is why are the non-trunk ports Ok
with these fixed settings?
Ok, attached are the various Properties screen shots of the dvSwitch
as requested. Let me know any other screens/info that's needed as
customer is getting impatient. There are 3 ESXi hosts
Sproblem-dvSwitch.jpg
Sproblem-dvSwitchProperts1.jpg
Sproblem-dvSwitchProperts2.jpg
Sproblem-dvSwitch-NetwAdp.jpg
Sproblem-dvSwitch-PteVlan.jpg
Sproblem-dvSwitch-Portmirrg.jpg
thanks btassure for replying to Netman66
> Duplex and Speed to Auto/Auto
The IBM CCNPs told me they've tried both auto as well as fixed settings (ie
Duplex Full & Speed 1000M). Question is why are the non-trunk ports Ok
with these fixed settings?
Ok, attached are the various Properties screen shots of the dvSwitch
as requested. Let me know any other screens/info that's needed as
customer is getting impatient. There are 3 ESXi hosts
Sproblem-dvSwitch.jpg
Sproblem-dvSwitchProperts1.jpg
Sproblem-dvSwitchProperts2.jpg
Sproblem-dvSwitch-NetwAdp.jpg
Sproblem-dvSwitch-PteVlan.jpg
Sproblem-dvSwitch-Portmirrg.jpg
ASKER
Any other ideas from the experts?
ASKER
simply traffic can't get through. I still want trunk
ports & not access ports as need to allow multiple
VLANs on each interface