sunhux
asked on
C2960 link is Up but VMs in ESX hosts can't ping out
Refer to attached screen.
We have a pair of C2960-48TS L2 stacked switches
that connects to our ESXi hosts. The management
& vMotion ports on the ESXi hosts are connected
to access (ie non-trunked) ports on these switches
& they're Ok (ie management ports could be pinged
from elsewhere).
However, for the Prod VLANs, we connect up to
trunked ports on these switches but we could only
see VLAN 1 in the dvSwitch (see attached).
There are VMs in each of the four VLans permitted
in the trunked ports but all the VMs can't even
ping their respective VLANs' gateways.
The network guys told me I cannot set
"switchport trunk encapsulation dot1q" on the
trunked interfaces on the switches as this command
is by default (or implicitly) enabled on this L2 C2960
switch model.
The vmnics that connect to these switches' trunked
ports in the vCenter showed they're down. In another
site's setup (same model of switch & ESXi hosts) where
all the ports on the switches are set to 'non-trunk' (ie
access ports), we can see all the four VLANs in vCenter
(refer to attached) though each vmnic only showed one
VLAN (ie certain ports showed VLAN 139, certain other
ports showed 423, yet other ports showed VLan 452).
We've tried to set duplex & speed to auto as well as
to "full" & "1000 M", no joy.
Q1:
Why is it all my VMs can't ping their respective VLANs'
gateways? What did I miss? Is there such thing in
the ESXi hosts that we set trunked ports or something
needs to be done in the IBM x3850 X5's BIOS setting?
I heard that in another project, they used C3750 stacked
switches which allows "switchport trunk encapsulation
dot1q" & they did not face this issue.
Q2:
The CCNP chaps told me to set my hosts (or my test
laptop running Win XP) NIC port to trunk & connect to
the switches' ports to test. How do I do this?
"Line protocol" is Up on all the trunked ports but
simply traffic can't get through. I still want trunk
ports & not access ports as need to allow multiple
VLANs on each interface
The CCNP chaps who manage the C2960 layer 2 switches told
me for this model of switch, all trunked ports would have
"switchport trunk encapsulation dot1q" implicitly enabled by
default though the switch disallows this command from
being entered
"Show run" outputs of the trunked ports on the switches:
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/1
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/2
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
. . .
dvSwitchVlan1.jpg
Sproblem-dvSwitch.jpg
Sproblem-dvSwitchProperts1.jpg
Sproblem-dvSwitchProperts2.jpg
Sproblem-dvSwitch-NetwAdp.jpg
Sproblem-dvSwitch-PteVlan.jpg
Sproblem-dvSwitch-Portmirrg.jpg
We have a pair of C2960-48TS L2 stacked switches
that connects to our ESXi hosts. The management
& vMotion ports on the ESXi hosts are connected
to access (ie non-trunked) ports on these switches
& they're Ok (ie management ports could be pinged
from elsewhere).
However, for the Prod VLANs, we connect up to
trunked ports on these switches but we could only
see VLAN 1 in the dvSwitch (see attached).
There are VMs in each of the four VLans permitted
in the trunked ports but all the VMs can't even
ping their respective VLANs' gateways.
The network guys told me I cannot set
"switchport trunk encapsulation dot1q" on the
trunked interfaces on the switches as this command
is by default (or implicitly) enabled on this L2 C2960
switch model.
The vmnics that connect to these switches' trunked
ports in the vCenter showed they're down. In another
site's setup (same model of switch & ESXi hosts) where
all the ports on the switches are set to 'non-trunk' (ie
access ports), we can see all the four VLANs in vCenter
(refer to attached) though each vmnic only showed one
VLAN (ie certain ports showed VLAN 139, certain other
ports showed 423, yet other ports showed VLan 452).
We've tried to set duplex & speed to auto as well as
to "full" & "1000 M", no joy.
Q1:
Why is it all my VMs can't ping their respective VLANs'
gateways? What did I miss? Is there such thing in
the ESXi hosts that we set trunked ports or something
needs to be done in the IBM x3850 X5's BIOS setting?
I heard that in another project, they used C3750 stacked
switches which allows "switchport trunk encapsulation
dot1q" & they did not face this issue.
Q2:
The CCNP chaps told me to set my hosts (or my test
laptop running Win XP) NIC port to trunk & connect to
the switches' ports to test. How do I do this?
"Line protocol" is Up on all the trunked ports but
simply traffic can't get through. I still want trunk
ports & not access ports as need to allow multiple
VLANs on each interface
The CCNP chaps who manage the C2960 layer 2 switches told
me for this model of switch, all trunked ports would have
"switchport trunk encapsulation dot1q" implicitly enabled by
default though the switch disallows this command from
being entered
"Show run" outputs of the trunked ports on the switches:
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/1
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
interface GigabitEthernet2/0/2
switchport trunk allowed vlan 139,423,452,454
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
flowcontrol receive desired
spanning-tree portfast trunk
spanning-tree bpdufilter enable
end
. . .
dvSwitchVlan1.jpg
Sproblem-dvSwitch.jpg
Sproblem-dvSwitchProperts1.jpg
Sproblem-dvSwitchProperts2.jpg
Sproblem-dvSwitch-NetwAdp.jpg
Sproblem-dvSwitch-PteVlan.jpg
Sproblem-dvSwitch-Portmirrg.jpg
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you place all the VLANs in the same port group you need to set it up as a static trunk port. Perhaps since it's layer 2 it may need a router or a L3 switch to link up to.
ASKER
How do I enable the above? Pls provide step by step instruction.
Port Channel doesn't work.
When I change the Cisco switches' interfaces to non-trunk (ie access
ports), I found that I'll need one PortGroup for each VLAN: if I place
all the VLANs into one single PortGroup, it won't work too.
Is this an issue with my L2 C2960 switch? Last year, with L3
C3750, was able to work with trunk interfaces & STP