Cisco 3850 VLAN configuration with Juniper and VMware
hello Experts
i am facing a issue right now
i have Cisco 3850 core switch have a vlan configured for example Vlan22
port 1 confiugred as trunk mode, it connected with a Juniper SSG 550M firewall, Juniper port has sub interface confiugred in same vlan, communication between core switch and firewall sub interface without issue.
port 2 and 3 configured as trunk mode, it connected with a ESXi host, a virtual switch configured VLAN parameter in same vlan, two ports of ESXi host in the same virtual switch, communication between core switch and virtual machines without issues.
my problem is once i confiugred port channel for port 2 and 3, the virtual machines can't reach to the firewall, configuration is below, at the same time no any issue between core switch and firewall either between core switch between virtual machines, i have to remove the port channel config to fix it, so do you know whats wrong with it then? that looks not make sense.
thank you
interface Port-channel1
switchport mode trunk
interface GigabitEthernet1/0/2
description ESXi-VMNetwork
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet1/0/3
description ESXi-VMNetwork
switchport mode trunk
channel-group 1 mode on
i am facing a issue right now
i have Cisco 3850 core switch have a vlan configured for example Vlan22
port 1 confiugred as trunk mode, it connected with a Juniper SSG 550M firewall, Juniper port has sub interface confiugred in same vlan, communication between core switch and firewall sub interface without issue.
port 2 and 3 configured as trunk mode, it connected with a ESXi host, a virtual switch configured VLAN parameter in same vlan, two ports of ESXi host in the same virtual switch, communication between core switch and virtual machines without issues.
my problem is once i confiugred port channel for port 2 and 3, the virtual machines can't reach to the firewall, configuration is below, at the same time no any issue between core switch and firewall either between core switch between virtual machines, i have to remove the port channel config to fix it, so do you know whats wrong with it then? that looks not make sense.
thank you
interface Port-channel1
switchport mode trunk
interface GigabitEthernet1/0/2
description ESXi-VMNetwork
switchport mode trunk
channel-group 1 mode on
interface GigabitEthernet1/0/3
description ESXi-VMNetwork
switchport mode trunk
channel-group 1 mode on
ASKER
hello
this looks not for my case, once i get it configured virtual machine could not reach the firewall, connection to core switch is fine.
thank you
this looks not for my case, once i get it configured virtual machine could not reach the firewall, connection to core switch is fine.
thank you
If it works when you remove the port channel config, that tells me that your port-channel is configured incorrectly.
Why do you have the port-channel trunking? You can use them as access ports according to VMWare.
https://kb.vmware.com/s/article/1004048?
Why do you have the port-channel trunking? You can use them as access ports according to VMWare.
https://kb.vmware.com/s/article/1004048?
Configuring the port channel as a trunk will not effect connectivity as log as he is tagging vlans on his vswitch.
ASKER
hi Brad
because i need several vswitch, VMs to be under different VLAN, so i have to configure trunk mode,
thanks
because i need several vswitch, VMs to be under different VLAN, so i have to configure trunk mode,
thanks
ASKER
hi Soulja
i also think so, once have port channel configured, all network of VMs works well except VMs reach to the firewall.
any ideas?
thanks
i also think so, once have port channel configured, all network of VMs works well except VMs reach to the firewall.
any ideas?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi Soulja
thats great you lead me to get it fixed, i did try change the vswitch parameter Load Balancing to "Route base on IP Hash" with my core switch has port channel configured, then VMs could reach to the firewall, to be honest i don't know why but any way get my issue fixed.
thank you
thats great you lead me to get it fixed, i did try change the vswitch parameter Load Balancing to "Route base on IP Hash" with my core switch has port channel configured, then VMs could reach to the firewall, to be honest i don't know why but any way get my issue fixed.
thank you
ASKER
thank you
https://kb.vmware.com/s/article/1022751