Comware Based
1748067 Members
5462 Online
108758 Solutions
New Discussion

Unpingable VLAN interface

 
clarkimusprime
Occasional Visitor

Unpingable VLAN interface

Hopefully someone can help provide direction.  I have a pair of A5820s in an IRF group and a pair of A5800s in a second IRF group.  The groups are connected with a LAG which permits all VLANs.  There are mutliple VLANs configured, but I will focus on one of them for troubleshooting.  I have 3 ESXi servers each with 2 10GB connections to the switches.  The ports are configured as trunk ports with appropriate VLANs permitted.

On the ESXi servers, there is a distributed virtual switch with 3 port groups - 1 per VLAN. vmkernel interfaces for each traffic type are created and are in each port group with an IP assigned.  My question/symptoms are this:

  • VLAN 1 on the first IRF group (10GB) has an ip address of 10.0.2.211.
  • VLAN 1 on the second IRF group (1GB) has an ip address of 10.0.2.213.
  • The ESXi servers have a port group for management on a virtual switch.  This port group specifies VLAN 1.
  • The vmkernel nic of the first server for management has an ip address of 10.0.2.215; .216 and .217 for the other two.
  • From the first host, I can ping the other management IPs (.216 and .217).  I can also ping the VLAN interface for VLAN 1 on the remote IRF group (.213).  I can not ping the VLAN interface for VLAN 1 on my locally-connected IRF group (.211).

Relevant config sections on the first IRF switch group below:

interface Vlan-interface1
ip address 10.0.2.211 255.0.0.0

interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094

interface Ten-GigabitEthernet2/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094
#
interface Ten-GigabitEthernet2/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094
#
interface Ten-GigabitEthernet2/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 102 106 202
port trunk pvid vlan 4094

 

Any insight on why I can not ping the VLAN interface(s) of my locally connected VLANs?

7 REPLIES 7
John Gelten
Regular Advisor

Re: Unpingable VLAN interface

The ESXi hosts are connected to both switch-pairs I assume, if so - are all links actively used by the portgroups ?

Are the VLANs tagged on the links to the servers, if so - I could imagine the fact you are using PVID 4094 on the link between the switches might be important.

No VRRP or anything in your config ?

Can you ping between both switches, and from both switches to the ESXi-hosts ?

Is there an ARP entry in the ESXi-hosts for the unpingable switch after you tried to ping ?

 

All questions and no answers yet, I am afraid... 

;-)

 

regnander
Occasional Contributor

Re: Unpingable VLAN interface

Hi,

 

I have a similar issue.

 

When moving an IP adress to a VLAN interface from a route port i cannot ping the interface.

 

Anything else in the same subnet is reachable.

http://h30499.www3.hp.com/t5/A-Series/A5500-VLAN-interface-config-issue/td-p/5558501

 

//regnander

Michael A. McKenney
Respected Contributor

Re: Unpingable VLAN interface

Do you have that port tagged for that VLAN?

L1nklight
Valued Contributor

Re: Unpingable VLAN interface

I am a newbie to the A-Series switches (well, to be honest HP switches in general) but could it have something to do with the fact that you are using VLAN 1? Do HP switches reserve VLAN 1 for a special purpose as the default vlan?

 

 

Michael A. McKenney
Respected Contributor

Re: Unpingable VLAN interface

Do you have the ACL list configured to allow pings from VLAN to VLAN. 

clarkimusprime
Occasional Visitor

Re: Unpingable VLAN interface

By default, are ACLs configured to block?  If so, are these drops logged anywhere?  Interestingly, on the VMware side if I open tcpdump sessions on two hosts and attempt to ping from one to the other, I see the arp requests leave the first server, but never make it to the second.

Michael A. McKenney
Respected Contributor

Re: Unpingable VLAN interface

Don't you need a port trunk permit vlan 1 to vlan 2 command to allow traffic between vlans.