0

basically here is my setup:

[Host A] = A hypervisor running ESXi 5.0

[Switch A] = A Cisco 2960-S Series 48 port switch

[Switch B] = A Cisco 2960-S Series 48 port switch

[P-Router] = A physical Cisco 1941 router

[V-Router1] = A virtual Untangle 10 router

[V-Router2] = A virtual Untangle 10 router



[P-Router] is the top level router, giving out the management network. [Host A] is connected to that router on NIC1. [V-Router1] is a router (Untangle) running as a virtual machine on [Host A]. The WAN on the [V-Router1] is set to NIC1 on [Host A] (for internet connectivity), and the LAN is connected to a port group (for this we'll just call it "Group1"). The "Group1" port group is connected to NIC2 on [Host A]. There is a second router, [V-Router2] running as a virtual machine with its LAN connected to "Group2". Both port groups are connected to the same physical NIC (NIC2). NIC2 is connected to [Switch A]. There is a trunk line between [Switch A] and [Switch B]. I have set Group1's VLAN ID to 201 and Group2's VLAN to 202. NIC2 connects to port 1 on [Switch A], and this is the config for that port: 

int Gi1/0/1
switchport mode trunk
switchport trunk allowed vlan 201,202
switchport nonegotiate


I then have a second port on [Switch A] configured this way (for testing): 

int Gi1/0/25
switchport mode access
switchport access vlan 201



When plugging my computer into port 25, I get no network connectivity (and am given a 169.254.*) address. Aside from this configuration, I have also tried setting the VLAN ID to 0 (None) and 4095 (All), and I have also tried setting up a VLAN interface in Untangle. However, I am not sure if I configured that correctly. In Untangle I have my External interface, and Internal interface. If anyone could advise how to setup a tagged VLAN interface please let me know!


I am banging my head against the wall on this one, i'm hoping it is something simple that I am missing! The trunk between [Switch A] and [Switch B] works, and successfully carries over the data for my Management VLAN, however I can not get the data from my virtual router even on [Switch A] (the switch it is plugged into). I can also say, that I have verified the [V-Router1] and [V-Router2] work and give out DHCP. I received an address and could browse the web when plugging my computer directly into NIC2 on [Host A] and when creating another VM within port groups 1 and 2.

5T4TiC
  • 31
  • 1
  • 6
  • How is the vSwitch configured? – Shane Madden Jun 25 '14 at 20:10
  • What specifically about it? It is the default configuration for the vSwitch (as in I clicked "Add Networking..." and selected my NIC, and proceeded to add Port Groups). – 5T4TiC Jun 25 '14 at 20:13
  • Are the port groups tagging traffic? You got DHCP when you plugged in directly, which shouldn't have worked assuming the vlan 201 traffic was properly tagged by the port group. Also, why's the port set to nonegotiate, and is the host's NIC configured to match? – Shane Madden Jun 25 '14 at 20:14
  • I received an address when the port group VLAN ID was set to none – 5T4TiC Jun 25 '14 at 20:15
  • Is the port group vlan set to 201 now? – Shane Madden Jun 25 '14 at 20:15
  • I will set it to 201 now, and try plugging in directly and will report back in 45 seconds lol! – 5T4TiC Jun 25 '14 at 20:16
  • You should be plugging into the switch, not the host directly, to verify if the host is tagging and getting those tags accepted by the switch. This is the host port that's plugging into `Gi1/0/1`, right? Was the port group set to a vlan when you were testing previously? – Shane Madden Jun 25 '14 at 20:17
  • ...and is the virtual router's interface in the port group that's tagged 201? You said it's in group 2, which would be 202, and the client would never be able to get DHCP from it. Your description is pretty unclear, can you please provide screenshots or something of your vswitch config? – Shane Madden Jun 25 '14 at 20:19
  • Actually, everything is working now. In my combination of trying things out, there was one configuration combination I missed, after setting the VLAN ID to 201 everything seems to be working. I apologize for the unclear explanation. Untangle 1 is connected to Port Group 1, with a VLAN ID of 201. This is connected to Gi1/0/1 on my physical switch. – 5T4TiC Jun 25 '14 at 20:22
  • Ok - for future reference, if the port group has no tag then the effective vlan of the traffic is the native vlan of the port. The native vlan of `Gi1/0/1` is vlan 1 (the default if no `switchport trunk native vlan` is set), and your `switchport trunk allowed vlan` setting outright blocks that vlan 1 traffic. A port group on that vswitch with no vlan tag will never get traffic into the switch successfully. – Shane Madden Jun 25 '14 at 20:25
  • @ShaneMadden do I need to tag the VLAN interface on Untangle, or is it enough to just set the VLAN ID of the port group? – 5T4TiC Jun 25 '14 at 20:26
  • It should be set only in the port group. Since you're running on an ESXi host, it should handle the tagging. If you need the untangle device to talk to more vlans, make more vNICs in different port groups (with different vlan tags). – Shane Madden Jun 25 '14 at 20:27

0 Answers0