Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
32671
Views
0
Helpful
6
Replies

Guest port is up but blocked

cajalat
Level 1
Level 1

‎03-05-2010 10:41 AM

Hi,

I'm running into a problem with Guests's ports in a blocked state.  From the vSphere interface the ports are in a blocked state (see attachment).  From the Nexus CLI I get this:

nexus-1# sh interface status

--------------------------------------------------------------------------------
Port           Name               Status   Vlan      Duplex  Speed   Type
--------------------------------------------------------------------------------
mgmt0          --                 up       routed    full    1000    --
Eth3/6         --                 up       trunk     full    1000    --
Eth3/8         --                 up       trunk     full    1000    --
Eth4/6         --                 up       trunk     full    1000    --
Eth4/8         --                 up       trunk     full    1000    --
Po1            --                 up       trunk     full    1000    --
Po2            --                 up       trunk     full    1000    --
Veth1          TESTMACHINE-Casey, down     1141      auto    auto    --
Veth2          TESTMACHINE2-Casey down     1141      auto    auto    --
ctrl0          --                 up       routed    full    1000    --

I can't figure out why that's the case.  I made sure that vlan 1141 is trunked all the way up to the VEM and is visible on the network and both the control/packet vlans are visible to the VEM/VSM.

Any guidance is much appreciated.

Casey

Labels:
Preview file
142 KB
Preview file
92 KB
0 Helpful
6 Replies 6

srsardar
Level 1
Level 1

‎03-05-2010 02:54 PM

Can you post the running configuration. There are multiple reasons why the port could be down. Policies applied on the port might be getting rejected during the port bring up , Vlan not being active internally.

0 Helpful

cajalat
Level 1
Level 1
In response to srsardar

‎03-05-2010 05:24 PM

I meant to include the config...:)  Here it is:

nexus-1# sh run
version 4.0(4)SV1(2)
username admin password 5 *******************  role network-admin
telnet server enable
ssh key rsa 2048
ip domain-lookup
ip host nexus-1 10.36.100.14
kernel core target 0.0.0.0
kernel core limit 1
system default switchport
vem 3
  host vmware id 34343335-3237-5553-4539-343956574e46
vem 4
  host vmware id 34343335-3232-5553-4539-343956574e48
snmp-server user admin network-admin auth md5 0x******************priv 0x***********************localizedkey
snmp-server enable traps license
vrf context management
  ip route 0.0.0.0/0 10.36.100.1
hostname nexus-1
vlan 1
vlan 1100
  name Management
vlan 1108
  name TESTVLAN1
vlan 1109
  name TESTVLAN2
vdc nexus-1 id 1
  limit-resource vlan minimum 16 maximum 513
  limit-resource monitor-session minimum 0 maximum 64
  limit-resource vrf minimum 16 maximum 8192
  limit-resource port-channel minimum 0 maximum 256
  limit-resource u4route-mem minimum 32 maximum 80
  limit-resource u6route-mem minimum 16 maximum 48
port-profile type vethernet GUEST-DATA
  vmware port-group
  switchport mode access
  switchport access vlan 1141
  no shutdown
  state enabled
port-profile type ethernet SYSTEM-UPLINK
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 1100,1108-1109,1141
  channel-group auto mode on sub-group cdp
  no shutdown
  system vlan 1108-1109
  state enabled
port-profile type ethernet Unused_Or_Quarantine_Uplink
  description Port-group created for Nexus1000V internal usage. Do not use.
  vmware port-group
  shutdown
  state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
  description Port-group created for Nexus1000V internal usage. Do not use.
  vmware port-group
  shutdown
  state enabled

interface port-channel1
  inherit port-profile SYSTEM-UPLINK

interface port-channel2
  inherit port-profile SYSTEM-UPLINK

interface Ethernet3/6
  inherit port-profile SYSTEM-UPLINK

interface Ethernet3/8
  inherit port-profile SYSTEM-UPLINK

interface Ethernet4/6
  inherit port-profile SYSTEM-UPLINK

interface Ethernet4/8
  inherit port-profile SYSTEM-UPLINK

interface mgmt0
  ip address 10.36.100.14/24

interface Vethernet1
  inherit port-profile GUEST-DATA
  description TESTMACHINE-Casey, Network Adapter 1
  vmware dvport 272
  no shutdown

interface Vethernet2
  inherit port-profile GUEST-DATA
  description TESTMACHINE2-Casey, Network Adapter 1
  vmware dvport 264

interface control0
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.2.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.2.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.0.4.SV1.2.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.0.4.SV1.2.bin sup-2
svs-domain
  domain id 100
  control vlan 1108
  packet vlan 1109
  svs mode L2
svs connection vcenter
  protocol vmware-vim
  remote ip address 10.36.131.148 port 81
  vmware dvs uuid "df 36 2e 50 ee 2f a4 a8-d8 f2 c8 28 5e 32 1f 27" datacenter-name Informatics
  connect

nexus-1#

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to cajalat

‎03-06-2010 12:49 AM

Casey,

This type of error is usually a result of the uplink configuration.

- From vCenter can you display and capture the CDP information of the VEM interfaces connecting to the DVS

- Can you give a brief description of the topology used here.  (Upstream Switch types/models etc).

- Paste the switchport configuration of the ports to which the VEM's are connected to.

- If your VEM modules show on the VSM (show mod) provide the output of:

module vem 3 execute vemcmd show port

module vem 3 execute vemcmd show trunk

module vem 3 execute vemcmd show pc

- If your VEM modules are not showing up on the VSM, from your VEM CLI can you provide the following outputs:

vemcmd show port

vemcmd show trunk

vemcmd show pc

I see you're using sub-group CDP which is fine as long as you're CDP is functioning correctly.  Personally I prefer using mac-pinning as it doesn't require any upstream switchport configuration (other than setting the ports as trunks).

Provide the answers/info requested and we'll sort out whichever method you wish to use.

Regards,

Robert

0 Helpful

cajalat
Level 1
Level 1
In response to Robert Burns

‎03-07-2010 12:05 PM

Robert,

Thank you for the troubleshooting tips.  I'm sure I'll use those at some point.  I didn't have access to the ESX host over the weekend to execute these commands.  The problem was a simple lack of VLAN definition on the VSM (see above).

Casey

0 Helpful

jensmahnke
Level 5
Level 5
In response to cajalat

‎03-07-2010 11:01 AM

Hi Casey,

the guest-vlan 1141 is missing in your configuration. Just add it, this should resolve the problem. Maybe a shut/noshut on the veth is necessary. Ports that are assigned to a not existing vlan, will show up as blocked in vCenter.

Cheers,

Jens

0 Helpful

cajalat
Level 1
Level 1
In response to jensmahnke

‎03-07-2010 11:59 AM

Thank you.  That was the problem.  The fact that this switch is virtual is getting in the way of my thinking.  I had assumed that only the mgmt/control/data vlans needed to be defined but it makes sense that I need to define all vlans to be used here.  Thanks again.

0 Helpful
Customers Also Viewed These Support Documents