XenServer 6.0.2 and Cisco 3550 vlan configuration

Question

I am running a couple of xenserver 6.0.2 hosts with multiple vm's on them. All the xen hosts have 4 physical network ports connecting to the cisco. Each port is untagged in xen but is tagged to a vlan inside the cisco (with access mode vlan x). This is working as expected for quite some time now.

However now I would like to use one of the interfaces for multiple vlan's.

I created a new network in Xen with vlan tag 4.

The config in the cisco is (for all ports with the extra vlan in xen):

interface FastEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 3
  switchport trunk allowed vlan 3,4
  switchport mode trunk
  spanning-tree portfast trunk

I created 2 test vm's (on different hosts) and added the new network to them. However they cannot see (or ping) each other. I also cannot ping the cisco on its ip in vlan4.

Am i missing something? I couldn't find good documentation / tutorials online.

Edit:

I make an image hoping to explain more. (http://i45.tinypic.com/33epowi.png)
VM 2 and VM 5 should be in vlan 3 (maybe untagged)
VM 3 and VM 4 should be in vlan 4
there should be no communication being possible between the vlan's
The vlan should be configured in Xen so the client cannot change it.

in my current setup, only vm 2 and 5 can communicate, 3 and 4 are isolated from everything.

@joeqwerty Just found out it wasn't enabled, but got to do some research on it before i enable it. tnx — Paul Jacobse, Jan 31 '13 at 19:41
Can you see the MAC addresses of your hosts on the switch when you run "show mac address-table" or "show mac address-table vlan 4"? — jwbensley, Feb 01 '13 at 13:30
No, I don't see them. I did configure an other linux host (not virtualized) for testing, and that one isn't showing either. — Paul Jacobse, Feb 02 '13 at 11:04

score 1 · Answer 1 · answered Feb 04 '13 at 08:02

1

It turns out that the configuration on the cisco was correct.

On of the VM's I used for testing had a corrupted xen tools install, causing the network drivers of the internal vlan to fail. After I installed a new vm, everything worked as it should.

answered Feb 04 '13 at 08:02

Paul Jacobse

131
1
6

score 0 · Answer 2 · answered Jan 31 '13 at 19:57

0

At the very least you'll need to enable routing on the switch unless you intend to use another router to route traffic between the VLAN's. Here's a Cisco guide to configuring InterVLAN routing on that model switch:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

answered Jan 31 '13 at 19:57

joeqwerty

108,377
6
80
171

I want to keep the traffic between the different vlan seperated. without the possibility of cross-connecting. I want to give a client access to a private vlan, but i ran out of physical interfaces to use the access mode settings. Do I need to use routing for this? I though tagging was enough. – Paul Jacobse Jan 31 '13 at 20:37
I don't quite understand what you're asking. Hosts connected to ports in the same VLAN can communicate without a router. Hosts connected to ports in different VLAN's need a router to communicate. – joeqwerty Jan 31 '13 at 20:56

XenServer 6.0.2 and Cisco 3550 vlan configuration

2 Answers2