0

I have several VLANs exposed from the UCS (end-host mode) over a trunk to the SG500.

dev-switch#sh vlan
Created by: D-Default, S-Static, G-GVRP, R-Radius Assigned VLAN, V-Voice VLAN

Vlan       Name           Tagged Ports      UnTagged Ports      Created by
---- ----------------- ------------------ ------------------ ----------------
 1           1                             gi1/49-52,Po1-32         V
106     management         gi1/49-52      gi1/1-6,gi1/25-30         S
108      esxi-mgmt         gi1/49-52                                S
109       storage          gi1/49-52                                S
110       inside           gi1/49-52      gi1/7-12,gi1/31-36        S
200         dmz            gi1/49-52      gi1/13-18,                S
                                          gi1/37-42
255       uplink                          gi1/19-24,                S
                                          gi1/43-48

dev-switch#sh run int gi1/49
interface gigabitethernet1/49
 description ucs-trunk
 gvrp enable
 spanning-tree portfast
 switchport trunk allowed vlan add 106,108-110,200
 udld port disable

Additionally, I have a server with 3 NICs plugged into access ports (dmz,inside,management)

The trouble is I can ping some vmware VMs /hosts running on the UCS but not others (internal works, but not esxi-mgmt, sometimes esxi-mgmt works if I ping from the host to the switch sometimes not).

Additionally no hosts can get out to the internet. The ASA is here:

ip default-gateway 10.10.255.1

Extra config info:

interface vlan 106
 name management
 ip address 10.10.6.1 255.255.255.0
!
interface vlan 108
 name esxi-mgmt
 ip address 10.10.8.1 255.255.255.0
!
interface vlan 109
 name storage
 ip address 10.10.9.1 255.255.255.0
!
interface vlan 110
 name inside
 ip address 10.10.10.1 255.255.255.0
!
interface vlan 200
 name dmz
!
interface vlan 255
 name uplink
 ip address 10.10.255.2 255.255.255.248


dev-switch#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S   0.0.0.0/0 [1/1] via 10.10.255.1, 07:16:31, vlan 255
C   10.10.6.0/24 is directly connected, vlan 106
C   10.10.8.0/24 is directly connected, vlan 108
C   10.10.9.0/24 is directly connected, vlan 109
C   10.10.10.0/24 is directly connected, vlan 110
C   10.10.255.0/29 is directly connected, vlan 255

I know that's a lot but I feel a bit out of my depth here, maybe I'm just missing something simple.

Any help would be greatly appreciated!

Note: I'm pretty sure this whole problem is caused by the SG500 not having proper InterVlan Routing. (edit: Nope, just wanted to clear the air. IVR works properly on this switch)

Edit: I gave up and bought a cheap pair of Catalyst 3750s and X2 modules so I could use 10GbE with the UCS. Using almost an identical config I've had exactly zero problems. The config would work intermittently (and eventually with some stability) after many days on the SG500 but immediately and without problems on the Catalysts. So if you're reading this I encourage you to save your money and get the cheaper and more effective 3750s off eBay.

Community
  • 1
Jonathan DeMarks
  • 126
  • 5
  • 1
    `switchport mode trunk` seems to be missing on gi1/49 – Teun Vink Jul 29 '16 at 20:36
  • since this is a small business switch I believe the `switchport trunk allowed vlan add 106,108-110,200` is equivalent. there didn't seem to be an option for just `switchport mode trunk` on this switch. – Jonathan DeMarks Jul 31 '16 at 18:03
  • You do not want `spanning-tree portfast` on a trunk port. That is for access ports to skip STP and go straight to forwarding, but you want STP to calculate on trunk ports. – Ron Maupin Aug 08 '16 at 20:10
  • @RonMaupin why STP if the UCS is in end-host mode? – hertitu Oct 01 '16 at 22:06
  • Are both sides of the UCS connected to the same switch? What vswitch do you use? can vms/hosts ping each other? Is there a pattern, e.g. vms can ping when they run on certain hosts but not on others? – hertitu Oct 01 '16 at 22:12
  • @hertitu No, only Fabric A was connected (I was running with a single fabric at the time). I was using a mix of standard and distributed vSwitches (all working fine internally). The solution here was to buy a pair of 3750s and be done with it. They were cheaper and with X2 modules supported 10GbE. – Jonathan DeMarks Oct 03 '16 at 11:10

1 Answers1

0

If the link is "flipping", then you might got issue with either STP or VTP.

I had similar issue on our new core switch, when we replaced the old 3550 to a new 3750. The Cisco 3750 switch had an IOS bug, which caused trouble on the VTP protocol. Client port was flipping in 15-20 minutes and VTP pruning caused it.

So if you have VTP enabled, then check if pruning is enabled on the VTP server. If so, then try to switch it off. (by default is disabled) VTP can override the running Spannig-tree settings and could cause big trouble. (VTP itself is a trouble to be honest, better get rid of it)

Laz
  • 146
  • 5
  • Agreed, had trouble with VTP myself. Common practice seems to be admins turn it on to configure a large number of switches easily then turn it off. I leave it off and just copy the results of `show run vlan` to the other switch. Your comments about STP seem to be aligned with @RonMaupin I'll look into it but I did order a pair of 3750's since this setup seems to work fine but takes **forever** for the switch to learn the MAC address table. Hoping 3750s will fix that. – Jonathan DeMarks Aug 11 '16 at 23:55