Just to be complete, here's the config on the switch. I've reconfigured it several times, making sure that I made matching changes on the ESXi host. For instance, when I destroyed the trunk and untagged the consituent ports in the VLAN, I made sure that I set the VLAN ID on the port groups to 0, and ditto when I untagged trk1 in the VLAN. But, AFAICT, that really shouldn't make a difference, since communication to/from resources outside of the ESXi host work just fine - it's only between VMs on that host that don't work.
Oh, and BTW, I've got a similarly configured host that has been fired up in our other overseas office, and it's suffering from the same problem. Kurt Running configuration: ; J9280A Configuration Editor; Created on release #Y.11.12 hostname "au-sw-03" max-vlans 50 time timezone 600 mirror-port 48 console inactivity-timer 60 trunk 3,6 Trk1 Trunk ip default-gateway 192.168.61.1 sntp server 192.168.61.31 logging 192.168.61.5 snmp-server community "**********" Operator vlan 1 name "DEFAULT_VLAN" untagged 48 ip address dhcp-bootp no untagged 1-2,4-5,7-47,Trk1 exit vlan 161 name "VLAN161" untagged 1-2,4-5,7-47 ip address 192.168.61.17 255.255.255.0 tagged Trk1 exit interface 1-47 monitor exit fault-finder bad-driver sensitivity high fault-finder bad-transceiver sensitivity high fault-finder bad-cable sensitivity high fault-finder too-long-cable sensitivity high fault-finder over-bandwidth sensitivity high fault-finder broadcast-storm sensitivity high fault-finder loss-of-link sensitivity high fault-finder duplex-mismatch-HDx sensitivity high fault-finder duplex-mismatch-FDx sensitivity high no stack spanning-tree spanning-tree 1 bpdu-protection spanning-tree 2 bpdu-protection spanning-tree 4 bpdu-protection spanning-tree 5 bpdu-protection spanning-tree 7 bpdu-protection spanning-tree 8 bpdu-protection spanning-tree 9 bpdu-protection spanning-tree 10 bpdu-protection spanning-tree 11 bpdu-protection spanning-tree 12 bpdu-protection spanning-tree 13 bpdu-protection spanning-tree 14 bpdu-protection spanning-tree 15 bpdu-protection spanning-tree 17 bpdu-protection spanning-tree 18 bpdu-protection spanning-tree 19 bpdu-protection spanning-tree 20 bpdu-protection spanning-tree 21 bpdu-protection spanning-tree 22 bpdu-protection spanning-tree 23 bpdu-protection spanning-tree 24 bpdu-protection spanning-tree 25 bpdu-protection spanning-tree 26 bpdu-protection spanning-tree 27 bpdu-protection spanning-tree 28 bpdu-protection spanning-tree 29 bpdu-protection spanning-tree 30 bpdu-protection spanning-tree 31 bpdu-protection spanning-tree 32 bpdu-protection spanning-tree 33 bpdu-protection spanning-tree 34 bpdu-protection spanning-tree 35 bpdu-protection spanning-tree 36 bpdu-protection spanning-tree 37 bpdu-protection spanning-tree 38 bpdu-protection spanning-tree 39 bpdu-protection spanning-tree 40 bpdu-protection spanning-tree 41 bpdu-protection spanning-tree 42 bpdu-protection spanning-tree 43 bpdu-protection spanning-tree 44 bpdu-protection spanning-tree 45 bpdu-protection spanning-tree 46 bpdu-protection spanning-tree 47 bpdu-protection spanning-tree Trk1 priority 4 spanning-tree bpdu-protection-timeout 600 priority 0 loop-protect 1-2,4-5,7-48 loop-protect trap loop-detected loop-protect disable-timer 1800 password manager password operator On Fri, Apr 4, 2014 at 9:54 AM, Kurt Buff <[email protected]> wrote: > Port security is not configured on the switch. > > Also, I just tried the following: > > I've changed the NIC teaming on the vSwitch to use each option (MAC > Hash, Virtual Port ID and Explicit failover order), and have even > moved one of the NICs to standby. > > I've verified that all of the VMs are using the same NIC with esxtop. > > Still no go. Anything not on the host can ping and talk with the VMs, > but the VMs cannot ping or otherwise talk with each other. > > Kurt > > On Fri, Apr 4, 2014 at 9:20 AM, Mathew Shember > <[email protected]> wrote: >> Did you try disabling port security on the switch? >> >> >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Kurt Buff >> Sent: Friday, April 4, 2014 9:11 AM >> To: [email protected] >> Subject: Re: [NTSysADM] No communication between VMs on an ESXi host >> >> Update: I've tried several configuration changes with no success: >> >> >> o- The trunk on the HP switch was tagged to the VLAN. I changed the port >> group configurations to reside in VLAN 0, and then set the trunk on the >> switched to untagged in the VLAN. This has made no difference - the VMs >> still cannot ping each other >> >> o- I destroyed the trunk, and then untagged the individual switch ports in >> the vlan. Also no go. >> >> In both cases, the VMs can talk to the rest of the environment (and vice >> versa) but not to each other. >> >> Kurt >> >> On Thu, Apr 3, 2014 at 5:20 PM, Dave Hardyman <[email protected]> wrote: >>> Remove the trunking on the switch ports that your uplinks are connected to. >>> >>> >>> ________________________________________ >>> From: [email protected] [[email protected]] >>> On Behalf Of Kurt Buff [[email protected]] >>> Sent: Thursday, April 03, 2014 6:44 PM >>> To: [email protected] >>> Subject: Re: [NTSysADM] No communication between VMs on an ESXi host >>> >>> They're trunked... >>> >>> Kurt >>> >>> On Thu, Apr 3, 2014 at 4:16 PM, Sean Martin <[email protected]> wrote: >>>> If you're uplinks aren't trunked, don't specify the VLAN ID within >>>> the port group settings. Try leaving the VLAN type set to none. >>>> >>>> >>>> On Thu, Apr 3, 2014 at 12:39 PM, Kurt Buff <[email protected]> wrote: >>>>> >>>>> All, >>>>> >>>>> My search-fu is failing, so I turn to you for help... >>>>> >>>>> I have a small ESXi 5.5 host, about to go into production. >>>>> >>>>> The three VMs (2008R2 for all of them, a DC, Exchange 2010 and a >>>>> PRTG >>>>> box) on it can communicate with machines not on the ESXi host - >>>>> ping, RDP, etc. - and vice versa. No problems. >>>>> >>>>> However, the three VMs on this host cannot talk with each other. No >>>>> ping, no RDP. When pinging from one of the VMs to another, I get a >>>>> mix of unreachables from the VMs own address and straight timeouts. >>>>> >>>>> There is only one vSwitch, which has two NICs bound to it, and the >>>>> vswitch is set up to route based on IP hash. The physical switch to >>>>> which they are connect (and this shouldn't matter, but...) is an HP >>>>> 2510G-48, and the ports for the host are in a simple trunk - no LACP. >>>>> >>>>> I've turned off the Domain profile of the firewall on one of the >>>>> machine, which seems to make no difference. >>>>> >>>>> I've examined the VMware host security settings to no avail. I've >>>>> turned off the Windows firewall. >>>>> >>>>> I've got 3 ESXi hosts in a vSphere Standard cluster that doesn't >>>>> have this problem. >>>>> >>>>> Kurt >>>>> >>>>> >>>> >>> >> >> > >
