Hello Fabrice,
You are right, my VMware connected 4500 via gi7/6, here is the spaning-tree
command:
*VLAN0210 Spanning tree enabled protocol ieee Root ID Priority
32978 Address 5475.d0c3.e100 This bridge is the
root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32978 (priority 32768 sys-id-ext 210)
Address 5475.d0c3.e100 Hello Time 2 sec Max Age 20 sec
Forward Delay 15 sec Aging Time 300Interface Role Sts
Cost Prio.Nbr Type------------------- ---- --- --------- --------
--------------------------------Gi2/4 Desg FWD 4
128.68 P2p Gi7/3 Desg FWD 4 128.387 P2p
Gi7/6 Desg FWD 4 128.390 P2p Po1
Desg FWD 3 128.641 P2p VLAN0220 Spanning tree enabled
protocol ieee Root ID Priority 32988 Address
5475.d0c3.e100 This bridge is the root Hello Time
2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32988
(priority 32768 sys-id-ext 220) Address
5475.d0c3.e100 Hello Time 2 sec Max Age 20 sec Forward
Delay 15 sec Aging Time 300Interface Role Sts
Cost Prio.Nbr Type------------------- ---- --- --------- --------
--------------------------------Gi2/4 Desg FWD 4
128.68 P2p Gi7/3 Desg FWD 4 128.387 P2p
Gi7/6 Desg FWD 4 128.390 P2p Po1
Desg FWD 3 128.641 P2p *
Also, Vlan122 is native, new Vlan210,220 is created for PF.
The picture will show where is the PF connection(Serverfarm_A is one of
Vlan122.). Do i need reconfigure vmware? How it look like?
Thanks and Best regards,
On 31 March 2015 at 20:48, Durand fabrice <[email protected]> wrote:
> Hello Minh,
>
> based on what i can see and suppose packetfence has been plugged on Gi7/6
> (vmware).
> So check :
> 'show spanning-tree' if vlan 210 and 220 are forwarded to gi7/6
>
> Where packetfence is connected on vmware ? is it connected to a trunk
> port where the vlan 220 and 230 are allowed and the vlan 122 is the native
> one ?
>
> Also HSRP is a layer 3 protocol and we talk about a layer 2 network.
>
> Check all these items and from the laptop connected on the vlan 210, retry
> a ping, check the arp table.
>
>
> Regards
> Fabrice
>
>
>
>
>
> Le 2015-03-31 03:38, Minh Trung a écrit :
>
> Hello Fabrice,
>
> I changed reg and iso interface back to 10.126.210.1, 10.126.220.1 but
> still no luck.
>
> As you comment could we call PF as a switch L2? Then after plug a device
> to 4500 i am not able ping to 10.126.210.1 even from 4500 can not ping
> 10.126.210.1 also.
> Do i misconfiguration on vmware? But other vlan are still fine excluded
> some new vlan for PF.
> Here is the interface configured on 4500 to vmware:
> *The first 4500:*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *interface GigabitEthernet7/4 description ### To KFVNVM02_NIC1 ###
> switchport access vlan 122 switchport mode access speed 1000 duplex
> full ! interface GigabitEthernet7/5 description ### To KFVNVM02_NIC3 ###
> switchport access vlan 122 switchport mode access speed 1000 duplex
> full ! interface GigabitEthernet7/6 description ### To KFVNVM02_NIC4 ###
> switchport trunk allowed vlan 122,126,127,210,220,230 switchport mode
> trunk speed 1000 duplex full *
>
> *The second 4500:( I has 2 switches 4500 and HSRP configured)*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *interface GigabitEthernet7/4 description ### To KFVNVM02_NIC2 ###
> switchport access vlan 122 switchport mode access speed 1000 duplex
> full ! interface GigabitEthernet7/5 description ### To KFVNVM02_NIC5 ###
> switchport access vlan 122 switchport mode access speed 1000 duplex
> full ! interface GigabitEthernet7/6 description ### To KFVNVM02_NIC6 ###
> switchport trunk allowed vlan 122,126,127,210,220,230 switchport mode
> trunk speed 1000 duplex full*
>
> Any help is appreciated,
>
> Best regards,
>
>
>
> On 30 March 2015 at 23:01, Durand fabrice <[email protected]> wrote:
>
>> Hi Minh,
>>
>> Keep in mind that reg and isol vlan are layer 2 networks, so you don't
>> have to assign an ip address for these 2 vlan on the cisco config
>> (packetfence is the only one who manage what happen on these 2 networks).
>>
>> So the the ip address of the reg interface is 10.126.210.1 (ifconfig) not
>> 10.126.210.5 so change that in pf.conf and networks.conf and restart
>> packetfence (same thing for isol).
>>
>> Now plug a device in a port on the 4500 configured like that:
>>
>> switchport mode access
>> switch port access vlan 210
>>
>> with a device with a static ip :
>> 10.126.210.33
>>
>> and try to ping 10.126.210.1.
>>
>> If this doesn't work then fix the vmware/cisco config to make it work
>> (trunk, allowed vlan...).
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2015-03-30 03:06, Minh Trung a écrit :
>>
>> Hello Fabrice,
>>
>> I already check trunk port but still problem as previously posted.
>>
>> My PF as below:
>>
>> PC ---+ --> Switch_L2(2960- Cisco) ---trunk--> Switch_L3(4500) ---trunk--->
>> PF(VMware- ESX)
>>
>> Here is the config interface that L2 connected on Core switch:
>>
>> i
>>
>>
>>
>>
>> *nterface GigabitEthernet2/4 description ### Testing Network Security
>> ### switchport trunk allowed vlan
>> 110,123,124,127,128,135,210,220,230 switchport mode trunk*
>> I has 2 core switches and configured HSRP so all Vlan will be take 3 ip
>> addresses for HSRP eg:
>> Vlan123: x.x.x.1, x.x.x.2, x.x.x..3 are assign for core switches, other
>> Vlan will be same.
>> So i changed 2 interface Vlan on PF as below:
>> *networks.conf*
>> [10.126.210.0]
>> dns=10.126.210.5
>> dhcp_start=10.126.210.10
>> *gateway=10.126.210.5*
>> domain-name=vlan-registration.global
>> nat_enabled=disabled
>> named=enabled
>> dhcp_max_lease_time=30
>> fake_mac_enabled=disabled
>> dhcpd=enabled
>> dhcp_end=10.126.210.246
>> type=vlan-registration
>> netmask=255.255.255.0
>> dhcp_default_lease_time=30
>>
>> [10.126.220.0]
>> dns=10.126.220.5
>> dhcp_start=10.126.220.10
>> *gateway=10.126.220.5*
>> domain-name=vlan-isolation.global
>> nat_enabled=disabled
>> named=enabled
>> dhcp_max_lease_time=30
>> fake_mac_enabled=disabled
>> dhcpd=enabled
>> dhcp_end=10.126.220.246
>> type=vlan-isolation
>> netmask=255.255.255.0
>> dhcp_default_lease_time=30
>>
>> But still no luck
>>
>> Do i misconfiguration of any parts?
>>
>> Any help is appreciated,
>>
>> Regards,
>>
>> On 28 March 2015 at 23:17, Durand fabrice <[email protected]>
>> <[email protected]> wrote:
>>
>>
>> Hello Minh,
>>
>> has you probably notice there is no RX traffic on eth0.210 and eth0.220
>> and eth0.230 so it's probably a switch configuration issue.
>>
>> Check on the switch port where packetfence's eth0 has been plugged that
>> 'switch port mode trunk' (cisco syntax) has been configured and check in
>> all uplink port that the vlan 210 and 220 are allowed.
>>
>> Regards
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for
>> all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
