English Community

Datacenter NetworkingDatacenter Networking Hardware
All Forum Topics
Options

46 Posts

02-07-2017

CH

54 Signins

766 Page Views

  • Posts: 46
  • Registered: ‎02-07-2017
  • Location: CH
  • Views: 766
  • Message 1 of 8

esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-06-08, 9:25 AM

Hello! I try to configure tagged VLAN with a G8124e and ESXi 6.5. But it's not working. It's only working with the PVID/Native-VLAN at the moment.

 

The ESXi 6.5 Server is connected with 2x10GB NICs to 2xG8124e (one logical-Switch (ISL)).

 

The Port tagged Port-Configuration of the G8124e (both switches):

 

show interface port 16

Current port 16 configuration: enabled, PVID/Native-VLAN 11, Tagging/Trunk-mode

    Description esxi04

 ...

    VLANs: 11,22

 

When I configure the tagged VLAN ID 100 (Screenshot) I can't ping. It's only working with VLAN 0 (no tagged). Any ideas why this isn't working?

 

It's the free esxi 6.5 version, without distributed switch.

 

Thank you very much and regards

 

Luke

Solved! See the solution
Reply
Options

300 Posts

03-31-2015

US

670 Signins

5351 Page Views

  • Posts: 300
  • Registered: ‎03-31-2015
  • Location: US
  • Views: 5351
  • Message 2 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-06-08, 13:56 PM

Hi Luke,

 

This one is a bit confusing owing to the wording in the question. You indicate “When I configure the tagged VLAN ID 100 (Screenshot)”, but the screen shot shows tagged VLAN 11, not VLAN 100. And on your current config on port 16, VLAN 11 is your native VLAN on the switch port. Some tips that may help:

 

1) On a Lenovo switch, when a port is in “trunk” mode it will ALWAYS allow, at a minimum, the native VLAN (we can not, not allow, the native, quirk of operation. If you try to set an allowed list that does not include the current native VLAN (VLAN 1 is default native), then the lowest VLAN in the allowed list command will become the native)
2) By default the native VLAN will be untagged (for packets to correctly use the native VLAN the host must send them untagged, and the switch will return any responses untagged). ALL other allowed VLANs will be tagged (it is not possible to have more than a single untagged VLAN, as how would the other side know what VLAN was being referenced for a given untagged packet if more than one VLAN was untagged?).
4) There is an interface config option to set the native VLAN to also be tagged, “vlan dot1q tag native”. When this command is added to an interface ALL VLANS are expected to be tagged coming from the hosts, and ALL packets going out of this port will be tagged.
5) On current code, if you do not include a “switchport trunk allow vlan x,y-z” command, ALL existing VLANs on the switch are allowed on that port. On earlier code, if you did not explicitly have a “switchport trunk allow vlan x,y,z” command on a trunk interface, ONLY the native VLAN was allowed. When in doubt, use the command “show int trunk” to see the native (AKA PVID) VLAN for all ports, and any allowed VLANS (on far right of output for each port). If the VLAN you want is not the native or in the allowed list in the output of “show int trunk” it will not work on this that given port.
6) In your example when you do a “show int port 16” it tells us the native is VLAN 11, and the allowed list is 11 and 22. Since VLAN 11 is the native (and we have not done anything to set it for tagging), then any untagged packet that comes in from the host will be put into VLAN 11 on the switch, and any packet on VLAN 11 inside the switch that needs to go out this port will be sent untagged. And since VLAN 22 is on the allowed list an not the natvive, it will only send VLAN 22 packets as tagged out of this port, and expect any packets for VLAN 22 coming in to be tagged for VLAN 22.
7) In the screen shot you show the portgroup in ESX being set for VLAN 11 (which means the OS will be sending packets in this portgroup to the switch tagged with VLAN 11, and expect the switch to return any packets for this port group as tagged for VLAN 11). But we (the switch) have VLAN 11 as our native (untagged) in this example, so while we would actually accept in the packet tagged for VLAN 11 into the switch (quirk of operation, we know VLAN 11 is allowed so we will allow in any untagged packet for VLAN 11 into the native 11 and we will also allow an inbound VLAN 11 tagged packet, as by the tag in the packet we explicitly know this packet must be VLAN 11 based). Where it will break will be in the VLAN 11 packet we have to send back out this port. Since our native is 11 and we have not set the native to tag, then we will ONLY send out VLAN 11 packets as untagged, and when that gets to the portgroup in ESX, it will not accept it as it is only looking for packets tagged with VLAN 11.
8) Tagging packets is a point-to-point thing. By this I mean for any given port, what VLANs are tagged and what VLANs (if any) are untagged, only needs to match what the other side of the port it is connected to is doing. This means that for two different ports on a switch, I could have completely different allowed lists, and a different native, and as long as the other side for each of these ports agrees with that specific port, it will work. What this means as an example is that on one switch port I could have the native as 11, and the allowed list as 11 and 22, and on another port I could have the native as 22, and the allowed list as 11 and 22, and both of these VLANs will pass traffic between these ports just fine, as long as for the first port the host side has untagged VLAN as 11 and the tagged VLAN as 22, and for the second port the untagged VLAN on the host side is 22, and 11 is tagged on that host.
9) On an unrelated note, since you are running vLAG, for full correct operation, any VLANs you are allowing on port 16, needs to be allowed on the partner server facing port on the other switch, and also must be on the allowed list of the ISL ports in between the two switches. Assuming you also want that VLAN to go somewhere upstream it needs to be on the allowed list of any other port where it needs to go.

 

Specific to what you show in the screen shot (VLAN 11 for the portgroup), you would either tag the native (add that “vlan dot1q tag native”) on port 16, or you would need to make some other VLAN the native and make sure 11 was part of the allowed list. Specific to what you mention in the text on making the portgroup VLAN 100, you can just leave the native as 11 (untagged for some other portgroup to use) and create VLAN 100 on the switch, and allow it on all of the desired ports (at a minimum, on port 16 on each switch and the ISL, and at least some uplink so it has a path out).

 

Let me know if you need more.

 

Thanks, Matt

 

Reply
Options

46 Posts

02-07-2017

CH

54 Signins

766 Page Views

  • Posts: 46
  • Registered: ‎02-07-2017
  • Location: CH
  • Views: 766
  • Message 3 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-06-09, 12:57 PM

Hi Matt

 

Thank you verky much for your full explanation, again :smileyhappy:

 

And sorry for the confusion, I changend the real VLANs in this post, because it's a public post. But I thought about again and I guess this is not necessary.

 

So, we are allready using tagged vlan with SLES and ESXi 5.5.

 

It's just not working with our new ESXi 6.5-Server.

 

Reply
Options

300 Posts

03-31-2015

US

670 Signins

5351 Page Views

  • Posts: 300
  • Registered: ‎03-31-2015
  • Location: US
  • Views: 5351
  • Message 4 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-06-09, 17:18 PM

Hi Luke, did you make sure you matched the tagged and untagged VLANs in use in ESX with the tagged and untagged VLANs allowed on ports 16 on the pair of G8124's (per the recommendations made)? If so, can you send me the current show tech's from each of the G8124 and advise exactly which VLANs are tagged in the OS? You can upload them here and send them to my email at mslavin at lenovo dot com.

 

Thanks, Matt

Reply
Options

46 Posts

02-07-2017

CH

54 Signins

766 Page Views

  • Posts: 46
  • Registered: ‎02-07-2017
  • Location: CH
  • Views: 766
  • Message 5 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-06-29, 11:56 AM
Please, excuses for no answer for long time I don't have any sources, but my college says it, works now with: interface port XXXX description "XXXXXX" switchport mode trunk switchport trunk allowed vlan 1XX,2XX vlan dot1q tag native switchport trunk native vlan 1XX exit The option "vlan dot1q tag native" seems to make the difference

0 person found this solution to be helpful.

This helped me too

Reply
Options

31 Posts

07-18-2017

RU

100 Signins

3123 Page Views

  • Posts: 31
  • Registered: ‎07-18-2017
  • Location: RU
  • Views: 3123
  • Message 6 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-07-18, 13:31 PM

Please help me ) I also have a problem with the trunk port

Reply
Options

300 Posts

03-31-2015

US

670 Signins

5351 Page Views

  • Posts: 300
  • Registered: ‎03-31-2015
  • Location: US
  • Views: 5351
  • Message 7 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-07-18, 13:39 PM

Hi Alex, can you be more specific? Also, you might want to open a new thread to keep any responses focused on your specific issue.

 

Thanks, Matt

Reply
Options

31 Posts

07-18-2017

RU

100 Signins

3123 Page Views

  • Posts: 31
  • Registered: ‎07-18-2017
  • Location: RU
  • Views: 3123
  • Message 8 of 8

Re: esxi 6.5 Tagging/Trunk-mode (tagged VLAN) and G8124e - doen't work

2017-07-18, 13:59 PM

I created a new topic. https://forums.lenovo.com/t5/Datacenter-Networking-Hardware/cisco-trunk-G8124E-trunk-ESXi-6-5/m-p/3740559#M430

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete