Help me understand what is going on in my homelab setup:
172.17.1.XX vlan1 trusted machines
172.17.10.XX vlan10 untrusted machines (IoT & guest)
172.17.20.XX vlan20 management (ILO, ESXi hosts, etc)
ICX7150 is in my office with desktops, printers, scanners
ICX7250 is in my garage with half rack and servers
firewall/router | 2.5 G copper link | ICX 7150 | 10G fiber link | icx 7250 |
172.17.1.1 | | GW: 172.17.1.1 | | GW 172.17.1.1 |
172.17.10.1 | | 172.17.1.2 | | 172.17.1.3 |
172.17.20.1 | | 172.17.20.2 | | 172.17.20.3 |
Everything works fine… but I have one annoyance I don’t understand.
In my half rack I have the main network connections for my servers hooked up via DAC to the 10G SFP+ ports, but their ILO/iDRAC connections are hooked up to standard 1G ports.
The link between the two switches is a 10G fiber connection utilizing a SFP+ port on each switch.
When setting the IP address for the ILO/iDRAC devices, I can assign 172.17.20.1 as the gateway and it works fine, however for the ESXi management configuration of the servers connected to the SFP+ ports I must set the gateway to 172.17.20.3 (e.g. the switch address on the management network, not the firewall’s address). If I use the test management network feature of ESXi, it indicates that 172.17.20.1 pings fail when the gateway is set to 172.17.20.1. If I set the gateway to 172.17.20.3, the test management network pings of 172.17.20.1 succeed.
It very much appears that the SFP+ trunk/stack ports act differently than the 1G ports in this respect. If I switch the ESXi host to 1G and plug in to a 1G port instead of the SFP+ port I can use the 172.17.20.1 address as the gateway. It acts as if the switch is not forwarding ARP requests for the VLAN between SFP+ ports.
What is going on, and to satisfy my OCD nature, is there a way for me to not have to specify 172.17.20.3 as the gateway for servers connected via SFP+ ports?
Thanks in advance!