Hi all,
I've got a weird situation where ESXi 8 seems to not be getting trunked frames from my core switch, I'm hoping someone can point me in the right direction or point out what I'm missing. I've done this before but.. something weird happening here I think. TP-Link seems to have changed their firmware on newer switches (I just bought new devices), I'm wondering if I'm missing something there.
ESXi box:
Intel NUC 11 Pro NUC11TNHi50L
2x i225-LM 2.5g NICs
ESXi 8
Hosts an OPNsense VM that is my edge, and where VLANs are intended to be routed.
Core switch:
TP-Link TL-SG2210MP
Tertiary switch:
TP-Link TL-SG2008P
connection path is WAN <-> NUC (OPNsense VM) <-> (Core) TL-SG2210MP <-> (Office) TL-SG2008P
I'm trying to get VLAN 1000 working all the way through the network.
I've successfully got it trunked between the switches, I can see the laptop on that VLAN arp-ing on both switches, as well as seeing the MAC in the MAC Address table on both switches, in the appropriate VLAN.
In ESXi, I setup a VM on VLAN 1000 as a test, and I can get internet through the firewall, but can't talk to anything outside the ESXi box.
My connection issue seems to be where the core meets ESXi.
Here's the config of the uplink to ESXi:
For reference, a working trunk between the two switches:
The vSwich for ESXi is configured as:
MTU 1500
Link Discovery: Both / CDP
Route based on originating port ID
Promiscuous mode, forged transmist, and MAC changes were all allowed as troublehooting. Those are off currently.
Edit: Port groups that exist:
20
53
1000
4095 (trunked)
OPNsense lives on the 4095 Port group.
Any VLANs that exist on the ESXi host can talk successfully, and hit the internet.
Any thoughts? the NUC and core switch are in a pretty inconvenient location, so I haven't taken a pcap coming out of the core yet.
I've got a weird situation where ESXi 8 seems to not be getting trunked frames from my core switch, I'm hoping someone can point me in the right direction or point out what I'm missing. I've done this before but.. something weird happening here I think. TP-Link seems to have changed their firmware on newer switches (I just bought new devices), I'm wondering if I'm missing something there.
ESXi box:
Intel NUC 11 Pro NUC11TNHi50L
2x i225-LM 2.5g NICs
ESXi 8
Hosts an OPNsense VM that is my edge, and where VLANs are intended to be routed.
Core switch:
TP-Link TL-SG2210MP
Tertiary switch:
TP-Link TL-SG2008P
connection path is WAN <-> NUC (OPNsense VM) <-> (Core) TL-SG2210MP <-> (Office) TL-SG2008P
I'm trying to get VLAN 1000 working all the way through the network.
I've successfully got it trunked between the switches, I can see the laptop on that VLAN arp-ing on both switches, as well as seeing the MAC in the MAC Address table on both switches, in the appropriate VLAN.
In ESXi, I setup a VM on VLAN 1000 as a test, and I can get internet through the firewall, but can't talk to anything outside the ESXi box.
My connection issue seems to be where the core meets ESXi.
Here's the config of the uplink to ESXi:
Code:
sw-core#show running-config interface gi 1/0/1
!TL-SG2210MP
interface gigabitEthernet 1/0/1
description "Uplink to ESXi"
switchport general allowed vlan 1000 tagged
vlan_trunk
spanning-tree common-config portfast enable
spanning-tree guard loop
power inline supply disable
#
Code:
sw-core#show running-config interface gi 1/0/8
!TL-SG2210MP
interface gigabitEthernet 1/0/8
description "Uplink to Office switch"
switchport general allowed vlan 1000 tagged
vlan_trunk
spanning-tree guard loop
power inline supply disable
#The vSwich for ESXi is configured as:
MTU 1500
Link Discovery: Both / CDP
Route based on originating port ID
Promiscuous mode, forged transmist, and MAC changes were all allowed as troublehooting. Those are off currently.
Edit: Port groups that exist:
20
53
1000
4095 (trunked)
OPNsense lives on the 4095 Port group.
Any VLANs that exist on the ESXi host can talk successfully, and hit the internet.
Any thoughts? the NUC and core switch are in a pretty inconvenient location, so I haven't taken a pcap coming out of the core yet.
Last edited: