Hi Simon, I'm glad you’ve had some success. I have some additional thoughts now that I have seen your router configuration: VMware is very particular (by default) about the MAC addresses it sees on virtual NICs. Once you start bridging interfaces as you have done, you may have the router originate or forward traffic with a different MAC address than is assigned to the interface by VMware. To allow the VM to do this, you need to enable Promiscuous Mode on the port group, as well as Forged Transmits. This is also required if you want to set up VRRP or similar technologies on the VM, as the MAC address is different than the one allocated. If you don't need to use a Bridge, then I recommend that you avoid it, and have the VLANs directly under the interface they are on. This will avoid the above issue and negate the need to adjust those other settings, which I believe can have a performance impact on VMware. As a side note, I would also discourage you from having critical management subnets, especially OOB, routed by a virtual machine. If you lose connectivity to the VM for any reason at all, you will likely need access to those networks and the ability to restore services. In particular, if your VMware host management traffic is routed by a VM running on that host, you are going to cause yourself a lot of pain. You won't be able to start/reboot the VM without management, but can't get management until the VM is running. Regards, Philip Loenneker | Senior Network Engineer | TasmaNet -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of deadlift Sent: Tuesday, 12 May 2020 11:21 AM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] Assistance with CHR on ESX6, Vlan-ing and an HP2910 troubleshooting Hi all, Many, many thanks for this. I did try and put the ether2 NIC into promiscuous mode prior to the email, however adding the ALL Vlan to the NIC seems to have done the trick. I can ping either side of the management vlan from either device but no other vlans, yet. I haven't got any other links up yet as the HP is still in config mode at the moment. I was lamenting having to add all the routing to the host networking stack but so far this hasn't been the case. Since changing ONE setting on a NIC was all it took. Anyway I have re-attached cfgs as .txts, for anyone who is bored. I think they need a bit of scrutinizing, I'd say it's "working" more from good luck then good management. I'll be trying to implement Philip's advice once i have all vlans pinging as designed. After that i will get a document out for all eyes under a different thread with a view for contributions, then perhaps Mike can find a home for it somewhere. Simon. On Tue, May 12, 2020 at 8:34 AM deadlift <666deadlift@gmail.com> wrote:
Hi everyone, Either there is a fundamental lack of understanding on my part, (highly likely) on MT Vlan-ing/routing, or I'm just having a bad day.
I have spun up a CHR box with two VM Nics, one on (VMNetwork) ether1 for management on my local subnet 192.168.1.0/24 which has a dhcp client, use this for winbox mgmt, etc.
The other is direct ethernet connection to an HP Procurve 2910al, port 25 for now. VM Nic ether2 (LAN NIC for want of a better term) with Static IP on CHR 10.10.20.200/24 Hoping this can be the management Vlan network. (10.10.20.0/244)
This is where i start getting lost in nomenclature and it really starting to get the better of me. This "link" would be: Trunk in Cisco Trunk in MT (?) not sure Tagged in HP
As i understand it, I've followed this guide. https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforu m.mikrotik.com%2Fviewtopic.php%3Ft%3D143620&data=02%7C01%7Cphilip. loenneker%40tasmanet.com.au%7Cf451d3e2dd4942acc09508d7f6130efc%7Cb53dc 580ab7847208b30536f36d398ac%7C0%7C0%7C637248434388293709&sdata=jOg bKakrd3vfDjVachrjsSobw%2FAa4cNDhXoi%2FfJmJwU%3D&reserved=0
For now, I do understand the 2910 will do layer 3 routing, i have chosen to keep with no ip routing on the switch. The reason for now is that most IP services are on the router. Moving routing may be beneficial but the current goal would like to get my devices correctly administered on layer 2 and 3.
My only signs of layer two life is a ping from the HP to the CHR ether2 10.10.20.200 is responsive, 10.10.20.1 is not. Also I cannot ping the Vlan IP on the HP (10.10.20.254/24) from the CHR either via the management vlan interface or ether2.
At the moment the switch is administered over serial.
Attached is the router and switch config for you enjoyment, please let me know where I've gone awry in your eyes and I will try and knock this over, then write up something for posterity. thanks Simon.