Try these commands: Conf term Vlan 105 State active
George -----Original Message----- From: openstack-bounces+george.mihaiescu=q9....@lists.launchpad.net [mailto:openstack-bounces+george.mihaiescu=q9....@lists.launchpad.net] On Behalf Of Ajiva Fan Sent: Wednesday, February 27, 2013 5:23 AM To: Salvatore Orlando Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] [essex vlan]cannot ping vm on other compute node thanks you for reply special thanks to Aaron Rosen the situation is that: 1) openstack is in vlan mode 2) switcher is in trunk mode, all vlan id is allowed 3) vlan in switcher's allowed list, active list and (not pruned) list can communicate with each other. vlan only in allowed list but not in the other two list is isolated 4) i tried the way which is from official site guide to set pruned list but it does not work, the switcher just ignore the prune command and hold the original config ( i will ask our network administrator and find more help from cisco site ) now i think openstack is running fine ( at least from my point of view) and i think swither trunk port is running basically correct here is my env: switcher port {22,23} sw-31#show interfaces fastEthernet 0/22 trunk Port Mode Encapsulation Status Native vlan Fa0/22 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/22 1-4094 Port Vlans allowed and active in management domain Fa0/22 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001 Port Vlans in spanning tree forwarding state and not pruned Fa0/22 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001 from openstack control node terminal: # nova-manage network create --label admin-network-01 --fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=<admin_id> # nova-manage network create --label admin-network-02 --fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=<admin_id> # nova boot --image cirros --flavor 1 --availability_zone nova:control test01 # nova boot --image cirros --flavor 1 --availability_zone nova:compute test02 now test01 and test02 get two vlan ip addr, and control node and compute node get two bridge NOTE: *** vlan101 *** is in switcher's active list and "spanning tree forwarding state and not pruned" list, but vlan105 is not, vlan105 just in allowed list control node: br105 10.0.12.6 br101 10.0.13.6 compute node br105 10.0.12.4 br101 10.0.13.4 from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4 so the root cause may be the active list and the pruned list of switcher is there any one meet such problem? maybe i'm fool or i'm just fooled by some odd issue please help me On 2/27/13, Salvatore Orlando <sorla...@nicira.com> wrote: > I'm not sure I followed the thread correctly from the beginning, but I > read that you have configured you NIC for private VM networking, in > VLAN mode, on VLAN 105. > Is that correct? > > In general trunking all your switch ports used for VM networking will > save you the hassle of adding the VLANs you are using in your setup > one by one. > Also, there's quite a difference between VLAN access mode and trunk > mode. I rarely use Cisco switches, but when I do I always put them in > trunk mode explicitly. > The list of allowed vlan is a sort of filter that you apply on a trunk > port. So perhaps you might want to put all your ports in trunk mode > and use the vlan range defined in nova.conf as allowed vlan list. > > Salvatore > > On 27 February 2013 10:18, Ajiva Fan <aji.zq...@gmail.com> wrote: >> thank you very much. >> >> actullaly, i have already try these command yesterday, it does not work. >> >> currently, i find that vlan id in active list and not pruned list can >> be passed by switcher, vlan id not in the two list cannot will be >> droped even they are in allowed list..... >> but the network administrator (and the internet pages) tells me that >> if vlan is in allowed list, it can go through trunk mode port..... >> >> >> >> >> there is some hardware info may not be useful, but i list it here, >> hope it will help someone else. >> cisco catalyst 2950 switcher only hava >> """sw-31(config)#interface gigabitEthernet 0/2? >> . : <0-2> """ >> so i just operate on fastEthernet 0/22 >> """sw-31(config)#interface fastEthernet 0/22? >> . : <0-24> """ >> and 2950 defaultly >> 1)allowed all vlan id on trunk mode >> 2)only support 802.1q on trunk mode >> so the following commands: >>> switchport trunk encapsulation dot1q >>> switchport trunk allowed vlan 1-4094 >> will not work. >> >> >> On 2/27/13, Aaron Rosen <aro...@nicira.com> wrote: >>> Perhaps: >>> >>> interface gigbbit 0/22 >>> switchport mode trunk >>> switchport trunk encapsulation dot1q >>> switchport trunk allowed vlan 1-4094 >>> interface gigbbit 0/23 >>> switchport mode trunk >>> switchport trunk encapsulation dot1q >>> switchport trunk allowed vlan 1-4094 >>> >>> >>> >>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan <aji.zq...@gmail.com> wrote: >>>> >>>> since i notice that in switcher: >>>> sw-31>show interface fastEthernet 0/22 trunk >>>> >>>> Port Mode Encapsulation Status Native vlan >>>> Fa0/22 on 802.1q trunking 1 >>>> >>>> Port Vlans allowed on trunk >>>> Fa0/22 1-4094 >>>> >>>> Port Vlans allowed and active in management domain >>>> Fa0/22 >>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001 >>>> >>>> Port Vlans in spanning tree forwarding state and not pruned >>>> Fa0/22 >>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001 >>>> >>>> the vlan 5 is active in management domain but 105 is not, so i try the >>>> same workflow as before but change vlan id 5 to 110, ping gets no >>>> reply as vlan105 >>>> >>>> so may be i should add vlan105 to active list ? sorry i'm a green hand >>>> to switcher and got confused. >>>> 1) what the different between the allowd list and active list >>>> 2) if i should add active list manually, so does the cloud admin, if >>>> he create a vlan for a tenant, he should add to switcher active list >>>> too? is there any way automatically recoginize the vlan tag and allow >>>> it pass? >>>> maybe add a range to active list, for example, 100-4000? it's >>>> ugly...... >>> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
