Andrew McGlashan
2012-Aug-11 18:10 UTC
Cisco switch issue -- after Debian updates had me stumped...
Hi, I just wanted to report that I did some updates on my Debian VM (web/mail/dns server) which runs under Xen, also a Debian server and which I also installed updates. When I rebooted the Xen server I couldn''t get to my VM from any machine on my network other than the Xen server itself. So networking on the physical machine was fine. Both ssh and ping failed from every machine on my network that I tried, except from the Xen server which worked fine; the Xen server could be pinged without issue and connected to via ssh from any machine on my network. I immediately thought the problem was related to the updates (either the VM or Xen server) that I just installed. However, I couldn''t find anything that looked out of place and I was thinking about rolling back changes. Then I decided to pull the plug on my Cisco switch and reboot it. Everything come back to normal after the switch had finished rebooting. Hopefully my little story might help someone else. Cheers -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP Current Land Line No: 03 9012 2102 Mobile: 04 2574 1827 Fax: 03 9012 2178 National No: 1300 85 3804 Affinity Vision Australia Pty Ltd http://affinityvision.com.au http://securemywireless.com.au http://adsl2choice.net.au In Case of Emergency -- http://affinityvision.com.au/ice.html
Zary Matej
2012-Aug-11 21:32 UTC
Re: Cisco switch issue -- after Debian updates had me stumped...
>From: xen-users-bounces@lists.xen.org [xen-users-bounces@lists.xen.org] On Behalf Of Andrew McGlashan [andrew.mcglashan@affinityvision.com.au] >Sent: 11 August 2012 20:10 >To: xen-users@lists.xensource.com >Subject: [Xen-users] Cisco switch issue -- after Debian updates had me stumped... > >Hi, > >I just wanted to report that I did some updates on my Debian VM >(web/mail/dns server) which runs under Xen, also a Debian server and >which I also installed updates. > >When I rebooted the Xen server I couldn''t get to my VM from any machine >on my network other than the Xen server itself. So networking on the >physical machine was fine. > >Both ssh and ping failed from every machine on my network that I tried, >except from the Xen server which worked fine; the Xen server could be >pinged without issue and connected to via ssh from any machine on my >network. > >I immediately thought the problem was related to the updates (either the >VM or Xen server) that I just installed. However, I couldn''t find >anything that looked out of place and I was thinking about rolling back >changes. > >Then I decided to pull the plug on my Cisco switch and reboot it. >Everything come back to normal after the switch had finished rebooting. > >Hopefully my little story might help someone else. > >Cheers > >-- >Kind Regards >AndrewM > >Andrew McGlashan >Broadband Solutions now including VoIPHi there, sounds like you might have port security enabled on your Cisco switch (eg http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html). If you don''t have MAC address in your VM config, the VM nic gets "random" MAC after restart (IIRC) and if you have port security on cisco switchport enabled, the new MAC address can errdisable that port of just don''t allow the new MAC address depending on the switch config. Might be worth checking out whether this was the casue. :) regards Matej
Andrew McGlashan
2012-Aug-12 04:32 UTC
Re: Cisco switch issue -- after Debian updates had me stumped...
Hi, On 12/08/2012 7:32 AM, Zary Matej wrote:>> Then I decided to pull the plug on my Cisco switch and reboot it. >> Everything come back to normal after the switch had finished rebooting. > Hi there, sounds like you might have port security enabled on your Cisco switch (eg http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html). If you don''t have MAC address in your VM config, the VM nic gets "random" MAC after restart (IIRC) and if you have port security on cisco switchport enabled, the new MAC address can errdisable that port of just don''t allow the new MAC address depending on the switch config. Might be worth checking out whether this was the casue. :)The .cfg for the VM has a permanent static MAC address, but the switch (SGE2000P) has a section in the configuration "Bridging -> Address Tables -> [Static|Dynamic]" .... Both the Xen server and the VM are listed under one port (as expected) with their MAC addresses as "Dynamic". I''ve added those MAC addresses to static in the Cisco now. Not sure this is a good idea(tm), as I would like to check the status if or when this happens again -- but now it shouldn''t happen again. Thanks. -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP
Andrew McGlashan
2012-Aug-12 09:07 UTC
Re: Cisco switch issue -- after Debian updates had me stumped...
On 12/08/2012 4:37 PM, Niels Dettenbach (Syndicat IT&Internet) wrote:>> Both the Xen server and the VM are listed under one port (as expected) >> with their MAC addresses as "Dynamic". I''ve added those MAC addresses >> to static in the Cisco now. Not sure this is a good idea(tm), as I >> would like to check the status if or when this happens again -- but now >> it shouldn''t happen again. > > Is it possible on your switch to define the "allowed" MAC''s for that port by hand (i.e. as acls or similiar)? > > I did not know cisco''s "port security" in that os version in more detail, but it may be that the switch just "catches" and accepts the first MAC (usually the Dom0 one) and not the later coming second from DomU anymore.Yes but it accepted two MAC addresses before the reboot [until it stopped working] and it is working fine with two MAC addresses after the reboot -- it is only new that I have added them as static MAC addresses in the MAC address table of the switch. The Xen config for the VM has always had the same MAC address, statically assigned in the .cfg file. Thanks. -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users