Mailing List Archive: Xen: Users

Cisco switch issue -- after Debian updates had me stumped...

Index | Next | Previous | View Threaded

andrew.mcglashan at affinityvision

Aug 11, 2012, 11:10 AM

Post #1 of 4 (249 views)
Permalink

Cisco switch issue -- after Debian updates had me stumped...

Hi,

I just wanted to report that I did some updates on my Debian VM
(web/mail/dns server) which runs under Xen, also a Debian server and
which I also installed updates.

When I rebooted the Xen server I couldn't get to my VM from any machine
on my network other than the Xen server itself. So networking on the
physical machine was fine.

Both ssh and ping failed from every machine on my network that I tried,
except from the Xen server which worked fine; the Xen server could be
pinged without issue and connected to via ssh from any machine on my
network.

I immediately thought the problem was related to the updates (either the
VM or Xen server) that I just installed. However, I couldn't find
anything that looked out of place and I was thinking about rolling back
changes.

Then I decided to pull the plug on my Cisco switch and reboot it.
Everything come back to normal after the switch had finished rebooting.

Hopefully my little story might help someone else.

Cheers

--
Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

Current Land Line No: 03 9012 2102
Mobile: 04 2574 1827 Fax: 03 9012 2178

National No: 1300 85 3804

Affinity Vision Australia Pty Ltd
http://affinityvision.com.au
http://securemywireless.com.au
http://adsl2choice.net.au

In Case of Emergency -- http://affinityvision.com.au/ice.html

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

matej.zary at cvtisr

Aug 11, 2012, 2:32 PM

Post #2 of 4 (221 views)
Permalink

Re: Cisco switch issue -- after Debian updates had me stumped... [In reply to]

>From: xen-users-bounces [at] lists [xen-users-bounces [at] lists] On Behalf Of Andrew McGlashan [andrew.mcglashan [at] affinityvision]
>Sent: 11 August 2012 20:10
>To: xen-users [at] lists
>Subject: [Xen-users] Cisco switch issue -- after Debian updates had me stumped...
>
>Hi,
>
>I just wanted to report that I did some updates on my Debian VM
>(web/mail/dns server) which runs under Xen, also a Debian server and
>which I also installed updates.
>
>When I rebooted the Xen server I couldn't get to my VM from any machine
>on my network other than the Xen server itself. So networking on the
>physical machine was fine.
>
>Both ssh and ping failed from every machine on my network that I tried,
>except from the Xen server which worked fine; the Xen server could be
>pinged without issue and connected to via ssh from any machine on my
>network.
>
>I immediately thought the problem was related to the updates (either the
>VM or Xen server) that I just installed. However, I couldn't find
>anything that looked out of place and I was thinking about rolling back
>changes.
>
>Then I decided to pull the plug on my Cisco switch and reboot it.
>Everything come back to normal after the switch had finished rebooting.
>
>Hopefully my little story might help someone else.
>
>Cheers
>
>--
>Kind Regards
>AndrewM
>
>Andrew McGlashan
>Broadband Solutions now including VoIP

Hi there, sounds like you might have port security enabled on your Cisco switch (eg http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html). If you don't have MAC address in your VM config, the VM nic gets "random" MAC after restart (IIRC) and if you have port security on cisco switchport enabled, the new MAC address can errdisable that port of just don't allow the new MAC address depending on the switch config. Might be worth checking out whether this was the casue. :)

regards

Matej
_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

andrew.mcglashan at affinityvision

Aug 11, 2012, 9:32 PM

Post #3 of 4 (216 views)
Permalink

Re: Cisco switch issue -- after Debian updates had me stumped... [In reply to]

Hi,

On 12/08/2012 7:32 AM, Zary Matej wrote:
>> Then I decided to pull the plug on my Cisco switch and reboot it.
>> Everything come back to normal after the switch had finished rebooting.
> Hi there, sounds like you might have port security enabled on your Cisco switch (eg http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html). If you don't have MAC address in your VM config, the VM nic gets "random" MAC after restart (IIRC) and if you have port security on cisco switchport enabled, the new MAC address can errdisable that port of just don't allow the new MAC address depending on the switch config. Might be worth checking out whether this was the casue. :)

The .cfg for the VM has a permanent static MAC address, but the switch
(SGE2000P) has a section in the configuration "Bridging -> Address
Tables -> [Static|Dynamic]" ....

Both the Xen server and the VM are listed under one port (as expected)
with their MAC addresses as "Dynamic". I've added those MAC addresses
to static in the Cisco now. Not sure this is a good idea(tm), as I
would like to check the status if or when this happens again -- but now
it shouldn't happen again.

Thanks.

--
Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

_______________________________________________
Xen-users mailing list
Xen-users [at] lists
http://lists.xen.org/xen-users

andrew.mcglashan at affinityvision

Aug 12, 2012, 2:07 AM

Post #4 of 4 (217 views)
Permalink

Re: Cisco switch issue -- after Debian updates had me stumped... [In reply to]

On 12/08/2012 4:37 PM, Niels Dettenbach (Syndicat IT&Internet) wrote:
>> Both the Xen server and the VM are listed under one port (as expected)
>> with their MAC addresses as "Dynamic". I've added those MAC addresses
>> to static in the Cisco now. Not sure this is a good idea(tm), as I
>> would like to check the status if or when this happens again -- but now
>> it shouldn't happen again.
>
> Is it possible on your switch to define the "allowed" MAC's for that port by hand (i.e. as acls or similiar)?
>
> I did not know cisco's "port security" in that os version in more detail, but it may be that the switch just "catches" and accepts the first MAC (usually the Dom0 one) and not the later coming second from DomU anymore.

Yes but it accepted two MAC addresses before the reboot [until it
stopped working] and it is working fine with two MAC addresses after the
reboot -- it is only new that I have added them as static MAC addresses
in the MAC address table of the switch. The Xen config for the VM has
always had the same MAC address, statically assigned in the .cfg file.

Thanks.

--
Kind Regards
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP

Attachments:

signature.asc (0.29 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads