Cannot connect to a virtual machine that is connected to a vDS
Article ID: 301732
Updated On:
Products
VMware
Issue/Introduction
IP qualifier rule to drop traffic to and from all IP addresses except permitted IP address results in dropping ARP requests.
Symptoms:
- Pinging a virtual machine that is connected to a virtual distributed switch fails after configuring traffic filtering using an IP qualifier.
- This issue occurs after enabling an IP qualifier rule made to drop any traffic to or from all IP addresses except permitted IP address.
For example:
====================================
Rule#1: IP qualifier
Action: AllowDirection: Ingress/EgressProtocol ANYSource Address: IS ip_addressDestination address: ANYRule#2: IP qualifierAction: DropDirection: Ingress/EgressProtocol ANYSource Address: ANYDestination address: ANY
====================================
Cause
This issue is caused by the IP qualifier rule dropping ARP requests.
For Example:
For Example:
Protocol ANY
Source Address: ANY
Destination address: ANY
Resolution
There is currently no resolution.
Workaround:
To work around this issue if you do not want to upgrade, create a MAC qualifier to allow ARP.
Example Configuration
=============================
Rule#1: IP qualifier
Action: Allow
Direction: Ingress/Egress
Protocol ANY
Source Address: IS ip_address
Destination address: ANY
Rule#2: MAC qualifier
Action: Allow
Direction: Ingress/Egress
Protocol ARP
Source Address: IS ANY
Destination address: ANY
Rule#3: IP qualifier
Action: Drop
Direction: Ingress/Egress
Protocol ANY
Source Address: ANY
Destination address: ANY
=============================
Additional Information
Feedback
Yes
No
Powered by
