The vCenter Server Appliance (VCSA) cannot communicate on its subnet, even though the appliance shows the correct IP address, subnet mask, and default gateway. This is commonly seen after a host rebuild, a port group change, or after physical cabling is moved between switch ports. The VCSA web interface does not load and the appliance cannot be reached from the ESXi host or other devices on the same subnet.

Common symptoms:

• The VCSA does not respond to ping from the ESXi host or other hosts on the same subnet.
• Other virtual machines and VMkernel adapters on the same host reach the subnet without issue.
• From the VCSA shell, pinging its own default gateway returns Destination Host Unreachable sourced from the VCSA itself.
• The host neighbor (ARP) table resolves other devices on the subnet but has no entry for the VCSA.

The appliance network configuration is correct. To view it when the VCSA web interface is unreachable, open the appliance shell through the ESXi Host Client browser console:

1. Browse to https://<esxi-host-ip>/ui and log in with the host root credentials.
2. Open Virtual Machines, select the VCSA, and click Console > Open browser console.
3. Log in as root, type shell at the Command> prompt, and review the configuration:

# ip addr
inet ##.##.#.##/24 ... scope global eth0
# ip route
default via ##.##.#.### dev eth0

Note: The same logic and steps apply to any virtual machine that is unreachable on its subnet while showing correct guest IP settings. The VCSA is used here because it is a common case after a rebuild, and because losing it blocks management of the environment.

• VMware vCenter Server
• VMware vSphere ESXi
• Standard vSwitch (vSS) with one or more VM port groups

The VCSA's vNIC is attached to a port group whose vSwitch uplink (vmnic) connects to a physical switch port that places traffic into a different VLAN than the one the VCSA is addressed for. The appliance has correct IP settings but is on the wrong broadcast domain, so its ARP requests never reach the intended gateway or peers.

Identify the uplink the VCSA's vSwitch uses, confirm the VLAN that uplink reaches, and move the VCSA's vNIC to a port group on a vSwitch whose uplink reaches the correct VLAN.

Step 1 – Confirm the subnet is healthy from the host

From the ESXi host shell, ping the gateway and a neighbor on the target subnet using a VMkernel known to work on that subnet, then list the neighbor table:

vmkping -I vmkN ##.##.#.###
esxcli network ip neighbor list

If neighbors on the subnet resolve but the VCSA's IP has no entry, the subnet is healthy and the issue is isolated to the VCSA's path.

Step 2 – Identify the VCSA's port group, vSwitch, and uplink

In the ESXi Host Client:

1. Open Virtual Machines, select the VCSA, choose Edit settings, expand Network Adapter 1, and note the Port group and MAC address.
2. Open Networking > Port groups, click the port group, and note the Virtual switch and VLAN ID.
3. Click the virtual switch and note the uplink physical adapter (vmnic).

Step 3 – Confirm the VLAN the uplink reaches

Open Networking > Physical NICs, click the uplink vmnic, and review the Cisco Discovery Protocol (CDP) details. Note the reported VLAN ID. If it does not match the VLAN the VCSA is addressed for, the root cause is confirmed.

Then identify a vSwitch on the same host whose VMkernel or VMs already communicate on the target subnet, and note its uplink vmnic and CDP VLAN. This is the working path.

Step 4 – Create a VM port group on the working vSwitch

1. Open Networking > Port groups and click Add port group.
2. Enter a descriptive name.
3. Set the VLAN ID to match the working VMkernel's port group on that vSwitch.
4. Select the working Virtual switch and click Add.

Step 5 – Move the VCSA and verify

1. Open the VCSA's Edit settings, expand Network Adapter 1, select the new port group, confirm Connect at power on, and click Save.
2. From the host shell, confirm reachability: vmkping -I vmkN ##.##.#.## and verify esxcli network ip neighbor list now resolves the VCSA's IP to the MAC recorded in Step 2.
3. From the VCSA shell, confirm the gateway now responds: ping ##.##.#.###.

Note: Do not change the original physical switch port's VLAN if that uplink also carries a working VMkernel (such as host management). Doing so disconnects that interface. Move the VCSA instead.

If the issue persists after following these steps, contact Broadcom Support for further assistance.

• Troubleshooting VMware vSphere ESXi Virtual Machine TCP/IP, ping connection issues (KB 324495)
• Troubleshooting virtual machine network connection issues (KB 324542)
• Troubleshooting virtual machine default gateway connection issues (KB 307777)
• Troubleshooting VLAN Connectivity Issues (KB 375097)
• VMs on ESXi standard switch do not communicate (KB 411640)
• VLAN configuration on virtual switches, physical switches, and virtual machines (KB 311764)
• ESXi connecting to physical switch via VLAN access mode and External Switch VLAN Tagging (EST Mode) (KB 308086)