Networking Test the connectivity - Infra

 

Testing port connectivity - vCenter and Hosts


Using Curl to test port connectivity from vCenter

Curl is available in the VMware vCenter Server Appliance command line interface

Using Curl to simulate a telnet connection to test port connectivity

To test port connectivity in VMware vCenter Server Appliance:

  1. Log in as root user through the VMware vCenter Server Appliance console.
  2. Run this command on the vCenter Server Appliance:

curl -v telnet://target ip address:port number

**All vCenter servers must have access to the UMDS server on port 80 (http)**


Using Netcat to test port connectivity from hosts

The telnet command is not available in any versions of ESXi and, therefore, you must use netcat (nc) to confirm connectivity to a TCP port on a remote host. The syntax of the nc command is:

nc -zv <destination-ip> <destination-port>

When testing connectivity to TCP port 80, you will see an output similar to:


# nc -zv 192.168.48.133 80
Connection to 192.168.48.133 80 port [tcp/http] succeeded!

Note: Netcat includes an option to test UDP connectivity with the -uz flag, but because UDP is a conne seectionless protocol, it will always report as 'succeeded' even when ports are closed or blocked. Instead, test bi-directional UDP connectivity using tcpdump or tcpdump-uw.

nc -uv <destination-ip> <destination-port>

The nc command can also be used to check the connectivity to a range of TCP ports on a remote host

# nc -w 1 -z 192.168.48.133 20-81

Connection to 192.168.48.133 22 port [tcp/ssh] succeeded!

Connection to 192.168.48.133 80 port [tcp/http] succeeded!

Firewall to allow ESXi and vCenter Server traffic
 Log in to your firewall and configure it to allow bi-directional traffic using these ports.
 
These ports are mandatory:

  • 22 - SSH (TCP)
  • 53 - DNS (TCP and UDP)
  • 80 - HTTP (TCP/UDP)
  • 902 - vCenter Server / VMware Infrastructure Client - UDP for ESX/ESXi Heartbeat (UDP and TCP)
  • 903 - Remote Access to VM Console (TCP)
  • 443 - Web Access (TCP)
These ports are optional:
  • 123 - NTP (UDP)
  • 161, 162 - SNMP (UDP)
  • 88 - Kerberos (UDP and TCP)
  • 464 - Active Directory (TCP and UDP)
  • 3260 - Software iSCSI (TCP)


Email Post

Comments

Post a Comment

Popular Posts