NSXTO4 Lab Student Worksheet

VMware NSX: Troubleshooting and
Operations [V4.x]
Student Worksheet
VMware® Education Services

VMware, Inc.
www.vmware.com/education
VMware NSX: Troubleshooting and Operations [V4.x]
Student Worksheet
Part Number EDU-EN-NSXTO4-SW (06-FEB-2023)
Copyright © 2023 VMware, Inc. All rights reserved. This manual and its accompanying materials are
protected by U.S. and international copyright and intellectual property laws. VMware products are
covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered
trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies. VMware vSphere®
Client™, VMware vSphere® 2015, VMware vSphere®, VMware Verify™, VMware vSphere® Distributed
Switch™, VMware NSX-T™ Data Center, VMware NSX-T™, VMware NSX® Manager™, VMware NSX®
Edge™, VMware NSX® Advanced Load Balancer™, VMware NSX® Advanced Load Balancer™ – Basic
Edition, VMware NSX®, VMware NSX® Professional, VMware NSX® for Remote Office Branch Office,
VMware NSX® for Desktop, VMware NSX® Enterprise Plus, and VMware ESXi™ are registered trademarks
or trademarks of VMware, Inc. in the United States and/or other jurisdictions.
The training material is provided “as is,” and all express or implied conditions, representations, and
warranties, including any implied warranty of merchantability, fitness for a particular purpose or
noninfringement, are disclaimed, even if VMware, Inc., has been advised of the possibility of such claims.
This material is designed to be used for reference purposes in conjunction with a training course.
The training material is not a standalone training tool. Use of the training material for self-study without
class attendance is not recommended. These materials and the computer programs to which it relates
are the property of, and embody trade secrets and confidential information proprietary to, VMware,
Inc., and may not be reproduced, copied, disclosed, transferred, adapted or modified without the
express written approval of VMware, Inc.
Typographical Conventions
The following typographical conventions are used in this course.
Conventions Usage and Examples
Monospace Identifies command names, command options, parameters, code fragments,

error messages, filenames, folder names, directory names, and path names:
• Run the esxtop command.
• ... found in the /var/log/messages file.
Monospace Identifies user inputs:

Bold
• Enter ipconfig /release.
Boldface Identifies user interface controls:
• Click the Configuration tab.
Italic Identifies book titles:
• vSphere Virtual Machine Administration
<> Indicates placeholder variables:
• <ESXi_host_name>
• ... the Settings/<Your_Name>.txt file
Contents
Lab 3 NSX Management Cluster Validation ........................................................................... 1

Task 2: Verify the NSX Management Cluster Status from the UI.......................................................................... 1
Task 3: Verify the NSX Management Cluster Status from the NSX CLI ................................................................. 1
Lab 5 Infrastructure Preparation Validaiton .......................................................................... 3
Task 2: Verify the Transport Node Preparation Prerequisites .............................................................................. 3
Task 3: Verify the Transport Node Preparation from the NSX UI ......................................................................... 4
Task 4: Verify the Transport Node Preparation from the ESXi CLI ....................................................................... 5
Lab 7 NSX Edge Deployment Validation ................................................................................ 7
Task 2: Verify the NSX Edge Configuration from the NSX UI ................................................................................ 7
Task 3: Verify the NSX Edge Configuration from the NSX CLI ............................................................................... 8
Lab 9 Logical Switching Validation ......................................................................................... 9
Task 3: Verify Segments from the NSX CLI ........................................................................................................... 9
Task 4: Verify Segments from the ESXi CLI ......................................................................................................... 10
Lab 13 Logical Routing Validation ........................................................................................ 11
Task 3: Verify the Gateways from the NSX CLI on the NSX Manager Instance ................................................... 11
Task 4: Verify the Gateways from the NSX CLI on the ESXi Host ........................................................................ 11
Task 5: Verify the Gateways Using BGP from the NSX CLI on the NSX Edge Nodes ........................................... 12
Task 6: Verify the Gateways Using OSPF from the NSX CLI on the NSX Edge Nodes .......................................... 13
Lab 19 Distributed Firewall Validation................................................................................. 15
Task 2: Enable Distributed Firewall Rules ........................................................................................................... 15
Task 4: Verify DFW Rules from the ESXi CLI........................................................................................................ 15
Lab 23 Gateway Firewall Validation .................................................................................... 17
Task 3: Enable Gateway Firewall Rules............................................................................................................... 17
v
Task 5: Verify Gateway Rules from the NSX Edge CLI ......................................................................................... 17
Lab 26 NSX Distributed IDS/IPS Validation .......................................................................... 19
Task 3: Enable IDS/IPS Distributed Rules ............................................................................................................ 19
Task 4: Verify the NSX Distributed IDS/IPS Configuration from ESXCLI .............................................................. 19
Task 6: Analyze IDS/IPS Events ........................................................................................................................... 20
Lab 28 NSX Advanced Load Balancer Validation ................................................................. 21
Task 3: Verify the NSX Advanced Load Balancer Configuration from the NSX Advanced Load Balancer UI ....... 21
Task 4: Verify the Advanced Load Balancer Configuration from the NSX Advanced Load Balancer CLI ............. 22
Lab 31 IPSec VPN Validation ................................................................................................ 25
Task 3: Verify the IPSec VPN from the NSX CLI ................................................................................................... 25
Lab 33 Layer 2 VPN Validation ............................................................................................. 27
Task 3: Verify the L2 VPN from the NSX CLI........................................................................................................ 27
Lab 36 Datapath Troubleshooting East-West Packet Walk Worksheet .............................. 29
Task 1: Use Traceflow ......................................................................................................................................... 29
Task 2: Perform Data Collection for Packet Capture .......................................................................................... 30
Task 3: Perform Packet Capture ......................................................................................................................... 33
Lab 37 Datapath Troubleshooting South-North Packet Walk Worksheet........................... 37
Task 1: Use Traceflow ......................................................................................................................................... 37
Task 2: Perform Data Collection for Packet Capture .......................................................................................... 38
Task 3: Perform Packet Capture ......................................................................................................................... 41
vi
Lab 3 NSX Management Cluster Validation
Task 1: Verify the NSX Management Cluster Status from the UI

You verify the NSX management cluster status from the NSX UI.
NOTE
Some of the values you are asked to record in your worksheet (for this and subsequent labs) are long
alphanumeric strings such as the Node UUID.
If you wish, you may record just enough characters to make the recorded value identifiable, if you need
to refer back to it in a later step.
For example, you can record just the first (or last) few characters of the UUID or all characters in the
fourth segment : c3ca80c6-23ca-e7ca-8202-14be316e17ca
NSX UI Management Cluster Verification for sa-nsxmgr-01
Parameter Value
Cluster (status of)
Cluster ID
Virtual IP
Number of NSX Manager Nodes
sa-nsxmgr-01 UUID
Operational status of MANAGER
Task 2: Verify the NSX Management Cluster Status from the NSX CLI
You verify the NSX management cluster status from the nsxcli command line.
1
NSX Management Cluster Status Verification Using NSX CLI
Parameter Value
Cluster ID
Overall status
DATASTORE group status
CONTROLLER group status
NSX Management Cluster Status Verification Using NSX CLI
Parameter Value
Cluster ID
Overall status
DATASTORE group status
CONTROLLER group status
2
Lab 5 Infrastructure Preparation Validaiton
Task 1: Verify the Transport Node Preparation Prerequisites

You verify the transport node prerequisites from the NSX UI.
Compute Manager Details for sa-vcsa-01.vclass.local
Parameter Value
Type
Version
Registration status
Connection status
Transport Zone Details for Prod-Overlay-TZ
Parameter Value
Traffic type
Number of transport nodes
Number of switches
Transport Zone Details for Prod-VLAN-TZ
Parameter Value
Traffic type
3
Number of Transport Nodes
Number of Switches
Uplink Profile Details: ESXi-Host-Uplink-Profile
Parameter Value
Teaming policy
Active uplinks
MTU
Subnet IP Range Details for TEP-IP-Pool
Parameter Value
IP ranges 172.20.__________ through 172.20.__________
CIDR 172.20.__________
Gateway 172.20.__________
Task 2: Verify the Transport Node Preparation from the NSX UI

You verify the ESXi transport nodes configuration from the NSX UI.
Host Transport Node Details for sa-esxi-04.vclass.local
Parameter Value
Node Status
NSX Configuration State
OS Type
TEP IP Address
Manager Connectivity
4
Controller Connectivity
Transport Zones
Task 3: Verify the Transport Node Preparation from the ESXi CLI
You use the native ESXi commands to query the list of NSX packages and modules installed on the ESXi host.
You also retrieve the configuration information of the IP addresses, TEP, and NSX modules.
NSX Configuration Details of the sa-esxi-04 host
Parameter Value
nsx-proxy vib Acceptance Level
Status of the nsxt-vswitch kernel module
vmk10 IPv4 Address
vmk50 IPv4 Address
5
6
Lab 7 NSX Edge Deployment Validation
Task 1: Verify the NSX Edge Configuration from the NSX UI

You verify the Edge transport nodes configuration from the NSX UI.
Edge Transport Node Configuration Details for sa-nsxedge-01
Parameter Value
Node Status
Configuration State
TEP IP Address
Deployment Type
Manager Connectivity
Transport Zones
Edge Cluster
7
Task 2: Verify the NSX Edge Configuration from the NSX CLI
You log in to the sa-nsxedge-01 NSX Edge node to query the information from the NSX CLI.
Selected Configuration Details of the sa-nsxedge-01 NSX Edge node
Parameter Value
Minimum password length
Node UUID
Name of the network interfaces used to carry VM traffic
Channel used to connect to NSX-Manager
Physical port of the Prod-VLAN-NVDS host switch
Local VTEP IP of the Prod-Overlay-NVDS host switch
Encapsulation type used on all tunnel ports
8
Lab 9 Logical Switching Validation
Task 1: Verify Segments from the NSX CLI

You run the nsxcli commands to retrieve the configuration of the Prod-Web-Segment segment.
Segment Configuration Details for Prod-Web-Segment
Parameter Value
Name Prod-Web-Segment
VNI
UUID
Type
Verify Segments from NSX Manager CLI
Table Entry Value
arp-table MAC of sa-web-01 (172.16.10.11)
mac-table VTEP-IP associated with sa-web-01 MAC
mac-table VTEP-IP associated with sa-web-02 MAC
vtep TransportNode-ID associated with sa-web-01
9
Task 2: Verify Segments from the ESXi CLI
You use the nsxcli command line on the sa-esxi-04 host to retrieve the configuration of the Prod-Web-
Segment segment.
Prod-Web-Segment Segment Configuration Details
Parameter Value
DVS name
Replication mode
Controller IP
Transport binding
Verify Segments from ESXi CLI
Table Entry Value
arp-table MAC of sa-web-02 (172.16.10.12)
mac-table VTEP IP (outer IP) used for sa-web-02 traffic
vtep-table VTEP Label of VTEP IP used for sa-web-02
10
Lab 13 Logical Routing Validation
Task 1: Verify the Gateways from the NSX CLI on the NSX Manager Instance
You query the gateways configuration from the NSX command line on NSX Manager.
Gateway UUIDs
Router-Type GW-Name GW-ID UUID
Distributed Router Tier1 DR-Prod-T1-GW-01 0x__________
Distributed Router Tier0 DR-Prod-T0-GW-01 0x__________
Service Router Tier0 SR-Prod-T0-GW-01 0x__________
Service Router Tier0 SR-Prod-T0-GW-01 0x__________
Task 2: Verify the Gateways from the NSX CLI on the ESXi Host
You query logical router information from the NSX CLI on the ESXi host.
Prod-T0-GW-01 (Tier 0 DR) LIF Configuration Details
Overlay VNI Mode IP/Mask MAC
11
Prod-T1-GW-01 (Tier 1 DR) LIF Configuration Details
Overlay VNI Mode IP/Mask (IPv4)
Task 3: Verify the Gateways Using BGP from the NSX CLI on the NSX Edge Nodes
You query the information about the gateways using BGP from the NSX CLI on the NSX Edge nodes.
Record of Gateways UUIDs for nsx-edge-01
Type Name VRF UUID
DISTRIBUTED_ROUTER_TIER1 DR-Prod-T1-GW-01
DISTRIBUTED_ROUTER_TIER0 DR-Prod-T0-GW-01
SERVICE_ROUTER_TIER0 SR-Prod-T0-GW-01
BGP Neighbors
Edge Node Neighbor AS State
sa-nsxedge-01
sa-nsxedge-02
sa-nsxedge-01 BGP details for Prod-App-Segment (172.16.20.0/24)
Gateway Interface
12
sa-nsxedge-01 Interface Details for Prod-App-Segment
Name Interface UUID
Task 4: Verify the Gateways Using OSPF from the NSX CLI on the NSX Edge Nodes
You query the gateways information about the gateways using OSPF from the NSX CLI on the NSX Edge
nodes.
Record of Gateways UUIDs for nsx-edge-ospf-01
Type Name VRF UUID
DISTRIBUTED_ROUTER_TIER1 DR-Prod-OSPF-T1-GW-
01
DISTRIBUTED_ROUTER_TIER0 DR-Prod-OSPF-T0-GW-
01
SERVICE_ROUTER_TIER0 SR-Prod-OSPF-T0-GW-
01
OSPF Neighbors
Edge Node State Address Interface
sa-nsxedge-ospf-01
sa-nsxedge-ospf-02
Net link states in OSPF Database
Link ID ADV Router
13
sa-nsxedge-ospf-01 OSPF details for Prod-OSPF-App-Segment (172.16.220.0/24)
Gateway Interface
OSPF Interface details
Edge Node Router ID Designated Router ID Area MTU
sa-nsxedge-ospf-01
sa-nsxedge-ospf-02
14
Lab 19 Distributed Firewall Validation
Task 1: Enable Distributed Firewall Rules

You enable distributed firewall rules to manage traffic in the three-tier app.
3-TIER POLICY Configuration Details
Rule Name Source Destination Services Actions
Allow Web Traffic Web-Servers App-Servers
Allow DB Traffic App-Servers DB-Servers
Reject All Other Traffic 3-Tier 3-Tier
Task 2: Verify DFW Rules from the ESXi CLI

You use the native ESXi commands to query the distributed firewall rules applied to the sa-web-01 VM.
sa-web-01 dvfilter Configuration Details
Parameter Value
agentName
name
vNIC slot
15
Web-Servers to App-Servers traffic Firewall Rule Configuration Details
Parameter Value
Rule number
Direction (in/out/inout)
Protocol
Source (from addrset)
Destination (to addrset)
Port
Action (accept/reject/drop)
Web-Servers to App-Servers traffic Rule addrset Configuration Details
Parameter Value
Source IPs
Destination IPs
16
Lab 23 Gateway Firewall Validation
Task 1: Enable Gateway Firewall Rules

You enable gateway firewall rules to manage SSH traffic to the virtual machines in the three-tier app.
Block-SSH-from-Outside Firewall Rule Configuration Details
Sources Destinations Services Actions
Block-SSH-from-Outside Web-Servers
App-Servers
DB-Servers
Task 2: Verify Gateway Rules from the NSX Edge CLI

You verify the gateway firewall rule information from the NSX Edge command line.
Uplink-01-Intf Configuration Details
Parameter Value
Type
Interface (UUID)
Context Name
17
Block-SSH-from-Outside Firewall Rule Configuration Details
Parameter Value
Rule ID
Protocol
From (source)
To (destination)
Port
Action (accept/reject/drop)
18
Lab 26 NSX Distributed IDS/IPS Validation
Task 1: Enable IDS/IPS Distributed Rules

You enable IDS/IPS distributed rules to prevent malicious traffic.
IDS/IPS-Policy Configuration Details
Rule Name Sources Destinations Security Profiles Mode
IDS/IPS-Rule
Task 2: Verify the NSX Distributed IDS/IPS Configuration from ESXCLI

You use the native ESXi commands to validate that the Distributed IDS/IPS configuration was successfully
realized in the data plane.
IDS/IPS Rule Configuration Details
Parameter Value
Rule number
Source (from addrset)
Destination (to addrset)
IDS Profile UUID
Mode (detect/protect)
19
Task 3: Analyze IDS/IPS Events
You review the ESXi log files and the NSX UI to identify events related to Distributed IDS/IPS.
IDS/IPS Event Details
Parameter Value
Severity
Details
Source IP and Port
Target IP and Port
Attack Type
CVE
Signature ID
20
Lab 28 NSX Advanced Load Balancer
Validation
Task 1: Verify the NSX Advanced Load Balancer Configuration from the NSX
Advanced Load Balancer UI
You use the NSX Advanced Load Balancer UI to check the health and logs of the virtual service, the web pool,
and the service engines.
Load Balancer Configuration
Parameter Value
Virtual Service Name
Virtual Service IP
VIP Name
VIP IP
Pool Name
Pool Servers (Names)
21
vs-web Event
Parameter Value
Client IP
Operating System
Browser
Virtual Service IP
Request
Response
Server IP
Task 2: Verify the Advanced Load Balancer Configuration from the NSX Advanced
Load Balancer CLI
You log in to NSX Advanced Load Balancer and use the command line to query the load balancer
configuration information.
Virtual Service Details
Parameter Value
Name
Port
Application Profile
VRF Context
Pool
Cloud
VS VIP
22
Pool Details
Parameter Value
Server 1 IP
Server 1 Hostname
Server 1 Port
Server 2 IP
Server 2 Hostname
Server 2 Port
23
24
Lab 31 IPSec VPN Validation
Task 1: Verify the IPSec VPN from the NSX CLI

You use the NSX CLI to verify the status and configuration of the IPsec VPN.
sa-nsxedge-03: IPSec Session Details
Parameter Value
IKE Session ID (SID)
UUID
Type
Session status
Local IP
Peer IP
Virtual Tunnel Interface (VTI) UUID
Tunnel status
25
auto-edge-01: IPSec Session Details
Parameter Value
IKE Session ID (SID)
UUID
Session status
Local IP
Peer IP
26
Lab 35 Layer 2 VPN Validation
Task 1: Verify the L2 VPN from the NSX CLI

You use the NSX CLI to verify the status and configuration of the L2 VPN session.
sa-nsxedge-03: L2 VPN Session Details
Parameter Value
DISPLAY_NAME
ID (session ID)
IPSEC_VPN_SESSION_ID
TUNNEL ENCAPSULATION PROTOCOL
sa-nsxedge-03: L2 VPN VNI and Tunnel Details
VNI Tunnel ID
27
auto-edge-01: L2 VPN Session Details
Parameter Value
DISPLAY_NAME
ID (session ID)
IPSEC_VPN_SESSION_ID
TUNNEL ENCAPSULATION PROTOCOL
auto-edge-01: L2 VPN VLAN and Tunnel Details
VLAN Tunnel ID
28
Lab 36 Datapath Troubleshooting East-West
Packet Walk Worksheet
Task 1: Use Traceflow

You use the Traceflow tool to examine how a packet traverses the datapath.
Traceflow Observations
Parameter Value
Name of the ESXi host name on which sa-web-01 VM is running
Distributed firewall rule (ID) applied to vNIC
Segment name to which the VM is connected
VNI of the segment
Name of the Tier-1 gateway to which the segment is connected
Segment VNI that connects the Prod-App-Segment to the Tier-1 gateway
Local endpoint IP address for sa-esxi-04.vclass.local
Remote endpoint IP address for sa-esxi-04.vclass.local
Distributed firewall rule number applied to sa-app-01 virtual Interface
Name of the interface that delivered the packet to the destination
29
Task 2: Perform Data Collection for Packet Capture
You use commands to query and record information about sa-web-01, sa-esxi-04, sa-app-01, and sa-esxi-05
through the CLI and GUI.
sa-web-01 Details from the vSphere Client
Parameter Value
IP address
MAC address
Host
Ports Details from the sa-esxi-04 Command Line
Parameter Client MAC Uplink
sa-web-01
vdrport
vmk10
vmk50
sa-web-01 dvFilter Name
Parameter Value
dvFilter name
sa-esxi-04 NSX Host Uplink Configuration Information
Parameter Value
NSX DVS Uplinks
30
sa-esxi-04 host TEP IP
Parameter Value
Local TEP IP
sa-esxi-04 Host VMkernel information
VMkernel IP Address MAC Address
vmk0 (Management)
vmk10 (TEP interface)
vmk50 (hyperbus interface)
sa-app-01 Details from the vSphere Client
Parameter Value
IP address
MAC address
Host
sa-app-01 Details from the sa-esxi-05 Command Line
sa-app-01
vdrport
vmk10
vmk50
31
sa-app-01 dvFilter Name
Parameter Value
dvFilter name
Parameter Value
NSX DVS Uplinks
Parameter Value
Local TEP IP
vmk0 (Management)
32
Task 3: Perform Packet Capture
You use the nsxcli commands to capture and analyze the ICMP traffic between the sa-web-01 and sa-
app-01 VMs, and the sa-esxi-04 and sa-esxi-05 hosts.
Packet Capture at the vNIC of the sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture Before the dvFilter Is Applied to the vNIC of the sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture After the dvFilter Is Applied to the vNIC of sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
33
Packet Capture leaving the vdrPort on the sa-esxi-04 Host
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture at the Uplink on the sa-esxi-04 Host
Parameter Value
Outer MAC Header Source
Outer MAC Header Destination
Outer IP Header Source
Outer IP Header Destination
Destination Port
Destination VM's VNI
Inner MAC Address Source
Inner MAC Address Destination
Inner Source IP
Inner Destination IP
34
Parameter Value
Destination Port
Inner Source IP
Packet Capture Before the dvFilter Is Applied to the vNIC of the sa-app-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture After the dvFilter Is Applied to the vNIC of the sa-app-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
35
Destination IP
Packet Capture at the vNIC of the sa-app-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
36
Lab 37 Datapath Troubleshooting South-
North Packet Walk Worksheet
Task 1: Use Traceflow

Use the Traceflow tool to examine how a packet traverses the datapath.
Traceflow Observations
Parameter Value
Name of the ESXi host on which the sa-web-01 VM runs
Distributed firewall rules (ID) applied to vNIC
Name of the segment name to which the VM is connected
VNI ID of the segment
Name of the Tier-1 gateway to which the segment is connected
Transit logical switch VNI ID that connects the Tier-1 gateway with the Tier-0 gateway
Tier-1 gateway logical router port connecting to the Tier-0 gateway
Tier-0 gateway logical router port connecting to the Tier-0 gateway
ESXi host local endpoint IP address (TEP IP address)
NSX Edge endpoint IP address
Interface on the edge to which the gateway firewall rules are applied
Firewall rule ID applied to interface
Name of the interface that delivered the packet to the destination
37
Task 2: Perform Data Collection for Packet Capture
You record the sa-web-01, sa-esxi-04, sa-nsxedge-02, and sa-esxi-02 details and use them in the upcoming
tasks to perform the packet capture.
sa-web-01 Details from the vSphere Client
Parameter Value
IP address
MAC address
Host
Ports Details from the sa-esxi-04 Command Line
sa-web-01
vdrport
vmk10
vmk50
sa-web-01 dvFilter Name
Parameter Value
dvFilter name
Parameter Value
NSX DVS Uplinks
38
Parameter Value
Local TEP IP
vmk0 (Management)
sa-nsxedge-02 TEP IP
Parameter Value
Local VTEP IP
NSX Edge TEP Interface Details
Parameter Value
Interface
Port-type
IP/Mask
MAC
MTU
39
Details for the NSX Edge Firewall Interface: Uplink-02-Intf
Parameter Value
Interface
Type
Name Uplink-02-Intf
VRF ID
Context name
Details for the NSX Edge Uplink Interface: Uplink-02-Intf
Parameter Value
Uplink interface UUID
Name
IP/Mask
MAC Address
Uplink Port Details: bp-sr1-port
Parameter Value
Uplink interface UUID
IfUid
Port-type
IP/Mask
MAC
VNI
40
sa-nsxedge-02 Details from the vSphere Client
Parameter Value
IP address
Host
sa-nsxedge-02 Uplink Details
USED-BY TEAM-PNIC
sa-nsxedge-02.eth2
Task 3: Perform Packet Capture

You use the nsxcli commands to capture and analyze the ICMP traffic between the VM and the
external IP Address.
Packet Capture at the vNIC of the sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
41
Packet Capture Before the dvFilter Is Applied to the vNIC of the sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture After the dvFilter Is Applied to the vNIC of the sa-web-01 VM
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Parameter Value
Destination Port
Inner Source IP
42
Packet Capture at the sa-nsxedge-02 Tunnel Port
Parameter Value
Destination Port
Inner Source IP
Packet Capture at the Prod-T0-GW-01 Transit Link Port
Parameter Value
Source MAC
Destination MAC
Source IP
Destination IP
Packet Capture at the Prod-T0-GW-01 Uplink Interface
Parameter Value
Source MAC
43
Destination MAC
Source IP
Destination IP
Outgoing Traffic at the ESXi Host Uplink Where NSX Edge Runs
Parameter Value
Source IP
Destination IP
Incoming Traffic at the ESXi Host Uplink Where NSX Edge Runs
Parameter Value
Source IP
Destination IP
44
45
46

NSXTO4 Lab Student Worksheet

Uploaded by

Copyright:

Available Formats

NSXTO4 Lab Student Worksheet

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NSXTO4 Lab Student Worksheet

Uploaded by

Copyright:

Available Formats

VMware NSX: Troubleshooting and

VMware® Education Services

Conventions Usage and Examples

Monospace Identifies command names, command options, parameters, code fragments,

• Run the esxtop command.

• ... found in the /var/log/messages file.

Monospace Identifies user inputs:

Boldface Identifies user interface controls:

• Click the Configuration tab.

Italic Identifies book titles:

• vSphere Virtual Machine Administration

• ... the Settings/<Your_Name>.txt file

Lab 3 NSX Management Cluster Validation ........................................................................... 1

Task 1: Verify the NSX Management Cluster Status from the UI

NSX UI Management Cluster Verification for sa-nsxmgr-01

Cluster (status of)

Number of NSX Manager Nodes

Operational status of MANAGER

DATASTORE group status

CONTROLLER group status

NSX Management Cluster Status Verification Using NSX CLI

DATASTORE group status

CONTROLLER group status

Task 1: Verify the Transport Node Preparation Prerequisites

Compute Manager Details for sa-vcsa-01.vclass.local

Transport Zone Details for Prod-Overlay-TZ

Number of transport nodes

Transport Zone Details for Prod-VLAN-TZ

Uplink Profile Details: ESXi-Host-Uplink-Profile

Subnet IP Range Details for TEP-IP-Pool

IP ranges 172.20.__________ through 172.20.__________

Task 2: Verify the Transport Node Preparation from the NSX UI

Host Transport Node Details for sa-esxi-04.vclass.local

NSX Configuration State

NSX Configuration Details of the sa-esxi-04 host

nsx-proxy vib Acceptance Level

Status of the nsxt-vswitch kernel module

vmk10 IPv4 Address

vmk50 IPv4 Address

Task 1: Verify the NSX Edge Configuration from the NSX UI

Edge Transport Node Configuration Details for sa-nsxedge-01

Selected Configuration Details of the sa-nsxedge-01 NSX Edge node

Minimum password length

Name of the network interfaces used to carry VM traffic

Channel used to connect to NSX-Manager

Physical port of the Prod-VLAN-NVDS host switch

Local VTEP IP of the Prod-Overlay-NVDS host switch

Encapsulation type used on all tunnel ports

Task 1: Verify Segments from the NSX CLI

Segment Configuration Details for Prod-Web-Segment

Verify Segments from NSX Manager CLI

Table Entry Value

arp-table MAC of sa-web-01 (172.16.10.11)

mac-table VTEP-IP associated with sa-web-01 MAC

mac-table VTEP-IP associated with sa-web-02 MAC

vtep TransportNode-ID associated with sa-web-01

Prod-Web-Segment Segment Configuration Details

Verify Segments from ESXi CLI

Table Entry Value

IP ranges 172.20. through 172.20.