Hi,
this morning I could fix my problem by myself using the well known search engine.
I've found this:
PORT-W-LOCKPORTACTIVE- Sw ESW 520 | LAN, Switching and Routing | Cisco Support Community | 6016 | 11662891
The whole descrption is to find here, but it is in german:
http://www.administrator.de/content/detail.php?id=283025&token=713#comment-1039572
So I will give a little summary in my poor english.
It seems like this. If you create a lag trunk on that switch (cisco sg500x), a dynamicly port security policy is generated automaticly.:smileyshocked:
You can see that if you going to Security -> Port Security and set the filter to the LAG ports.
By default the ports are generated with standard values:
2 LAG 2 Locked Limited Dynamic Lock 10 Discard Enabled 60
3 LAG 3 Locked Limited Dynamic Lock 10 Discard Enabled 60
Where 10 and Limited Dynamic means that the port closes after 10 dynamicly learned MAC addresses. So if this threshold is reached all new MAC's are blocked. That was the problem in my case.
I did a test by disabling the policy for LAG2 and suddenly a network connection of my problematic vm was possible. So I thought disabling is not a good bractise and I re- enabled the rule and increased the number of MAC to 25 - a good value for my setup.
2 LAG 2 Locked Limited Dynamic Lock 25 Discard Enabled 60
3 LAG 3 Locked Limited Dynamic Lock 25 Discard Enabled 60
After I had re-enabled that rule, I migrated another vm with the same problem before.
With the new value everything works fine now.:smileyhappy::smileyhappy: