Hi

I am rebuilding my home lab network & am seeking help about whether to use VLAN tagging at the vSwitch or let the pSwitch (access port mode) handle the VLANS.

Currently my vSphere(5.5) network does not use VLAN TAGS. The VLANS are defined on the router sub- interfaces (DOT.1q) & the switch VLAN ports are all access ports (DOT.1q). The pSwitch can do L3. If VLAN tagging is used on the vSwitch, the pSwitch would have 19 Trunk ports. From security view I think this would not been considered an ideal configuration.  

When do you use VLAN tagging on the vSwitch versus having the pSwitch handle the VLAN tagging?

When & why is it best to use either option?

The vSwitch for the Hosts will be configured:

HOST's (x 3) vSwitch Configuration - 6 Network Ports

vSwitch 0 (VMkernel)  -  

Management - vmnic0 >>>> pNIC0    VLAN10

vSwitch 1 (VMkernel) 

vMotion  -  vnic1 >>>>>>     pNIC1      VLAN 20

vSwitch 2 (VMkernel) 

IP Storage -   vmnic2 >>>> pNIC2       VLAN 50

vSwitch3 (VMkernel) 

IP Storage -   vmnic3 >>>> pNIC3      VLAN 50

vSwitch 4 (VM Port Group)

Virtual Machines traffic PortGroup

vmnic4 ->>>>>>>>>>>>> pNIC 4         VLAN 40

vmnic5 ->>>>>>>>>>>>> pNIC 5         VLAN 40

Comments & recommendations from the community are very much appreciated.

Regards