VMware Cloud Community
kelvindp
Contributor
Contributor
‎01-20-2020 05:06 PM
Jump to solution

How to setup DMZ on vSphere Infrastructure

Hi,

My client have DMZ network on HyperV. And wants to migrate their VMs on vSphere 6.7. But we unable to ping the DMZ network on HyperV. I thought we missed out some requirements or other configurations.

We have 4 ESXi hosts, used vmnic2 and vmnic3 (both 1G), we assign these vmnics on vSwitch1 (VSS) and create port group named as DMZ Network with an VLAN ID of 50. vSwitch1 is in Route based originating virtual port, NIC teaming on vmnic 2 and vmnic 3 are both active.

I emailed their Network Administrator if he did the following steps below that I saw in this KB. VMware Knowledge Base

This sample is a supported Cisco Trunk Port configuration:

interface GigabitEthernet1/2
switchport (Set to layer 2 switching)
switchport trunk encapsulation dot1q (ESXi/ESX only supports dot1q, not ISL)
switchport trunk allowed vlan 10-100 (Allowed VLAN to ESXi/ESX. Ensure ESXi/ESX VLANs are allowed)
switchport mode trunk (Set to Trunk Mode)
switchport nonegotiate (DTP is not supported)
no ip address
no cdp enable (ESXi/ESX 3.5 or higher supports CDP)
spanning-tree portfast trunk (Allows the port to start forwarding packets immediately on linkup)

Note: For more information on configuring your physical network switch, contact your switch vendor.
0 Kudos
1 Solution

Accepted Solutions
T180985
Expert
Expert
‎01-20-2020 11:31 PM
Jump to solution

Sounds like the VLAN hasnt been trunked, did your network administrator get back to you to confirm whether the switch ports are correct?

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums

View solution in original post

0 Kudos
3 Replies
scott28tt
VMware Employee
VMware Employee
‎01-20-2020 10:50 PM
Jump to solution

Moderator: Moved to vSphere vNetwork


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
T180985
Expert
Expert
‎01-20-2020 11:31 PM
Jump to solution

Sounds like the VLAN hasnt been trunked, did your network administrator get back to you to confirm whether the switch ports are correct?

Please mark helpful or correct if my answer resolved your issue. How to post effectively on VMTN https://communities.vmware.com/people/daphnissov/blog/2018/12/05/how-to-ask-for-help-on-tech-forums
0 Kudos
kelvindp
Contributor
Contributor
‎01-21-2020 12:43 AM
Jump to solution

Hi,

I emailed the Network Administrator, he replied.

"Our DMZ switch is L2 only. The switch port configuration that is connected to the Dell Server is only access mode tagged to DMZ Vlan. I will change this trunk and allowed only the DMZ vlan, since Dell servers only support trunking."

After a while he emailed again.

"Done changing the switchport to trunk, please check again on your end."

Then just now the System Administrator replied that it is now working.

"Server in DMZ is now working. I moved the container also and tested it already."

Thank You T180985

0 Kudos