VMware Cloud Community
velo79
Contributor
Contributor
‎04-04-2020 03:05 AM

Trunk Port Group ESXi 6.7

Wonder if someone can give some advice on this situation. I have some experience on ESXi but it's not something I work on often.

Setup

I have one ESXi host (6.7) with standard vswitch connecting to an upstream Cisco switch. I have two cables from the host to the switch (configured as failover on the ESX side so only one cable used at once) On the Cisco switch I have the same VLANs (10-30) configured on both ports (no etherchannel/lacp etc as it's not supported on standard vswitch)

Problem

I have two network adapters on the  VM. I want to use half the VLANs on one network adapter and the other half of the VLANs on the second network adapter. You can't specify multiple VLANs in a port group on ESXi so what I did was create a single Trunk Port Group (4095) and then assign it to both VM Network Adapters. The VM is VLAN tagging the specific VLANs on both of the network adapters (e.g. 10-15 on one and 16-30 on second) Traffic works fine on the first adapter one a test VLAN but when I try bring up an IP on the VM on the second adapter it behaves strange. I can see upstream Mac address of the default gateway on that VLAN but from the switch I can't see the downstream MAC addresses on the second interface. Basically it doesn't work.. My assumption is that I am doing something wrong here and this is not supported. Interestingly when I created another port-group with only one VLAN and I assign that to the second NIC (leaving the trunk port-group on the first NIC) then it all seems to work OK. But that doesn't help me as I need multiple VLANs.

Is it possible to have a Trunk Port group (VLAN 4095) assigned to the same VM twice?

Thanks

Tags (2)
Reply
0 Kudos
4 Replies
daphnissov
Immortal
Immortal
‎04-04-2020 05:47 AM

I have two network adapters on the  VM. I want to use half the VLANs on one network adapter and the other half of the VLANs on the second network adapter.

This is a very unusual request. Why exactly are you trying to do this? What's the use case?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
velo79
Contributor
Contributor
‎04-04-2020 08:12 AM

I am migrating a physical Cisco ASA firewall to an ASAv (virtual) The config is 20 pages long and I don't really want to to re-write the config if I can avoid it. It's replicating the ASA config, it has an Outside Trunk and an Inside Trunk (separate interfaces)

There is a second host also but for the sake of keeping the explanation simple I just said one host.

Reply
0 Kudos
a_p_
Leadership
Leadership
‎04-04-2020 08:40 AM

I assume that what you may need for this is a distributed virtual switch, see Configure VLAN Tagging on a Distributed Port Group or Distributed Port

However, you may try to see whether enabling promiscuous mode on the vSwitch, or port group (depending on your current configuration) helps.


André

Reply
0 Kudos
velo79
Contributor
Contributor
‎04-06-2020 12:52 AM

Thanks for the answer. Unfortunately I don't have the option of DVS. Cheers for the tip, that was going to be my next step.

Thank you

Reply
0 Kudos