Hi,

They have lots of vm servers running on them. I'm currently adding 2 more hosts too.

Thanks

1.) Are there other ways to achieve this?

2.) If I'm only using one network cable from each host to the Cisco switch, do I need to create a port group?

3.) If it is a trunk I guess all 3 vlans will be seen on the vSwitch, how will I assign the VM guest servers to either of the 3 vlans?

Thanks

2:   The multipe portgroups will allow you to do vlan tagging at the vSwitch level.

3:  Assign a portgroup to a VM and they should have access to that particular VLAN.

Check out this KB for some more information on VLANs,  http://kb.vmware.com/kb/1004074

Reason I asked is that if you want to setup a true DMZ I wouldnt use the ESX virtual switch as a means to do that.  I would keep these hosts and hosted VM;s seperate to the rest of your estate as a previous poster has stated.  VLAN's and Virtual Switches are not a good security boundary.

Yeah it seems I need to create a virtual switch on each host and connect a network cable from each host to the physical Cisco DMZ switch and set it as a trunk to send the VLAN tags down to the hosts.

Does that sound about right to you?

yes it does.  Jst make sure you set the speed and duplex the same at both ends too.

If I have the 3 VLAN tags coming down to the vSwitch on each host fromt he physical Cisco switch how will I tell a VM host to only connect to a particular VLAN?  I will I need to create 3 vSwitches on each host?

When you create your Vswitch and attach your physical NICS which are attached to the cisco DMZ switch, you will create a port group for each VLAN that you want - so in your case 3.  Then when you build your VM you will select your network adapter and from the drop down list select which port group (VLAN) you want to assign to the VM.