VMware Cloud Community
jneves10
Contributor
Contributor

Configure VLAN's and ESXi

I every one,

Currently i have a problem...

In my network i got the following:

  1. 1 router (access the WAN);
  2. 1 switch (8 ports);
    • Support VLAN's;
    • 3 VLAN's created (LAN [vlanid 2], DMZ [vlanid 3], WAN [vlanid 4]);
  3. 1 ESXi Server (connected to the switch);
    • with 3 distincted networks:
    • LAN [10.0.xx.xx];
    • DMZ [172.16.xx.xx];
    • WAN (the same network as the router [192.168.xx.xx]);
  4. The port where the ESXi is connected belongs to the 3 VLAN's configured on the switch;
  5. For each vswitch on ESXi, i associate the respective vlan id (i.e for vswithc WAN i associate the vlanid 4);
  6. On the switch i got an AP connected to one port that belongs to VLAN LAN (2);

What i want is to be able to connect to the AP (or other port on the switch that belongs to VLAN LAN)  and access to the resources presented on my LAN (10.0.xx.xx).

I hope for your feedback to solve this issue.

Best regards,

José Luís Neves

Reply
0 Kudos
16 Replies
jneves10
Contributor
Contributor

Let me complete the scenário with an important note!

The switch port where my ESXi server is connected, belongs to the 3 existing VLAN's.

Cheers,

José Luís Neves

Reply
0 Kudos
a_p_
Leadership
Leadership

I'm having trouble understanding the issue you have, can you please explain? Maybe a screen shot of the virtual network configuration could help!?

André

Reply
0 Kudos
weinstein5
Immortal
Immortal

Do you have only the single NIC in your ESXi host? - If  you do what you will have to do is create a single bswitch connected to the single NIC - on the vswitch creat seperat vmkernel ports and vmport groups configured with the approriate vkan tag -  this will allow you to ag the traffic, whether VM, management or other, to the apporiate vlans

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
jneves10
Contributor
Contributor

Hi weinwtein5,

First of all thank you for your reply!

Considering my scenário let me complete with some important information.

As i said on my original post, i have 1 switch with 8 ports (HP ProCurve 1810G - 8 GE), and i have my ESXI with a single NIC, where i have configured 3 vSwitch (WAN, LAN, DMZ).

So, the procedure you suggest (creat seperat vmkernel ports and vmport groups configured with the approriate vkan tag) applies to this, or only if i have a single vSwitch?

Best regards,

José Luís Neves

Reply
0 Kudos
jneves10
Contributor
Contributor

Hi André,

Thank you for your interest!

In a simple manner, the following image can help you understant my scenário.

scenário.jpg

Best regards,

José Luís Neves

Reply
0 Kudos
iw123
Commander
Commander

Not sure if I am understanding the question correctly - but looking at your diagram, If you have one physical NIc then you will only be able to use one vswitch - but on that switch you can configure port groups for each of the vlans you need to give your virtual machines/esx host access to. The single uplink that you have will need to be configured as a trunk port (although it sounds as though you have already done this). 

*Please, don't forget the awarding points for "helpful" and/or "correct" answers
Reply
0 Kudos
rickardnobel
Champion
Champion

jneves10 wrote:

  1. The port where the ESXi is connected belongs to the 3 VLAN's configured on the switch;
  2. For each vswitch on ESXi, i associate the respective vlan id (i.e for vswithc WAN i associate the vlanid 4);
  3. On the switch i got an AP connected to one port that belongs to VLAN LAN (2);

What i want is to be able to connect to the AP (or other port on the switch that belongs to VLAN LAN)  and access to the resources presented on my LAN (10.0.xx.xx).

It might be good if you could provide a screenshot of your networking setup in the vSphere Client.

You do only have one physical nic port into the host? Is this nic (called vmnic0) attached to vSwitch0 and the vSwitch1 and vSwitch2 are "empty"?

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
jneves10
Contributor
Contributor

Hi rickardnobel,

Here is a screenshot...

esxi_networking.jpg

Yes, i have only o single NIC connect to ESXI and is attached to vSwitch0 as vmnic0.

Thank you,

José Luís Neves

Reply
0 Kudos
rickardnobel
Champion
Champion

jneves10 wrote:

Yes, i have only o single NIC connect to ESXI and is attached to vSwitch0 as vmnic0.

The only way use this setup and let the VMs on the other vSwitches get any network connectivity to the outside world is to use a VM as a router, with a vNIC on each vSwitch. Do you have that kind of configuration?

There seems to be a VM called rvx-srv-fw attached to all three vSwitches.

What was the exact problem in your situation?

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
jneves10
Contributor
Contributor

Yes, in fact my vm rwx-srv-fw is a firewall that has 3 NICs, (WAN, LAN, DMZ and each interface belongs to the respective vSwitch).

All vm communicate as expected based on rules defined on rwx-srv-fw, but whem i connect to wireless in the office (provided by router), in fact for ESXI i am on WAN and i can't access to vm that are on LAN... (Different networks: LAN 10.0.0.0/24 and WAN 192.168.1.0/24)

What i want is to deploy an AP connected do the VLAN LAN to connect to that wireless network that belongs to LAN, and consequently get direct access to ESXI vm in LAN.

Thank you,

José Luís Neves

Reply
0 Kudos
MartinPasquier
Contributor
Contributor

Hi,

I used vlan on ESX hosts. I had around 30 VLANs for each of them.

One working configuration is to configure the switch port connected to your esx host as trunk with your vlan allowed on.

Then if you want one VM to access on VLAN#1 you can TAG the VLAN in ESX.

Sorry my english is not really good.

Hope I helped

Martin

Reply
0 Kudos
rickardnobel
Champion
Champion

jneves10 wrote:

What i want is to deploy an AP connected do the VLAN LAN to connect to that wireless network that belongs to LAN, and consequently get direct access to ESXI vm in LAN.

So you want the AP to be on the same Layer 2 network as the internal VMs sitting on "LAN"?

This is possible, but you will have to actually use VLANs to do this, and put the LAN-portgroup on vSwitch0 and have the correct VLAN id on both portgroups. The AP will also have to be on a physical port with this VLAN.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
jneves10
Contributor
Contributor

Hi MartinPasquier,

You are telling me to configure the physical switch as trunk?

Thank you,

José Luís

Reply
0 Kudos
jneves10
Contributor
Contributor

Hi rickardnobel,

Yes, that is what i want to do...

Before posted here, i tried the procedure you are suggesting, with no success Smiley Sad

I will try the suggestion of MartinPasquier and configure the physical switch as trunk.

Thank you,

José Luis

Reply
0 Kudos
MartinPasquier
Contributor
Contributor

Hi,

So I don't say that is THE solution but personnaly I always do like that because I've a lot of VLANs.

So for example if you have vlan1,2 & 3 you configure the physical switchports connected to the server as trunk and add/allow vlans 1,2&3 to pass trough this trunk.

Finally you TAG the vlan into VMWare. I do not remeber exactly how I did that and I'm out from work for 2 weeks ... I don't exactly remeber if I created one vswitch per vlan and explicit the tag there to then add virtual ether card on appropriate switch ... something like that I think.

Good Luck

Regards

Martin

Reply
0 Kudos
rickardnobel
Champion
Champion

jneves10 wrote:

I will try the suggestion of MartinPasquier and configure the physical switch as trunk.

Most likely this is already done, reading from your first post:


jneves10 wrote:

The port where the ESXi is connected belongs to the 3 VLAN's configured on the switch;

"Trunk" is the Cisco name of having several VLANs on the same physical switch port and to add a small 4-byte tag to each frame which identifes the VLAN-membership.

In the current configuration this will not help you however, because of the separated vSwitches.

You will have to do the setup as I described earlier: add the portgroups to the vSwitch0 with the vmnic uplink, use the correct VLAN id and make sure the physical switch port is correctly configured.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos