You must have a DHCP server on the 10.0.1.x network, possibly your home router (for wifi and broadband).

Correct, my home wifi and broadband

You will need to post information about the virtual and physical networks - VM network adapter connections, ...

• Physical network: I have an Apple AirPort attached to my broadband router. Attached to my AirPort is my Dell Server running VMWare ESXi 7 (via cat 5 cable on NIC 0), and my penetration testing Macbook via wifi.
• Virtual network: 1 Windows Server 2019 Domain Controller/AD Domain Services/Cert Authority, 1 Windows Server 2019 DHCP, 1 Windows 10 Enterprise. I plan on adding more later.

VM port groups, virtual switches, physical NIC uplinks for your virtual switches are using (including what physical networks they are connected into)

The above are all set to the factory defaults (I have not changed them). My VLAN ID 0 (the only VLAN I have at the moment) is wired up to my vmnic0

VM port groups: I have:

1. Management Network: 1 active ports, vSwitch: vSwitch0, VMs: N/A
2. VM Network 0 active ports, vSwitch: vSwitch0, VMs: 3

Virtual switches:

1. vSwitch0: Port groups: 2, Uplinks: 1 (vmnic0)

Physical NIC uplinks:

1. vmnic0: Enabled, 1000 Mbps, full duplex
2. vmnic1: Enabled, LInk down (don't have this wired yet)

Other physical hardware I have access to, that I can use to set up any way I want:

1 CPU with 8GB RAM that currently has Windows 10 Prof. on it, but I can wipe and put anything I want on it.

1 unmanaged Netgear 5-port switch.

1 (extra) Apple AirPort.

Thank you for your help!

If I understand this correctly, you do have two subnets running on the same physical switch without VLAN separation. With that setup, the DHCP clients will receive an IP offer from the DHCP server that responds faster that the other.

What you need is to either physically, or logically separate the two subnets, or - if possible - configure DHCP policies on the DHCP servers, where one of them (the virtual server) will respond to VMware MAC addresses, and the other one to non-VMware MAC addresses.

André

I almost missed the "1 unmanaged Netgear 5-port switch" that yu have.

With this, you could create another vSwitch with a VM port group to which you connect all the 192.168.x.x VM, and connect the new vSwitch (using the host's free NIC), as well as your client's network port to the Netgear switch.

André

If I understand this correctly, you do have two subnets running on the same physical switch without VLAN separation.

That's correct.

However, I'd prefer not to physically separate them so I can both manage my server from my macbook as well as do pen testing on the virtual network using my same macbook.

There are unfortunately not many options available with two DHCP servers in the same broadcast domain.

One this that you can/should do is to configure a policy on the virtual DHCP server's configured range, so that it only offers leases to MAC addresses starting with 00:50:56, or 00:0C:29. This will avoid possible issues where LAN devices may receive 192.168.x.x addresses.

If the physical DHCP server doesn't have such an option, it may - depending on how often you have new devices in your LAN network - be an option to allow only pre-configured MAC addresses on the DHCP server.

Temporarily disabling DHCP on your physical DHCP server may also be possible, but it requires that you don't forget to enable it again after testing. (not very practical)

André

Unless you can sort DHCP, are static IPs not an option?

Thanks Scott,

I guess I could in the end, but I'd prefer not have to use static ip addresses if I can avoid it.

I was able to create a new Port Group for VM Network, and assign a new Virtual Switch to it that is attached to NIC 1. So now, I'm relieved of having all my VM's assigned 10.0.1.xxx addresses, and now faced with having 169.254.xxx.xxx addresses, which I assume are being assigned by the vmware server because all my VM's are set up to obtain their ip addresses automatically.

Any idea where to go from here?

"169.254.xxx.xxx" are APIPA addresses, i.e. self-assigned addresses. This occurs if no DHCP offer is received.

Please double check the DHCP server's configuration, and the configured DHCP range.

André

169.254.x.x addresses are self-assigned by the guest OSes, this will happen when a DHCP client which supports APIPA does not receive an address from a DHCP server: APIPA - The Wireshark Wiki

They are nothing to do with VMware.

Yes, that's my next problem. I have the everything else working. Of course, the VM Network NIC is a 169.xxx address at the moment,

I saw your comment on another thread, just added this reply there:

A port group can EITHER be used by the VMkernel OR VMs, but not both.

vSwitches support multiple port groups.

So if you want VMs AND the VMkernel to share a physical NIC, add multiple port groups to the vSwitch which uses the NIC.

This is basic vSphere networking.