Solved: VLan tagging issues

Rygar · ‎04-23-2013

Hi guys I am using VSphere Essential plus, I set up a Vlan 1955 for VLan tagging for the Front End. I created Vlan 1955 on my cisco SG300 and tagged all the ports

The issue I am having is if I try to change the VM Network to the 1955 Vlan I loose all connectivity to those virtuals same thing if i try to move a virtual on to the Front End.

Any ideas?

Thank you

rickardnobel · ‎04-23-2013

Rygar wrote:
Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag.”

The ESXi host will not necessarily drop untagged frames, but they need a portgroup with no VLAN defined (could be expressed as VLAN 0). This also means that the VM traffic from such portgroup will enter the physical switch port "native VLAN" (i.e. untagged vlan.)

So my question is,
Is it possible to have Default VLAN 1 (all workstations are on this VLAN) talk to VLAN 1955?

If they really are different VLANs on your physical network then you need to have some kind of routing between the two networks. Or do you see VLAN 1 and VLAN 1955 as the same network and broadcast domain?

My VMware blog: www.rickardnobel.se

View solution in original post

a_p_ · ‎04-23-2013

If I understand the screen shot correctly, you configured VLAN 1955 as the default VLAN on the physical switch ports rather than to just add this VLAN to the allowed list!? In this case the physical switch will remove the VLAN tag from the packet and send the untagged data to the ESXi host and therefore the packet will not be forwarded to the tagged port group.

André

Rygar · ‎04-23-2013

Vlan 1 is still the default VLAN I believe.

If i do sh run i get this for the ports

Am i running in to this? which i believe is what you are saying.

Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag.”

So my question is,

Is it possible to have Default VLAN 1 (all workstations are on this VLAN) talk to VLAN 1955?

I apologise I am new to this

a_p_ · ‎04-23-2013

Unfortunately I'm not familiar with the SG300 switch. However, you may take a look at http://kb.vmware.com/kb/1004074 for a sample VLAN configuration as well as http://it-erate.com/cisco-sg300-vlan-setup-vmware-esxi-5/ for some hints about the switch you are using.

André

rickardnobel · ‎04-23-2013

Rygar wrote:
Native VLAN ID on ESXi/ESX VST Mode is not supported. Do not assign a VLAN to a port group that is same as the native VLAN ID of the physical switch. Native VLAN packets are not tagged with the VLAN ID on the outgoing traffic toward the ESXi/ESX host. Therefore, if the ESXi/ESX host is set to VST mode, it drops the packets that are lacking a VLAN tag.”

The ESXi host will not necessarily drop untagged frames, but they need a portgroup with no VLAN defined (could be expressed as VLAN 0). This also means that the VM traffic from such portgroup will enter the physical switch port "native VLAN" (i.e. untagged vlan.)

So my question is,
Is it possible to have Default VLAN 1 (all workstations are on this VLAN) talk to VLAN 1955?

If they really are different VLANs on your physical network then you need to have some kind of routing between the two networks. Or do you see VLAN 1 and VLAN 1955 as the same network and broadcast domain?

My VMware blog: www.rickardnobel.se

Rygar · ‎04-23-2013

My goal is not to over complicate things. The vlans are not physically separated.

It was recomended from vmware to have vlan tagging since it helps with traffic.

I guess I just dont know how to configure the switch to allow VLAN 1 and VLAN 1955 to talk to each other while VLAN 1955 and the VSwitch tag the traffic or I set the VMside of things the wrong way but I doubt it its pretty straight forward.

I called cisco support which said everything was set correctly yet its not working.

Thank you for your help

rickardnobel · ‎04-23-2013

I might not still be totally sure what you want to actually setup. The reasons for using VLANs in vSphere is the same as in ordinary physical networking, that is, to separate the traffic into different broadcast domains and IP networks.

However, if you do not have that kind of isolation in your physical network then you have no reason to implement any VLANs on the VM traffic just for the cause of using VLANs. If so just set the switch ports into access mode and do not have any VLAN number on the VM portgroups.

My VMware blog: www.rickardnobel.se

Rygar · ‎04-23-2013

I should of mention I am trying to setup a 3 node Storage appliance.

rickardnobel · ‎04-23-2013

Could you post the configuration (show run) from the physical switch ports?

Is the VLAN 1955 something that you use on your physical network and have configured other physical switch ports as access mode in that VLAN?

My VMware blog: www.rickardnobel.se

Rygar · ‎04-30-2013

We end up going with just the BackEnd Vlan 1192 and set the FrontEnd Vlan to 0. Everything seems to be working great so far.

Thank you.

All

VLan tagging issues