VMware Cloud Community
lasinl
Enthusiast
Enthusiast

need multiple networks, segments or subnets or whatever its called

I have a basic flat network with a simple router, switch (no vlan capabilities) and ESXi 5.1. I need some of my VMs to be on their own network, but still be able to connect to the Internet. How can I achieve this?

0 Kudos
9 Replies
JagadeeshDev
Hot Shot
Hot Shot

Hence we dont have vlan capable switch,  we can create a port groups inside vswitch. Create multiple vswitches if you have enough uplinks.

But may i know your ultimate goal?

http://www.myitblog.in/
0 Kudos
a_p_
Leadership
Leadership

You could create a second internal-only vSwitch (without physical uplinks) and setup a virtual router (e.g. pfSense).

André

0 Kudos
lasinl
Enthusiast
Enthusiast

my ultimate goal is to have multiple networks walled off from each other so I can better mock and run tests based on some of my clients' Active Directory infrastructures (i.e., Win Server needs to be the DHCP server on a network).

0 Kudos
a_p_
Leadership
Leadership

That's exactly what you can do with pfSense. This is not only a router but also a firewall where you can configure multiple networks and setup rules.

André

0 Kudos
lasinl
Enthusiast
Enthusiast

do I have to make changes to my current basic network (because I rather not)?

0 Kudos
lasinl
Enthusiast
Enthusiast

I now have a VLAN capable physical/hardware switch and upgraded to ESXi 5.5. Now, how do I go about segmenting for a couple of VMs?

0 Kudos
King_Robert
Hot Shot
Hot Shot

if you have muti port Layer3 1 gig or 10 gig network switch you can configure multiple subnets and segments as the layer 3 switch has capability to do this.

you can create multiple VSwitch if there are sufficient uplink ports are there and can route VM traffic according to the load on VM network

0 Kudos
lasinl
Enthusiast
Enthusiast

Thanks! I finally understood what you, JD and a.p. were trying to say. I created a 2nd vswitch (for some reason I thought this feature wasn't available in ESXi), attached my lab group of Win server & Win clients to it and then created and attached a VM for a virtual router/firewall (x86 version of DD-WRT build r18777 - its the only build I could get to work properly). The only problem is my lab group/network (192.168.1.x) can access devices on my main network (192.168.145.x) and I don't want that (i.e., a client computer, 192.168.1.93, can access my NAS, 192.168.145.3). How do I make it some my lab group can't access the main network, but can still get Internet access?

0 Kudos
a_p_
Leadership
Leadership

I'm not familiar with the virtual router/firewall you are using, but usually these firewalls allow to create access rules (allow/deny), where you can define what's accessible.

André

0 Kudos