VMware Cloud Community
mimiz
Contributor
Contributor

setup VM subnet different from main LAN

Hi community !

I'm newbie in ESXI, and i have to create a windows VM, with a different subnet than the main LAN
my problem is when i use the ip config of the main LAN i haven't any probem, everything is alright, but i don't know how to use a different LAN for my VM and make it communicate with my main LAN,

I've been searching in many forums and KB, i saw that i must configure ports group, static route, Vswitches, ...

But i haven't find any step by step tutorial to do that.

can anyone help me ?

thanks.

Reply
0 Kudos
19 Replies
Bogdan_Ionut
Contributor
Contributor

Configuring networking in ESXi to allow a VM to communicate with a different subnet involves a few steps, including creating a new port group, setting up a virtual switch, and possibly configuring static routes. Here's a step-by-step guide:

Create a New Port Group:

  • Log in to the vSphere Client.
  • Go to the host or cluster where the VM resides.
  • Click on the ESXi host.
  • Navigate to "Configure" > "Networking."
  • Click "Add Networking" and choose "Virtual Machine."
  • Select the appropriate network adapter (physical NIC).
  • Choose "Create a standard switch."
  • Assign a name to the new port group and assign a VLAN ID if needed.

Assign the Port Group to the VM:

  • Edit the settings of your Windows VM.
  • Select the network adapter.
  • Choose the newly created port group under the "Network" dropdown.

Set Up the IP Configuration in the VM:

  • Inside the Windows VM, go to Network and Sharing Center > Change Adapter Settings.
  • Right-click on the adapter corresponding to the newly assigned port group and choose "Properties."
  • Set a static IP address in the different subnet. For example:
    • IP address: 192.168.x.x (different from your main LAN)
    • Subnet mask: 255.255.255.0 (or appropriate for your subnet)
    • Default gateway: IP of the router in the different subnet

Configure Routing:

  • If the communication between the subnets needs to happen, ensure routing is set up. This might involve configuring static routes in your router or adding routing information in your main LAN gateway device to reach the subnet where your VM resides.
Reply
0 Kudos
mimiz
Contributor
Contributor

Hello !

Thanks for your answer, but i can't find where is the

  • Navigate to "Configure" > "Networking."
  • Click "Add Networking" and choose "Virtual Machine."

i can only create a new group port, vSwitch or VMKernel NIC

and as i see, i already have 2 networks

Capture d’écran 2023-11-24 à 14.35.58.png

 thaks for helping me 😊

 

 

Reply
0 Kudos
Sachchidanand
Expert
Expert

Create a port group for the specific lan/vlan and make sure your vSwitch have uplink configured as trunk port.

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

hi ! thank you for your answer,

i creaeted them, but how to configure them so that my vm in lan 192.168.100.x can communicate with my local LAN which is in 192.168.200.x ?

thank you!

Reply
0 Kudos
mimiz
Contributor
Contributor

Hi ! thank for your answers, but i'm still stuck 😪

i created two port groups , a vSwitch , and connected them.

my Physical lan is in 192.168.200.x , my ESXI is on .28

i created the NIC VMkernel with static IP 192.168.168.28

i associate the VM with the vSwitch i've created

i configured the VM with gateway 192.168.168.28

i'm able to ping the gateway 168.28, i'm able to ping the gateway 200.28,

but i can't ping any ressource of my my LAN.

Can anyone help me ?

thanks .

 

Reply
0 Kudos
Kinnison
Commander
Commander

Hello,


To put it very simply, networking in the context of an ESXi host does not provide IP services to your workloads, i.e. it does act as a router in the context of your network infrastructure to put different IP networks in communication with each other.


Regards,
Ferdinando

Reply
0 Kudos
mimiz
Contributor
Contributor

Thanks !

and how can i make my virtual machine communicate mith my mail LAN ?

Reply
0 Kudos
Sachchidanand
Expert
Expert

Why your VM's gateway is your vmkernel? Have you configured the same segment (168.x) on the physical switch? 

Change your VM's gateway the IP configured on your physical switch and make sure that routing is there between the two segment.

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

thank you for answer but i'm really noob in esxi.

i have an ESXI in my main LAN ( 192.168.200.x) the adresse of the Esxi is on 28, (and i have other VMs on this Range working fine)

i want to isolate only one VM in another range (192.168.168.x) and make it communicate with the physical LAN.

my vmk1 is on (192.168.168.28), and i configure it as the gateway of my VM,

on my VM i reached to ping the 168.28 and the 200.68, but not other hosts on 200.x

i my wrong in my approach ?

 

Reply
0 Kudos
Sachchidanand
Expert
Expert

vSwitch provides you L2 environment, so configure the gateway on physical switch and see if it works...

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

what exactly do you mean by physical switch? the switch to which the ESXI is directly connected? if this is the case, it is also an L2 switch, however I also manage the site's firewall, but I don't know exactly what to do to allow this communication?

Reply
0 Kudos
Sachchidanand
Expert
Expert

Physical switch means where you have configured the gateway for ESXi, a device which you configured as L3.

Do the same configuration of the second segment same as you configured for ESXi segment.

Regards,

Sachchidanand 

Reply
0 Kudos
mimiz
Contributor
Contributor

I do not have to my knowledge that the gateway was configured on a switch, the ESXI gateway is simply the gateway used throughout the LAN, which is the address of one of the outputs of the Firewall which hosts all the LAN network

Do i need another link on another firewall output, configure the gateway and allow communication with the main LAN?

Reply
0 Kudos
Sachchidanand
Expert
Expert

It seems that your setup is behind firewall and your gateway for esxi is on firewall. If this is the case, then you have to create another gateway on firewall for the second subnet and make some rules to allow communication between the two segments. Also on the physical switch, you must have vlan correspond to the vlan used in port group.

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

but to do this i'll need another link between the ESXI and the firewall? I can not do that ?

Reply
0 Kudos
Sachchidanand
Expert
Expert

No need of another link if your existing link is a trunk port.

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

But i haven't a managable switch, the esxi is connected to the main LAN and i have a firewall to manage the networks

 

Reply
0 Kudos
Sachchidanand
Expert
Expert

This you have to check with your internal team how you want to design your network. From ESXi point of view, I have already explained the way to run multiple network.

Regards,

Sachchidanand

Reply
0 Kudos
mimiz
Contributor
Contributor

Hello !

Finally i convinced my technic director to set it in the main LAN, and block all traffic in/out , and manage whitch ressource can attempt this VM,

Thank you !

Reply
0 Kudos