VMware Cloud Community
one3cap
Contributor
Contributor

VLAN Networking

Attached is a screenshot. What I would like to do is add another virtual machine to my vSwitch3 where I have vmnic6 and vmnic8 connected to a cisco switch.

The new virtual machine is going to be a web server in a DMZ AT 192.168.10.x on VLAN 10 and then other virtual machines connected to vSwtich3 are all 172.31.10.x on VLAN 20.

Am I able to do this? 1 vSwitch with multiple VLAN's?

If so does anybody have a guide or lead me the right direction? I have always had my VM's on the same VLAN.

Reply
0 Kudos
12 Replies
_David
Enthusiast
Enthusiast

Yes you can add upto 4096 VLANS on each vSwitch. Just hit Properties on the vSwitch, add networking, Virtual Machine Network, give it a name and set the vlan number.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
one3cap
Contributor
Contributor

Do I have to assign the virtual machine to the Port group?

Do I have to specify a vlan or port group for the existing virtual machines on that virtual switch?

Do I have to specify the native VLAN?

I just do not want to haphazardly add the Port Group. So I take it the port group ID has to match the vlan ID on the switch?

Reply
0 Kudos
djfiend
Contributor
Contributor

<--- great article explaining using VLAN's with ESX 3 servers, it answered all my questions about VLAN's with ESX, when I setting up an ISCSI network

Reply
0 Kudos
_David
Enthusiast
Enthusiast

Yes when the portgruop is created you have to connect the virtual machines nic to that portgroup. (Edit settings on the vm)

If you look at your vSwitch2 for example you see that the machines is connected to the portgroup "Virtual Machine network" this portgroup has no vlan set so it will use the native.

No the portgroup name has noting to do with the vlan ID

To make the best of your networking i suggest you make one switch for your virtual machines and connect all your nics (except from the nics connected to your servicec console portgroup and vmkernel portgroup) to that portgroup and make them all active. Then create different portgroups on that switch and set a vlan number for each portgroup. Now whenever you want to set a machine on a vlan you just choose the corresponding portgroup on the nic settings for the vm.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points
OmarVilla
Contributor
Contributor

This is what you call Network Tagging or VLAN Tagging, what you need is to configure the trunking on the pSwitch and let that port be able to see any VLAN you want to split in the Virtual world, once this is done you can do the vSwitching configuration in 2 ways first can be creating a single vSwitch and under this switch you add different groups each group must have the VLAN Tag or name that you have on your pSwitch, the other way is creating a different vSwitch and 1 group in it with the VLAN tag, this way you will split the trafic.

Hope this helps.

Regards.

Reply
0 Kudos
one3cap
Contributor
Contributor

So I took care of the switch config and also the vmware side. Picture attached. But now when I try to vmotiom between my server I get an error message because the other ESX server does not know about DMZ port group.

Reply
0 Kudos
habibalby
Hot Shot
Hot Shot

Hello,

For vMotion to work perfectly, you have to have the VMkernel Network can reach other VMkernel network on the secondary host within the cluster. What I see in the attached diagram is you are having the VMkernel Network in the same network as the Service Console "Your Heart Management" of your Virtualization Infrastructure.

Best practice, is to have the Service console behind a firewall and the VMkernel sets on a dedicated pSwitch on differest IP Addressing schema. No matter what IP Addressing schema you are using for the Service Console and VMkernel Network. But make sure that the Default Gateway in the Service Console Network is pingable AND AND the VMkernel network can reach to the Sevice Console IP Address and the VMkernel Network can reach the other VMkernel Network of the second host using vmkping command.

Here's a referance to help you out

S.C & VMotion VLANs on Nortel Switches 4524GT

Firewall Between ESX-vCenter vLAN & Production vLAN

BTW, What error you are getting when you try to vMotion?

Best Regards,

Hussain Al Sayed

Best Regards, Hussain Al Sayed Consider awarding points for "correct" or "helpful".
Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello,

Is your 'VMKernel' vSwitch portgroup used for iSCSI, if so then you are missing a VMkernel portgroup that has been marked for VMotion traffic. Note that each VMkernel portgroup should have a different subnet assigned to the vmkernel vNIC and it should be a differnet subnet than your SC.

This looks like an iSCSI configuration?

If you can not add more pNIC then I would combine SC with the VMotion network not with your iSCSI Data Network.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
one3cap
Contributor
Contributor

No this is FC SAN network no iSCSI.

Reply
0 Kudos
JeffDrury
Hot Shot
Hot Shot

Is you vSwitch configuration the same on both of the ESX servers? If it is not it is very likely that Vmotion will not work as the network resources are not present on the second ESX box.

Reply
0 Kudos
habibalby
Hot Shot
Hot Shot

  1. Under Storage Adabters Check that both hosts can see the volumes which are presented.

  2. Under Storage make sure that the Volumes are formated as VMFS and

  3. Make sure both hosts can see this volume

  4. In both hosts make sure that the VMKernel Network is added and both servers can ping to each other via vmkping CLI and can reach to the S.C Gateway. "If not, then this will result of an error "Could not reach an isolation Network Gateway "S.C Gateway"

Up to here, you can vMotion without any issue, unless you have something in the middle is blocking the communication between your hosts.

Hope it helps.

Best Regards,

Hussain Al Sayed

Best Regards, Hussain Al Sayed Consider awarding points for "correct" or "helpful".
Reply
0 Kudos
Texiwill
Leadership
Leadership

Hello,

Is the VMKernel 'portgroup' marked as your VMotion device? VMkernel is not the best label to use as it is used for VMotion, iSCSI and NFS. So I generally label it VMotion for VMotion.

vmkping the other VMotion ports on the VMotion network. Note this definitely should be a different subnet than your SC or you may not be able to reach anything.


Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos