802.1q (VLAN Tagging) with Windows

Has anyone been able to do VLAN tagging inside a Windows VM? The only vNIC that could allow this is the e1000 with Intel drivers (I tried latest drivers, version 12.0) which support VLANs. I tried it a while ago and it didn't work; tried again, now with ESX 3.0.1 and all patches, and a new Intel driver version, but it still doesn't work. Anyone tried this and succeeded?

Paulo

0 Kudos
18 Replies
Paul_Lalonde
Commander
Commander

Have you configured the port group on the vSwitch for VLAN ID # 4095 ?

In order for the VLAN tags to be passed to the virtual machine (Virtual Machine Guest Tagging), the VM needs to be in a port group with VLAN 4095 assigned.

Paul

0 Kudos

Yes, I did just that. Then I created a "virtual adapter" (for lack of better term) inside the guest through the VLANs tab of the NIC properties and configured it as a DHCP client. However, it doesn't get an IP, despite being on a VLAN which has a DHCP server.

Paulo

0 Kudos
Paul_Lalonde
Commander
Commander

Is the physical switch port configured as a tagged ("trunked" in Cisco speak) port? Is it configured to pass that VLAN ID to the end system?

What happens when you statically assign an IP address to the VM?

Paul

0 Kudos

The physical switch port is trunked, and I have a bunch of host tagging virtual switches on it, all working beautifully.

I then created another virtual switch with VLAN ID 4095, connected a Windows Server 2003 VM with an e1000 vNIC to it, installed the Intel drivers and configured a VLAN on the drivers.

Even with a static IP address, it doesn't work. No pings. Any clues?

Paulo

0 Kudos
Paul_Lalonde
Commander
Commander

Hmm, if you're doing VST (virtual switch tagging) on this pnic already, would they not be stripping off the VLAN tags before they get to your portgroup?? That's the default behaviour.

Your portgroup is probably not seeing any tagged frames at all.

Paul

0 Kudos

Sorry, I wasn't precise earlier. I have a virtual switch with several port groups doing VST. I created a port group on VLAN 4095 and connected the VM to it.

The VMs on "regular" port groups should have their packets transparently tagged/untagged by the host. However, port group 4095 is special in that it doesn't tag or untag packets, meaning the VM should take care of its own tagging.

I expect this to mean that I can create portgroup 4095 on a pnic, install a tagging driver (802.1q) in the VM and have it working. Or did I get it all wrong?

Paulo

0 Kudos
Mike_Fink
Enthusiast
Enthusiast

I have never heard of this before, but I am very curious to the answer. So if I assign a VM to port group 4095, the switch will pass all the tagged packets to the VM? Is there any pruning, or is it a full trunk, passing all traffic to the VM?

Anyone have documentation on this; I have never heard of anyone doing this before.

Anyway, I suggest installing a packet capture driver inside the VM. Just sniff the packets; that will tell you what is and is not coming into your machine. That should give you an idea of what the heck is going on. Also, if you have a way to capture the traffic at the switch, that would be very helpful as well.

0 Kudos
esiebert7625
Immortal
Immortal

It's great technology and commonly used with Vmware, when you use 802.1Q tagging you do not have to have a separate NIC for each VLAN you want to connect to.

Here you go....

NIC teaming and VLAN trunking - http://blog.scottlowe.org/2006/12/04/esx-server-nic-teaming-and-vlan-trunking/

VMware ESX Server 3 802.1Q VLAN Solutions - http://www.vmware.com/pdf/esx3_vlan_wp.pdf

Networking Virtual Machines - http://download3.vmware.com/vmworld/2006/TAC9689-A.pdf

Networking Scenarios & Troubleshooting - http://download3.vmware.com/vmworld/2006/tac9689-b.pdf

0 Kudos
Mike_Fink
Enthusiast
Enthusiast

I almost always use tagging w/ VMware setups, but I always use VST, not VGT. I did not realize that putting a VM in that port group attached it to a trunk port into the VSwitch. Honestly, I have never had a customer ask for VGT, so I have never had to set it up. But I kind of though that it would involve another VSwitch that would allow tags through. This is much better.

Good to know though.

0 Kudos

Thanks for all the links. I'll give them a look.

However, nobody asked my original question: has anyone been successful in doing it with Windows machines?

Paulo

0 Kudos

However, nobody asked my original question:

Of course, I meant nobody answered[/b] my original question... Hadn't had my morning coffee yet... Smiley Happy

Ok, I'm not getting any answers on Windows. How about other OSs? Who has used this, and with which OS? On which vNIC type - vlance, vmxnet or e1000?

Paulo

0 Kudos

So... everyone in the same boat as myself, finding the feature great on paper but not having used it yet?! Smiley Wink

0 Kudos
snapper
Enthusiast
Enthusiast

Been meaning to try this for some time Smiley Happy

+ Configured Windows XP SP1 64 bit as VM

+ Connected to same virtual switch used by VM's that are accessing VLANS via VST

+ Installed latest Intel Pro 1000MT adapter

+ Configured adapter and added vlans as applicable

+ Configured IP ranges for 8 VLANS from within the guest.

Everything worked perfectly - all VLAN IP's accessible.

When you enable the vlan on the intel adapter , it spawns off new adapters for each vlan and just leaves the 'intel advanced network configuration protocol' enabled on the base adapter.

nb :::: this did not work with the 32 bit version of Windows, only the 64 bit.

Running ESX 3.01, VC 2.02

Cheers,

SP

Don't forget to award points where appropriate 🙂
0 Kudos
moberle
Contributor
Contributor

What are you trying to accomplish with the tagging. You mention DHCP. If that is the case. You probably need to create a Native VLan on your Cisco trunk port. There is and has been a lot of discussion concerning this topic. I dont have time to look up the topics but if you search for DHCP and PXE booting you will find an ample amount of information regarding the subject. Including my successful foray into PXE booting ESX installs.

0 Kudos
snapper
Enthusiast
Enthusiast

There are a number of threads around with people trying to accomplish this.

In our environment, there are something like 30 VLANs across 40 ESX hosts, each with 6 pnics.

There have been numerous occasions where the trunking hasn't been 'quite right' from the networking level, so we are trying to establish a VM that can perform testing on all the VLAN's on all the ESX hosts on all the nics. To do this manually is quite time consuming (6x30x40 = 7200)

This is done by:

1. using a VM with VGT enabled and working.

2. Using the VMperl / sql to determine which ESX host the VM is running on at the time

3. Using VMperl / rexec to modify the vswitch adapter properties (esxcfg-vswitch -L / esxcfg-vswitch -U etc)

4. Doing ping tests using the appropriate adapter for that VLAN

5. Cycling through the pnics on the hosts until the test is complete.

6. Produce report / verify results.

This way we will have definite confirmation that all nics have all the appropriate vlans trunked to them.

SP

Don't forget to award points where appropriate 🙂
0 Kudos
a_spaziani
Contributor
Contributor

The only way I found was to use a Cisco switch that route between VLan and set policy to filter the traffic.

0 Kudos
Secret_Doc123
Contributor
Contributor

how did you install the e1000 driver ?, i cant seem to find anywhere. i am currently using window server 2016 in a Vmware virtual machine

0 Kudos
scott28tt
VMware Employee
VMware Employee

@Secret_Doc123 

This thread is from 2008, those who contributed to it may not even use VMware products now.

It might be better to find a more recent thread or to create your own, explaining clearly what you’re trying to do and why.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------
VMware Training & Certification blog
0 Kudos