VMware Cloud Community
SeanDA
Enthusiast
Enthusiast
Jump to solution

Networking and VLANs

In my TEST environment I have 2 x HP DL380 G5 servers connected to a HP MSA1000 SAN.

I have all hosts configured and working and am able to VMotion VM's between hosts.

I want to create a VM which will run ISA2004 in a 3-leg config - 1st adapter on internal (VM) network, 2nd adapter in DMZ and third adapter out to internet.

Do I require a physical adapter in each VM host (over and above the 2 adapters setup for VMKernal and SC) or can I acheive this by creating 3 VLANS on my network switch and using a single (extra) physical adapter in the VM hosts and three virtual switches- each with a different VLAN ID?

Also, what exactly does the VLAN ID relate to? Do I have to name the VLAN ID exactly the same as the VLAN label on the switch?

Thanks in advance

Reply
0 Kudos
1 Solution

Accepted Solutions
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

vmnic2 is connected to the vSwitch2.

Within vSwitch2 you have created to Portgroups, one vor VLAN 10 and one for VLAN20

vmnic2 (pNIC2) is connected on an external switch.

The external switchport to which pNIC2 is connected needs to be configures as a trunking port.

Trunking port allows multiple VLANs to connect to it and that is exactly what you want.

Clear?

View solution in original post

Reply
0 Kudos
6 Replies
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

I guess you use the "VMKernal" for VMotion in your current setup?

Yes you can use 1 extra pNIC and create 3 VLAN's on it. (within 1 vSwitch)

You cannot create multiple vSwitches and share 1 physical NIC to the outside.

Network Label is just a Internal naming convention (needs to be the same on all the ESX hosts in order for VMotion to work)

Within your switch you should also set the corresponding VLAN ID.. (maybe your manufacturer calls it VLAN Label instead)

davidbarclay
Virtuoso
Virtuoso
Jump to solution

Vliegenmepper is correct, but to be clear....

You need to create a single vSwitch with a single pNIC and three separate port groups. Each port group can have a different VLAN ID. Call you VM portgroups something obvious like "VM-LAN", "VM-DMZ" and "VM-WAN" - then you know where to create new VMs in the future.

Remember, if you have multiple ESX hosts you should create the exact same networking configuration so vMotion continues to work (even identical portgroup names).

Dave

Bart_VK
Enthusiast
Enthusiast
Jump to solution

SeanDA,

If you wish to keep the redundancy on NIC level for SC and VMkernel, you will need an extra (or 2 for redundancy reasons) NIC(s). This NIC you can couple to your virtual switch where your VM port groups are coupled to.

If you work with VLANs on your general physical network for your internal, DMZ, and Internet network you can use VLAN tagging in ESX to create 3 virtual networks(=VM port groups). Where each port group represent your internal network or DMZ or Internet. The VLAN tagging that ESX uses is the 802.1Q protocol.

So the VLAN ID is actually the VLAN number that you need to put in each port group not the VLAN label.

Then you need to see that the ports on the physical switch where the virtual switch is connected to is VLAN tagging enabled and that you ensure on your switches the proper routing to the corresponding VLANs

Kind regards,

Bart VK

Reply
0 Kudos
SeanDA
Enthusiast
Enthusiast
Jump to solution

Just to be clear as I am not a networking expert by any stretch...

I have created 3 vswitches in total:

Vswitch0 - vmnic0 - Service Console (192.168.100.1) and VMKernel (100.100.100.100)

Vswitch1 - vmnic1 - VM-Internal (VLAN ID 30)

Vswitch2 - vmnic2 - VM-DMZ (VLAN ID 20) and External (VLAN ID 10)

I have placed pNIC1 (vmnic1) into a port configured for our internal network (VLAN 30), and my VM's can 'see' the rest of the network.

How do I configure a port to be a member of multiple VLAN's (20 and 10) in order to 'share' the pNIC2 (vmnic2)?

Thanks for all your help..

Sean

Reply
0 Kudos
VirtualKenneth
Virtuoso
Virtuoso
Jump to solution

vmnic2 is connected to the vSwitch2.

Within vSwitch2 you have created to Portgroups, one vor VLAN 10 and one for VLAN20

vmnic2 (pNIC2) is connected on an external switch.

The external switchport to which pNIC2 is connected needs to be configures as a trunking port.

Trunking port allows multiple VLANs to connect to it and that is exactly what you want.

Clear?

Reply
0 Kudos
Bart_VK
Enthusiast
Enthusiast
Jump to solution

On the external switch this can be atrunking port or a port where the option vlan tagging is enabled. This depends from the manufacturer of your physical switch

Kind regards,

Bart VK

Reply
0 Kudos