VMware Communities
patknapp
Contributor
Contributor
‎08-27-2013 11:59 AM
Jump to solution

Mac OS 10.8 VM cannot join VLAN/different subnet than host with Fusion 5

I have a significantly upgraded, top-of-top-end Mac Mini server operating behind a Zyxel USG firewall.  As a host, the Mac Mini is running a virtualized OS X 10.8 server through VMware Fusion 5 (principally as a mail server).  To avoid opening ports directly to the host-MacMini and LAN1, and to better customize security and zone settings, I want to put the VM on VLAN1.

However, no VLAN packets are getting through to the VM.  I have tried two configurations:

     Host > VLAN1 in Network preferences > VMware Fusion set to bridge network via VLAN1 > Guest "Ethernet" actually connects to VLAN1

     Host > Ethernet (LAN1) in network preferences > VMware Fusion set to bridge network via LAN1 > Guest > add VLAN1 to Guest network preferences

In both situations, *zero packets* make it out of the VM/guest on VLAN1.

My suspicion is that VMware Fusion 5 does not support VLAN-tagged packets. 

Any hints/suggestions for how to get the VM to join VLAN1, or really, just a different subnet?  Are there any VLAN-tagging drivers for VMware Fusion 5?

0 Kudos
1 Solution

Accepted Solutions
patknapp
Contributor
Contributor
‎08-27-2013 04:35 PM
Jump to solution

FIXED IT--partially, at least.

It had to do with the packet being truncated by VMware.  According, I configured VLAN1 on the host, and in the hardware settings, chose "Jumbo Packet Size".  I then bridged the VM through the host's VLAN1 connection.  VIOLA!  It works.

However, attempting to connect the VM as a direct VLAN1 client is still unsuccessful. The VM likely truncates packets when it sends them from the host to guest (and vice versa).  However, if VLAN-tagging is done at the host level (as I have it configured), then the VM can successfully communicate over the VLAN.

View solution in original post

0 Kudos
10 Replies
patknapp
Contributor
Contributor
‎08-27-2013 04:35 PM
Jump to solution

FIXED IT--partially, at least.

It had to do with the packet being truncated by VMware.  According, I configured VLAN1 on the host, and in the hardware settings, chose "Jumbo Packet Size".  I then bridged the VM through the host's VLAN1 connection.  VIOLA!  It works.

However, attempting to connect the VM as a direct VLAN1 client is still unsuccessful. The VM likely truncates packets when it sends them from the host to guest (and vice versa).  However, if VLAN-tagging is done at the host level (as I have it configured), then the VM can successfully communicate over the VLAN.

0 Kudos
WoodyZ
Immortal
Immortal
‎08-27-2013 05:03 PM
Jump to solution

Have you set the Guest's OSes Network Adapter's MTU to also use Jumbo (9000)?

0 Kudos
patknapp
Contributor
Contributor
‎08-27-2013 05:06 PM
Jump to solution

I did; it immediately reverts to Standard (1500) after saving.  Not sure if its an OS X bug or a VMware bug.

0 Kudos
WoodyZ
Immortal
Immortal
‎08-27-2013 05:26 PM
Jump to solution

In an OS X 10.8.3 Virtual Machine, it holds for me from the System Preferences... > Network... however you can also use the following command in a Terminal:

Syntax: networksetup -setMTU <hardwareport or device name> <value>

Example: networksetup -setMTU en0 9000

Then check with: networksetup -getMTU <hardwareport or device name>, e.g., networksetup -getMTU en0

0 Kudos
patknapp
Contributor
Contributor
‎08-27-2013 07:25 PM
Jump to solution

That brought about the beach ball.  The guest is 10.8.4, so I'm gonna check the developer notes to see what Apple changed from 10.8.3.

0 Kudos
nancyz
VMware Employee
VMware Employee
‎09-01-2013 10:42 PM
Jump to solution

patknapp wrote:

I have a significantly upgraded, top-of-top-end Mac Mini server operating behind a Zyxel USG firewall.  As a host, the Mac Mini is running a virtualized OS X 10.8 server through VMware Fusion 5 (principally as a mail server).  To avoid opening ports directly to the host-MacMini and LAN1, and to better customize security and zone settings, I want to put the VM on VLAN1.

However, no VLAN packets are getting through to the VM.  I have tried two configurations:

     Host > VLAN1 in Network preferences > VMware Fusion set to bridge network via VLAN1 > Guest "Ethernet" actually connects to VLAN1

     Host > Ethernet (LAN1) in network preferences > VMware Fusion set to bridge network via LAN1 > Guest > add VLAN1 to Guest network preferences

Hi patknapp,

The way Host > VLAN1 in Network preferences > VMware Fusion set to bridge network via VLAN1 > Guest "Ethernet" actually connects to VLAN1

is correct for birding a VM to host VLAN. Check "VLAN1" in VM network adapter for the 10.8 VM.

In both situations, *zero packets* make it out of the VM/guest on VLAN1.

My suspicion is that VMware Fusion 5 does not support VLAN-tagged packets.

Any hints/suggestions for how to get the VM to join VLAN1, or really, just a different subnet?  Are there any VLAN-tagging drivers for VMware Fusion 5?

How did you setup VLAN1 on your host?

0 Kudos
patknapp
Contributor
Contributor
‎09-02-2013 08:26 AM
Jump to solution

Hey Nance:

I actually got it to join  VLAN1 using the method you describe.  The problem was jumbo packet settings on the host.  They have to be manually set to 9000 on both en0 (LAN1) and vlan0 (VLAN1) network interfaces.

New problem is that host/guest cannot be firewalled off from one another despite my best attempts (and I'm no nube).  Also, Fusion seems to freeze-up the VM's GUI about once every 24 hours.  One problem at a time though.

0 Kudos
nancyz
VMware Employee
VMware Employee
‎09-02-2013 07:10 PM
Jump to solution

patknapp wrote:

New problem is that host/guest cannot be firewalled off from one another despite my best attempts (and I'm no nube).  Also, Fusion seems to freeze-up the VM's GUI about once every 24 hours.  One problem at a time though.

patknapp,

Do you mean even your host have problem with the firewall setup?

http://support.apple.com/kb/PH4322?viewlocale=en_US&locale=en_US

This link could be help for your VLAN setup on your Mac.

0 Kudos
patknapp
Contributor
Contributor
‎09-02-2013 07:33 PM
Jump to solution

Nancy...VLAN is not a problem, read the discussion above, its been working since Aug 27...I was referring above to the fact that Fusion bypasses host network settings to direct-communicate with the guest over the bridge, and therefore such communications cannot be blocked with network firewall rules or host PF-table entries...just nevermind.

0 Kudos
nancyz
VMware Employee
VMware Employee
‎09-02-2013 08:02 PM
Jump to solution

patknapp wrote:

Nancy...VLAN is not a problem, read the discussion above, its been working since Aug 27...I was referring above to the fact that Fusion bypasses host network settings to direct-communicate with the guest over the bridge, and therefore such communications cannot be blocked with network firewall rules or host PF-table entries...just nevermind.

patknapp,


Sorry for confusion. You mentioned "New problem is that host/guest cannot be firewalled off from.." in your previous discussion, I misunderstood that.

In my setup, I added vlan10 using host ethernet adapter, vlan id 10 configured on my switch(Netgear) and Tag 10 on host vlan dapter. I bridged the VM to vlan10, it worked.

I don't have Zyxel USG firewall, not sure if it needs other configurations than a switch.

0 Kudos