Is it possible to VLAN tag a vSwitch port without using a PortGroup using PowerCLI? Similar to how you'd tag a port on a physical switch.
OK, you're using dvSwitches!.
I now understand what you want to achieve, although using portgroups has more benefits then the VLAN ID only.
Ofcourse this can be accomplished using PowerCLI too.
Try something like this:
$dvSwitchName = "dvSwitch0" $dvPortId = "100" $VLAN = 220 $portSpec = New-Object VMware.Vim.DVPortConfigSpec $portSpec.operation = "edit" $portSpec.key = $dvPortId $portSpec.setting = New-Object VMware.Vim.VMwareDVSPortSetting $portSpec.setting.vlan = New-Object VMware.Vim.VmwareDistributedVirtualSwitchVlanIdSpec $portSpec.setting.vlan.inherited = $false $portSpec.setting.vlan.vlanId = $VLAN $dvSwitch = Get-View -ViewType 'VmwareDistributedVirtualSwitch' -Filter @{'Name'=$dvSwitchName} $dvSwitch.ReconfigureDVPort_Task($portSpec)
No you need a port group, vmkernel port or service console port to assign a vlan tag -
If you find this or any other answer useful please consider awarding points
VM guests only interact with the vSwitch at the PortGroup level, right? Which means I'm stuck with PortGroups.
Correct, the vNic is assigned to the vSwitch via the portgroup.
What's the problem with using portgroups?
I work for a web host. Each client gets at least one VLAN, sometimes more, and our VLAN count is expected to hit the thousands for our ESXi cluster.
Creating a PortGroup for each VLAN is a lot of extra management overhead we would like to avoid by using the traditional switch approach of tagging a single port with a VLAN ID. I suppose once I drill down into PortGroups it may be the same amount in the end, it's just not the way our network admin would like it to work.
We can do the tagging manually via the vSphere Center so I'm sure there's a way via the SDK/API. Just not with PowerCLI, it would seem.
Is there a drawback (other than no PowerCLI) to tagging individual dvPorts with VLAN's instead of PortGroups from a best practices standpoint?
How do you mean no PowerCLI?
Creating a portgroup is easy as 123:
Get-VirtualSwitch -VMHost "myESX" -Name "vSwitch0" | New-VirtualPortGroup -Name VM220 -VLanId 220
Connect your VM to this portgroup using:
Get-VM "myVM" | Get-NetworkAdapter | Where {$_Name -eq "Network adapter 1"} | Set-NetworkAdapter -NetworkName VM220 -Confirm:$false
The point is that we don't want to create separate PortGroups and tag the VLAN's at that level. We'd like to tag the individual dvPorts themselves (done in the GUI via an override). That doesn't seem to be possible via powerCLI. I wondering, if because it's not possible in the powerCLI, we're missing some other reason that we shouldn't be tagging the ports themselves and using PortGroups ...
Again, in this environment, we could create just 1 PortGroup with 128 ports for instance, and each port could potentially be a different VLAN (much like you'd do for a physical switch). If we used PortGroups, that's 128 PortGroups to manage instead of just 1.
Did you consider using Private VLANs on distributed Switches ?
That would solve the portgroup per VLAN problem, on the other hand it does require Enterprise Plus licenses.
Have a look at my dvSwitch scripting – Part 6 – Private VLAN post to see how this can be done with PowerCLI.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
We have looked at private vlans, but there are a few drawbacks since we have hybrid environments. We'd prefer to simply tag the individual ports themselves.
OK, you're using dvSwitches!.
I now understand what you want to achieve, although using portgroups has more benefits then the VLAN ID only.
Ofcourse this can be accomplished using PowerCLI too.
Try something like this:
$dvSwitchName = "dvSwitch0" $dvPortId = "100" $VLAN = 220 $portSpec = New-Object VMware.Vim.DVPortConfigSpec $portSpec.operation = "edit" $portSpec.key = $dvPortId $portSpec.setting = New-Object VMware.Vim.VMwareDVSPortSetting $portSpec.setting.vlan = New-Object VMware.Vim.VmwareDistributedVirtualSwitchVlanIdSpec $portSpec.setting.vlan.inherited = $false $portSpec.setting.vlan.vlanId = $VLAN $dvSwitch = Get-View -ViewType 'VmwareDistributedVirtualSwitch' -Filter @{'Name'=$dvSwitchName} $dvSwitch.ReconfigureDVPort_Task($portSpec)
Yes - dvSwitches in play here. Probably an important piece of info we should have shared.
Arnim v Lieshout wrote:
I now understand what you want to achieve, although using portgroups has more benefits then the VLAN ID only.
Can you elaborate? We want to be sure we not missing something, but as far as I can tell, for our network model, this should work well. I suppose we lose the ability to set traffic shaping, security, and fail-over policies on a per-VLAN basis, but I don't think we necessarily need that.
One last powerCLI related question. That code assumes you have a dvPort number - is it possible to get that port number from an existing network adapter? Ie. something in the Get-NetworkAdpater namespace? In order to set the VLAN appropriately, we need to know which port the VM's connected to.
owjeff wrote:
One last powerCLI related question. That code assumes you have a dvPort number - is it possible to get that port number from an existing network adapter? Ie. something in the Get-NetworkAdpater namespace? In order to set the VLAN appropriately, we need to know which port the VM's connected to.
$VmNic = Get-NetworkAdapter -VM $VmName
$VmPort = $VM.ExtensionData.Backing.port.portkey$VmvPG = Get-VirtualPortGroup -vm $VmName
@avlieshout
We have a few large vPortGroups on the dvSwitch. I can get the correct vPG and port number, but how do I tell the dvSwitch which vPG to change the port on?
Kind of off topic, but what do you use for the PowerShell syntac highlighting? I didn't see a built-in PS option.
Nevermind, I'm a dunce. Too much time in code and not enough in the UI.
Here's the final code:
$VmName = "TEST"
$dvSwitchName = "dvSwitch01"
$VLAN = 220
$VmNic = Get-NetworkAdapter -VM $VmName
$dvPortId = $VmNic.ExtensionData.Backing.port.PortKey$portSpec = New-Object VMware.Vim.DVPortConfigSpec
$portSpec.operation = "edit"
$portSpec.key = $dvPortId
$portSpec.setting = New-Object VMware.Vim.VMwareDVSPortSetting
$portSpec.setting.vlan = New-Object VMware.Vim.VmwareDistributedVirtualSwitchVlanIdSpec
$portSpec.setting.vlan.inherited = $false
$portSpec.setting.vlan.vlanId = $VLAN$dvSwitch = Get-View -ViewType 'VmwareDistributedVirtualSwitch' -Filter @{'Name'= "$dvSwitchName"}
$dvSwitch.ReconfigureDVPort_Task($portSpec)
Full points to avlieshout
Glad to here that everything worked out fine.
For the highlighted code I use PowerGUI's "Copy as HTML" option.
On the forum use the HTML editor and paste the code from PowerGUI.
Fyi, I documented this, and other procedures to copy code in a post, in Some ways to enter PowerCLI code under the new forum SW some time ago.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks again to both of you. While I am not new to PowerShell I am very new to PowerCLI and scripting against the ESXi environment. I installed PowerCLI for the first time last week so I am still getting my bearings in the VMware PowerCLI community.
So far the response has been phenomenal, and I really do appreciate the help on this on thread. I just need to figure out how to monitor running tasks better and I'll be golden for now