VMware Cloud Community
amaury8988
Contributor
Contributor
‎11-14-2017 06:56 AM

VLANs configuration on vCenter

Hi,

I am using vcenter and I need to configure a specific VLAN configuration on a dedicated host.

I am struggling to do it, because I am not sure how to configure the networking on vcenter, as my VLAN only exists between the VMs on a single ESX host.

Here is the configuration I want to do :

I have 3 VMS :

  • VM Firewall (using pfSense) on a trunk
  • VM 1 on VLAN 1
  • VM 2 on VLAN 2

I want to configure VM1 to be in access mode on VLAN1

I want to configure VM2 to be in access mode on VLAN2

I want to configure VM Firewall to be in trunk mode on VLAN1 and VLAN2

The VLANs in Vcenter should be configured so that VM1 can talk to VM Firewall on VLAN1, and VM2 can talk to VM Firewall on VLAN2.

Is there a way to configure the network on Vcenter to do this ?

Thanks a lot,

Amaury

Reply
0 Kudos
3 Replies
jasnyder
Hot Shot
Hot Shot
‎11-16-2017 02:24 PM

So if the VMs are on a VLAN on a dedicated host, do you even need a VLAN?  Why not create 2 port groups on an isolated vSwitch with no uplinks not tagged to any VLAN.  Then create your pfSense VM with 2 vNICs, 1 attached to each of the port groups.  Then you can configure the routing/firewalling between the two the way you want.

If you still want them on VLANs, the config would pretty much be the same - create the port groups on VLAN 0 and add both port groups to the pfSense machine as 2 vNICs.

If you want to pass the VLAN tagging responsibilities through to the VM, you would put the vNIC on a port group with VLAN 4095 for VGT.

I use a pfSense router VM in my lab because I had a small ubiquiti edge router die and I didn't feel like buying another physical device.  But I have it configured with separate vNICs for each VLAN I want to bridge and just let it do routing between interfaces.  I don't use it for firewalling.

Reply
0 Kudos
amaury8988
Contributor
Contributor
‎11-17-2017 08:57 AM

Hi Jasnyder,

Thanks a lot for the help !

That is actually I previously configured it. I used to attach different vNICs to different port goups.

However I need to have about 20 different VLANs and there's a limitation on vCenter to 10 interfaces per VM. So that's why I want to use one vNIC on pfSense as my trunk.

My problem is really how do configure the trunk on vCenter.

Reply
0 Kudos
jasnyder
Hot Shot
Hot Shot
‎11-17-2017 09:44 PM

So in this case you'll want to do the VLAN 4095 as I mentioned.

Check this KB - VMware KB 1004252

Check this one for some additional background - VMware KB 1003806

Do you have a physical layer 2 switch that has VLANs configured or are you trying to set something up without a layer 2 device?  I haven't fully thought that scenario through, but I'm not sure if a vSwitch sending tagged traffic out will also send that another port group that is set as 4095.  I think you might need the layer 2 device to help with that.

You can try it and see, but another thought is to create multiple pfSense VMs and create a mesh topology with each one hosting a few legs off the network.  Not sure if that meets your needs or not.

Reply
0 Kudos