VMware Cloud Community
andvm
Hot Shot
Hot Shot

Move vSphere Management to a new VLAN

Hi,

Have an old vsphere 5.5 setup in which I need to move the management network (ESXi hosts and Windows vCenter) to a new VLAN (Keeping same IP's)

The new network is setup and ready.

The ESXi cluster does not have HA enabled.

Can this be done in a live setup with running VMs without impacting them?

Is there a requirement to still place the Hosts in Maintenance Mode? Any other considerations?

Thanks

Reply
0 Kudos
12 Replies
IRIX201110141
Champion
Champion

Do you use vSS or vDS?

Regards,
Joerg

Reply
0 Kudos
NicolasAlauzet

If you are certain that the configuration is OK in the new VLAN, and you are going to keep the same segment, Yes. You just need to change the portgroup to the VMs.

You can do first ONE esxi in maintenance mode (just in case) and test if after changing VLAN ID it works ok.

And the same with vCenter or PSC or any other VM that you have in that vlan.

If you need to shift it all at the same time and you cannot do a test, again, if you are certain that everything is OK. It will work!

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
andvm
Hot Shot
Hot Shot

vSS

Reply
0 Kudos
andvm
Hot Shot
Hot Shot

yes plan to change the Management VLAN of one ESXi first and test connectivity via the new VLAN.

Then move to the other ESXi hosts and test.

Then change vCenter portgroup to the new management VLAN and test.

There will be a time when the ESXi hosts will be unable to reach each other and vCenter ( think having HA disabled should be enough to not trigger any VM restarts)

Does the above make sense? Do you think I should place the first host in Maintenance Mode just to see how it reacts?

In any case I would need to do the other hosts whilst not in Maintenance Mode as they will not have connectivity to the host/s in the new management vlan.

There is no shared storage either so probably any migrations will have to be compute AND storage.

Thanks

Reply
0 Kudos
IRIX201110141
Champion
Champion

Than its easy.

1. Create a new Portgroup with VLAN and name ist MGMT/vSphere

2. Now you can connect with your Browser to the ESXi Hostclient and modify the vNetwork of your vCenter VM and move it into the new Portgroup

3. Open a ESXi console (iDRAC/ILO) and modify the Management network settings. You need to modify the VLAN

Thats it.

Regards,

Joerg

andvm
Hot Shot
Hot Shot

1. Create a new Portgroup with VLAN and name ist MGMT/vSphere. - Done on all ESXi Hosts with exactly the same name and Management VLAN

2. Now you can connect with your Browser to the ESXi Hostclient and modify the vNetwork of your vCenter VM and move it into the new Portgroup. - Agree as part of plan

3. Open a ESXi console (iDRAC/ILO) and modify the Management network settings. You need to modify the VLAN - Agree as part of plan

Step 2 and Step 3 can be done in any order right?

There should be no need to place the Host in Maintenance Mode right? (Since HA is disabled)

Thanks

Reply
0 Kudos
IRIX201110141
Champion
Champion

No MM needed.  Changing the Management network of an ESXi doesnt effect the running VMs especially when they are on a separate Portgroup.

Regards

Joerg

Reply
0 Kudos
tayfundeger
Hot Shot
Hot Shot

Management network and virtual machine portgroup are different things. You will be trading in the management network, namely, vmkernel portgroup. If you change the IP address and VLAN of the management network, there will be no problem in virtual machines. You can perform these operations while virtual machine power is on, there will be no interruptions.

--
Blog: https://www.tayfundeger.com
Twitter: https://www.twitter.com/tayfundeger

vBlogger, vExpert, Cisco Champions

Please, if this solution helped your problem, "Helpful" if it solves your problem "Correct Answer" to mark.
a_p_
Leadership
Leadership

I'm actually missing details about the current configuration, which is important to know in order to give you an advice.

How is your network configured? Are the uplink ports on the physical side tagged, or untagged, i.e. do you work with tagged ports and configure the VLAN IDs on the port groups?

André

Reply
0 Kudos
andvm
Hot Shot
Hot Shot

Thank you, Correct the links between the ESXi and the physical switchports are trunk links and allow all VLANs

The Standard portgroups have VLANs associated to them

Windows vCenter VM will need to have its portgroup changed so it is on the portgroup (new VLAN). (Done via ESXi Host GUI to keep visibility/ease of rollback)

The ESXi will need to have their Management network changed to the new VLAN (Done via DCUI for ease of rollback)

Reply
0 Kudos
andvm
Hot Shot
Hot Shot

Yes the only concern I had was around HA as I know that if enabled one of the checks would be to confirm it is able to speak to HA Master or other HA ESXi members.

But in this case since HA is not enabled I do not think there is anything that would react upon Management disconnectivity

Reply
0 Kudos
NicolasAlauzet

Maybe for the future, as you are not having HA enabled now.

Before doing any kind of changes of this kind when you have HA, first disable host monitoring. Do the changes and then enable again (to avoid any HA acting when it should not)

Gluck with the change!

Cheers

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
Reply
0 Kudos