VMware Cloud Community
Richlionm2
Enthusiast
Enthusiast
Jump to solution

VM Networking - question about VLAN settings

Hello,

I've been studying various networking guides and compare the settings in my production systems. I have physical switches and a VLAN 141 setup for all servers. I have my live servers connected to that VLAN in the vSphere Windows client. In the VM management console however the setting for VLan is cleared (null). This seems to be the default setting after the ESXi installation on all my servers. All ports have the same VLAN setting 141.

I also have a new VM host, which I am trying to setup correctly in ESXi 6.5. After the installation the VM management setting is null. When I try to change the VLAN to 141 for my vSwitch0 I loose my connection. I know from the cables that they are connected to VLAN 141, I am trying to understand where exactly should I set the VLAN. Anyone has any advice?

Attachments - setting in the VM console and in the vSphere Client.

Thanks,

Richard

Using vSpehere 5.5 and 6.5 Hypervisor. Oracle, SQL-Server, Progress, Linux/AIX/Win admin
Reply
0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
Jump to solution

Whether you want/need to set a VLAN ID on a virtual port group, depends on the physical switch port's configuration.

In case you are connected to an untagged port (as in your case), you must not set a VLAN ID on the port group level. In case you are connected to tagged ports, you'll have to set the VLAN ID, for VLANs other than the default VLAN.

Reason: The virtual switch will forward network packets to port groups based on the VLAN tag within the packet. If the VLAN tag has already been removed by the physical switch port, the vSwitch will forward this packet only to port groups without a VLAN ID (empty/zero).


André

View solution in original post

7 Replies
dbalcaraz
Expert
Expert
Jump to solution

Let's see.

In your ESXi host, your DCUI (you called as VM management console), you must put the VLAN for the subnet you use for management.

If you VLAN for management is the same as for all servers (not recommended) then, use it.

If you lose the connection (from the vSphere Client) when setting VLAN ID 141 in the DCUI then, you have a problem with the switches and the connections, meaning they are not placed correctly with this new host, did you configure VLAN ID 141 where the new host is connected?

You said that you know that they are connected to VLAN 141, but this is a thing you must be sure and the best way is to check it on the switch you are using.

Also, did you set the correct network adapters on the DCUI?

-------------------------------------------------------- "I greet each challenge with expectation"
Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

Whether you want/need to set a VLAN ID on a virtual port group, depends on the physical switch port's configuration.

In case you are connected to an untagged port (as in your case), you must not set a VLAN ID on the port group level. In case you are connected to tagged ports, you'll have to set the VLAN ID, for VLANs other than the default VLAN.

Reason: The virtual switch will forward network packets to port groups based on the VLAN tag within the packet. If the VLAN tag has already been removed by the physical switch port, the vSwitch will forward this packet only to port groups without a VLAN ID (empty/zero).


André

Richlionm2
Enthusiast
Enthusiast
Jump to solution

Hello,

thank you all for responding.

First, I think there is a difference between vSphere 5.5 and 6.5 The first I use to maintain my existing VM Hosts, so changing the VLAN for Management Network would affect the connection. Correct?

When I look at my other production servers I see that VM Management Network on vSwitch0 is set to a VLAN 611 (this looks like the default VM Port Group), there is another VM port group setup as VM Nework 2 on vSwitch1 and this has VLAN 612, this is used for connecting the VM guest/server. So this looks like a proper setup. I don't have a current test environment with vSphere 5.5, so I cannot test how to set them up.

Using vSphere 6.5 I don't seem to have a problem changing the VLAN 141 on the VM port group for servers/machines/guests. I managed to create a vSwitch1, a port group named "VM VLAN 141". In my enviroment network guys point everything to that VLAN, just the way it is, even though I agree the Management and VM Servers (data) should be separated, at least that's what I learned from some youtube presentations. At the moment it's rather a test envorment for me to learn this stuff.

In vSphere 6.5 I do have a problem with changing the VLAN for the Management Network - the default port group on vSwitch0. When I change it from VLAN ID (0) - which goes to the NATIVE vlan on the physical switch to 141, then:

1) I loose the connection in the web browser.

2) When I check the VLAN on the VM console it is set to 141. All other VM Hosts have it set to "Not Set".  This is where I have a problem. So why when I change the VLAN to 141 in the vSphere Web Management it also change the setting in the VM console, when it should be set to "Not set". I can regain control by reverting that change back to "Not Set". I hope my description is clear?

I think the only way I can do this is to create a new port group for Management, disable the default one Management Network, but haven't found the best tutorial how this is done.

Attached is my setting for the VM VLAN 141 on vSwitch1.

The second attachment show the "proper" production setup which is maintained by abother group of network guys - VLAN 611 and 612.

Thanks again,

Richard

Using vSpehere 5.5 and 6.5 Hypervisor. Oracle, SQL-Server, Progress, Linux/AIX/Win admin
Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

There's no difference between the different ESXi versions.

What matters is the physical switch port's configuration. In case of Cisco switches:

Access Port -> Do not set the VLAN ID on the port group

Trunk Port -> Set the VLAN ID on the port group (except for the default VLAN)

André

Richlionm2
Enthusiast
Enthusiast
Jump to solution

Hi,

what do you mean "Access Port" ?  "Management Network" ?

Thanks,

Richard

Using vSpehere 5.5 and 6.5 Hypervisor. Oracle, SQL-Server, Progress, Linux/AIX/Win admin
Reply
0 Kudos
a_p_
Leadership
Leadership
Jump to solution

"Management Network" - is the VMkernel Port Group that ESXi uses for management access (e.g. when you connect to ESXi through the Web Client, or any other client)

"Access Port" - is a port type/configuration on the physical Cisco Switch, which provides access to a single VLAN

"Trunk Port" - is a port type/configuration on the physical Cisco Switch, which provides access to multiple VLANs

André

Richlionm2
Enthusiast
Enthusiast
Jump to solution

Hello,

I had to do a lot of reading after your questions, so to keep it short. Our switch/VLAN is untagged. We have all of our servers on that VLAN.

Where I got confused is in the vSphere client on the right side where the vnmic0 is the VLAN 141 is the setting on the other physical side on the physical switch. First pic.

But then when I go to properties of the vSwitch0, VLAN's are set to 0 - default I guess. Attached second pic.

I've now checked some of my VM hosts and all are actually set to VLAN ID 0.

I think there was no reason for me to tag or set the VLAN to 141 on the VM network side, as thanks you your previous responses I went to my network guy and he told me what tagging is for, etc. Now at least I know what to ask for.

My head was spinning for few days, but I've learned a lot and thanks for all your patience.

Richard

Using vSpehere 5.5 and 6.5 Hypervisor. Oracle, SQL-Server, Progress, Linux/AIX/Win admin
Reply
0 Kudos