Solved: vlan (un)tagging between vm guests

deathmouse · ‎02-09-2018

Hi,

I'm trying to get VLANs working between a couple of VM guests. Just to clarify, I'm not talking about communicating with something outside the VM host, so it is entirely inside the virtual environment.

Basic setup:

ROUTER----------(port 1)vSWITCH(port2)----------CLIENT

The hypervisor is ESXI 5.5, and the client vSphere client 5.5 (windows gui client).

I want traffic between the router and port 1 on the switch to be tagged, and between port 2 and the client to be untagged, so basically on the vSwitch port 1 should be tagged and port 2 untagged.

I've tried to set up port groups on a vswitch and set the VLAN to the VLAN ID 42 but I don't really get the tagging/untagging part. There seems to be no option to tag/untag in a vswitch.

Have I completely misunderstood things?

How can I get this working?

Kind regards!

a_p_ · ‎02-10-2018

But only seem to be able to select VLAN 0, 4095 or manually enter IDs. That's all fine, but I find no option to tag/untag.

That's exactly where you do this. With setting a VLAN-ID on a port group, ESXi will tag/untag network packages on the port group level.

André

View solution in original post

a_p_ · ‎02-10-2018

Welcome to the Community,

Tagging/untagging is only an option on the port groups, i.e. traffic from/to virtual machines is tagged/untagged at this specific point. It's basically similar to a physical switch port to which you connect your clients/servers.

André

deathmouse · ‎02-10-2018

Thanks but where do I configure these tagging/untagging? I cannot for my life find it.

I have tried to search for HOWTOs on this but the closest I got were pages that showed that this can be done in vSphere through the menus Home >> Inventory >> Networking. Like in this screenshot (this screenshot is only to illustrate the menu path):

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/nexus1000/sw/4_0/install/software/guid...

But I have no Networking under Inventory. In my setup, there's only Inventory >> Inventory.

The only VLAN settings that I can find are in Home >> Inventory >> Inventory, where I select the host, then Configuration -> Networking. That's where I find the vswitches and can add port groups and so on. But only seem to be able to select VLAN 0, 4095 or manually enter IDs. That's all fine, but I find no option to tag/untag.

a_p_ · ‎02-10-2018

But only seem to be able to select VLAN 0, 4095 or manually enter IDs. That's all fine, but I find no option to tag/untag.

That's exactly where you do this. With setting a VLAN-ID on a port group, ESXi will tag/untag network packages on the port group level.

André

deathmouse · ‎02-10-2018

Ok, I will take your word for it then Something else must be wrong because I cannot get it working.

But I will continue to experiment with this.

Thanks for the prompt answers!

deathmouse · ‎02-10-2018

Finally got it working! Just as an FYI if anyone else reads this, I did the following:

ROUTER-----1:vSwitch:2------host

The vSwitch has two portgroups:

1) the first port group "1" has VLAN ID=All(4095) which apparantly means all vlans in trunk. The only member here one of the router ports.

2) the second port group "2" has VLAN ID=42 which means vlan 42 untagged. The linux host interface is the only member of this port group.

Ping test works. (of course I tried to change 42 to something else and ping test fails). Packet capture on router side shows 802.1Q tag as expected, but none on the linux host. yay!

a_p_ · ‎02-10-2018

Glad you got it working.

VLAN 4095 passes all traffic for all VLANs to the VM/guest, and it's the guest's responsibility to do the tagging/untagging. In vSphere this is called Virtual Guest Tagging (VGT), whereas setting a dedicated VLAN-ID on a port group (other that 0 and 4095) is called Virtual Switch Tagging (VST).

See e.g. https://kb.vmware.com/s/article/1003806

André