VMware Cloud Community
sdotsen
Contributor
Contributor

How to put a particular VM on my DMZ

So I have an HP Blade Chassis (C7000) and we have 3 ESX Hosts running, which are managed by Virtual Infrastructure.

Since these are blade servers, they have internal NICs, therefore I wouldn't be able to plug the blade in chassis 9 into a different switch.

With that said, how do I get a particular VM inside any particular ESX host into our VLAN? Here's how our current VLAN is segmented.

The blade chassis has a 24 port switch from Cisco. Ports 1-16 are internal (for the blades) and port 17-24 are external ports.

Two of my external ports (18 and 21) are configured for our DMZ. I have the DMZ port from my firewall plugged into port 18 and a true server plugged into port 21.

That works fine and there are no issues whatsoever. So, how the heck do I tell one of my VM to run inside this particular DMZ?

Reply
0 Kudos
5 Replies
one3cap
Contributor
Contributor

Trunk the physical ports that are connect to the virtual switch like 802.1q trunk. Then on your virtual switch create a new port group. When you create a new port group on the virtual switch it will ask you for an vlan id put the vlan number that is the vlan for your DMZ. and change the other defualt port group that was already there to VLAN that you existhing vm's were already on. If you want vmotion etc to work add the same port group to any other esx servers with the same name.

Hope this helps.

Reply
0 Kudos
jbruelasdgo
Virtuoso
Virtuoso

you have to use VLANs, as previously said by one3cap (802.1q)

Jose

Jose B Ruelas http://aservir.wordpress.com
Reply
0 Kudos
sdotsen
Contributor
Contributor

I'm not a cisco guy and I didn't setup the switch, when you say vlan id are you referring to what VLAN number is set to?

For example I see the following on my DMZ port on the Cisco switch.

description VLAN 3 DMZ

switchport access vlan 3

switchport trunk native vlan 3

spanning-tree portfast

So would my VLAN ID be 3? In addition, I think the port isn't configured correctly for VLAN trunking either.

Reply
0 Kudos
one3cap
Contributor
Contributor

These are my setthings for the 802.1x trunk port config.

interface GigabitEthernet10/24

description Member PC ESX3

no ip address

switchport

switchport access vlan 103

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

spanning-tree portfast trunk

Reply
0 Kudos
one3cap
Contributor
Contributor

Yes that is correct but once you do this then don't forget about your existing servers and the existing port group and that vlan and to get vmotion to work create the same on the other esX

Reply
0 Kudos