Solved: vlans and portgroups

SCC · ‎06-08-2010

I have what I tought would be a simple project but have yet been able to solve the issue.

I would like to create a single vSwitch. No connection to a physical NIC. Then create multple port groups in the vSwitch with different vlan ids. One of the port groups would get all the data streams from the other vlans.

So I have

vSwitch1

|-----PortGroup VLAN01 - VLAN ID:All with one vm attached.

|-----PortGroup VLAN10 - VLAN ID:10 with two vm's attached

|-----PortGroup VLAN20 - VLAN ID:20 with two vm's attached.

What I thought would happen is that the two vm's on VLAN10 would be able to communication (and they can), the two vm's on VLAN20 would be able to communication (and they can) and vm's on VLAN10 and VLAN20 could NOT communicate with each other (and they can't). So up to now exactly what I am looking for.

The rub: I thought the vm on VLAN01 would be able to communicate with any vm on VLAN10 or VLAN20 and vice versa, VLAN10 and VLAN20 vm's could communicate with the vm on VLAN01. But they cannot. I thought that is what the VLANID 'All' was all about? What am I missing here? Is what I need even possible?

If it matters, all the vm's are running CentOS 5.5

Thanks

Don

mackemftm · ‎06-08-2010

Hi scc,

I may be a little rusty on vlans but I'll have a crack. When a packet leaves the port group its getting tagged with the vlan id. So you need to have a router in place to be able to root between the different vlans (even on the same virtual switch). I'm a little unsure when you say you set the port group to "all" as I don't recall seeing that before (but I'll stand to be corrected) I know if you leave it blank it will not tag the packets at all.

Simple way to solve this would be to create a multihomed software router. There are loads on the appliance store. To be homiest you are not a million miles away from a basic DMZ.

Not sure if there's a sphere version of this but it shouldn't have changed all that much if at all from the below doc.

www.vmware.com/pdf/esx3_vlan_wp.pdf

I hope that helps a little.

vMackem - David Owen

Http://vmackem.golddustcontracting.co.uk

Please click the answered or helpful buttons to give me points. Thanks vMackem

View solution in original post

mackemftm · ‎06-08-2010

Hi scc,

I may be a little rusty on vlans but I'll have a crack. When a packet leaves the port group its getting tagged with the vlan id. So you need to have a router in place to be able to root between the different vlans (even on the same virtual switch). I'm a little unsure when you say you set the port group to "all" as I don't recall seeing that before (but I'll stand to be corrected) I know if you leave it blank it will not tag the packets at all.

Simple way to solve this would be to create a multihomed software router. There are loads on the appliance store. To be homiest you are not a million miles away from a basic DMZ.

Not sure if there's a sphere version of this but it shouldn't have changed all that much if at all from the below doc.

www.vmware.com/pdf/esx3_vlan_wp.pdf

I hope that helps a little.

vMackem - David Owen

Http://vmackem.golddustcontracting.co.uk

Please click the answered or helpful buttons to give me points. Thanks vMackem

thehyperadvisor · ‎06-08-2010

There is not really a ALL vlan. By not setting a vlan on the port group your just saying to pass the default vlan configured on the physical switch port. So all traffic should have a vlan tag but if not you can have a default vlan configured on the switch port.

For vlans to be able to talk between each other you will need a router configured appropriately.

hope this helps - thehyperadvisor.com

If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

VCP3,4,5, VCAP4-DCA, vExpert hope this helps - http://www.thehyperadvisor.com If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".

SCC · ‎06-09-2010

OK, that makes more sense, thank you for the clarification.