If yes, how would the NICs be physically connected to CISCO switch? How would they know which vmnic0/1 routes traffic and where?

You should configure the Cisco ports as trunk ports and allow traffic from VLAN 1 (internal betwork) and VLAN 20 (DMZ network). About which vmnic will traffic the route, you should not worry, the load balance algorithm will take care of this.

Thank you and we tried doing first as you suggested above before we reserved to exhibit B solution because we weren't able to make it work. There is a KB article available on this but it is somewhat confusing. For example, we were suggested to set up ports on Cisco as mode access like so:

interface GigabitEthernet0/23

switchport access vlan 20

switchport mode access

!

Are you sure about trunk ports? The article mentions vlan tagging. How does this come into play? Can you provide a specific example for Cisco configuration?

Article mentioned: VMware KB: Configuring Network Switches for VLAN Tagging

QUESTIONS:

If we have VLAN 20 on vDMZ do we also have to have the same VLAN 20 on Cisco switch or it could be any number? Do vlan numbers have to match on virtual and physical switch?

If vmnic0 goes to port 23 on Cisco and vmnic1 goes to port 22 on Cisco are both Cisco ports should be set to trunks? Different of same VLAN?

Both Cisco switch ports should have the following configuration:

interface g0/x

switchport mode trunk

switchport trunk allowed vlan 10,20 (optimal, since the default will allow all VLANs)

But, since you're not specifying a VLAN for the VMkernel and for Virtual Machine Port Group at vSphere level, you will need to do that first, what will make you loose access for the host, and then change the configuration of the physical switch port, that will restore the communication again.

For additional information about use VLANs, see: VMware KB: Sample configuration of virtual switch VLAN tagging (VST Mode)

What does this line mean?

switchport trunk allowed vlan 10

Sorry was little late on editing my post with the following questions:

QUESTIONS:

If we have VLAN 20 on vDMZ do we also have to have the same VLAN 20 on Cisco switch or it could be any number? Do vlan numbers have to match on virtual and physical switch?

If vmnic0 goes to port 23 on Cisco and vmnic1 goes to port 22 on Cisco are both Cisco ports should be set to trunks? Different of same VLAN?

On the vSpher side if you specify VLAN 20 for the vDMZ and VLAN 10 for VMkernel port and Virtual Machine port group and assuming the both vmnic are connected to GigabitEthernet0/22 and GigabitEthernet0/23, the Cisco configuration should looks like:

interface GigabitEthernet0/22

switchport mode trunk

switchport trunk allowed vlan 10,20

interface GigabitEthernet0/23

switchport mode trunk

switchport trunk allowed vlan 10,20

Both ports should allow traffic from VLAN 10 and 20 and this is why we put the configuration switchport trunk allowed vlan 10,20, that means that traffic from VLAN 10 and 20 will be allowed on that port.

Thank you...

By VMKernel you mean Management Network on vSphere virtual switch?

You mentioned that at some point we will lose connection to the host but it will be restored when we make changes to cisco switch? Shouldn't we make changes to cisco first to save on down time?

The article mentions to avoid VLAN default 1, what are they talking about?

Thank you. According to A:

VIPMAIL --> VMware vDMZ VLAN 20 --> vmnic0 --> Cisco Gi0/13

VMkernel  --> VMware vDMZ VLAN 0 --> vmnic1 -->  Cisco Gi0/22

VM Network ????

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11

                                                Gi0/12, Gi0/17, Gi0/18, Gi0/19, Gi0/20, Gi0/21, Gi0/25, Gi0/26, Gi0/27, Gi0/28

10   DMZ                              active    Gi0/13, Gi0/14, Gi0/15, Gi0/16

20   vDMZ                             active    Gi0/22, Gi0/23, Gi0/24

The above are my current physical cisco VLAN configuration. If (exhibit A) vmnic0 connected to Gi0/13 trunk and vmnic1 connected to Gi0/22 trunk then:

interface GigabitEthernet0/13

switchport mode trunk

switchport trunk allowed vlan 10,20

interface GigabitEthernet0/22

switchport mode trunk

switchport trunk allowed vlan 10,20

Right? The question I have is how would the rest of my network on Cisco VLAN 1 see servers located on vSwitch0/VM Network VLAN 0 ?

By VMKernel you mean Management Network on vSphere virtual switch?

Yes.

You mentioned that at some point we will lose connection to the host but it will be restored when we make changes to cisco switch? Shouldn't we make changes to cisco first to save on down time?

You will get downtime, but no a longer downtime... and you can do the change first on Cisco, but you will need access to ESXi console to change the VLAN for the management network.

The article mentions to avoid VLAN default 1, what are they talking about?

Since the VLAN 1 is the default VLAN, vendors suggest avoid use it for security purpose.

Sorry, but can you confirm where the vmnic0 and vmnic1 are connected ? If you don't know, click on the ballon icon close to the vmnic that you will see information collected by CDP.

Thank you for taking your time to assist me with this matter!

Currently vmnic0 and vmnic1 connected into VLAN 1 on Cisco switch so everything is on one singe network. I have created VLAN 10 and 20 on Cisco as you suggested for the purpose of moving VIPMAIL to vDMZ VLAN 20 on VMware vSwitch0. So my question is this:

If I plug in vmnic0 into cisco VLAN 10 Gi0/13 and I plug in vmnic1 into cisco VLAN 20 Gi0/22 trunks how would my VLAN 1 network see cisco vlan 10 and 20? My workstation which i use to connect to ESXI host is on cisco  VLAN 1.

Did you mean to move/rename VLAN 1 to VLAN 10 on CISCO?

Please see your private message with my private diagram. Let us try this again with Diagrams:

In exhibit A, VM Network and Management Network are on VLAN 0 by default.

Cisco switch is by default on VLAN 1 and my local LAN is on it including my workstation that connects to ESXi host.

Should VLANS have matching numbers when configuring vlan tagging to work on trunks i.e. Cisco VLAN 20 = vDMZ VLAN 20?

The reason I ask is that according to Cisco VLAN tagging only works between cisco switches?

If that is the case then I should assign VLAN 10 to VM Network and VM Kernel AND move VLAN 1 to VLAN 10 on Cisco to have matching VLANs?

If you were to implement DMZ in exhibit A, how would you do it?

Please see if the below proposed solution is good. Sorry about the ink but its faster

So I have decided to perform this using NIC teaming EtherChannel TRUNK between vmware and Cisco switch.

I have successfully configured the Cisco Switch and now the time has come to make changes on the VMware side.

In order to accomplish this I need to change the LOAD BALANCING to ROUTE BASED ON IP HASH.

If I make this change in load balancing config will it disconnect me?

Here is an article I go by but it doesn't say:

VMware KB: Sample configuration of EtherChannel / Link Aggregation Control Protocol (LACP) with ESXi...