VMware Cloud Community
pcssteve
Contributor
Contributor
‎11-15-2011 12:25 AM

vm belong to two vlans

We have a ESXi 4.1 host that has three Win2008 R2 VM's

VM1 needs to communicate with VM2

VM1 also needs to communicate with VM3

VM2 must not be able to communicate with VM3

We have attempted to achieve this by putting all VM's in their own port group.

The VM1 port group having VLAN ID 4095

The VM2 port group having VLAN ID 100

The VM3 port group having VLAN ID 200

The result is that neither machine can communicate.We were of the understanding that by having VM1 in a port group with VLAN ID 4095 it will be able to communicate with other VLANS on the same vSwitch. This does not appear to be the case.

Any suggestions on how we can achieve the desired result?

0 Kudos
6 Replies
arturka
Expert
Expert
‎11-15-2011 12:44 AM

Hi

You have to set vLAN tagging (VGT) on OS level in VM with port group 4095.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100425...

VCDX77 My blog - http://vmwaremine.com
pcssteve
Contributor
Contributor
‎11-15-2011 03:37 PM

We would like to avoid using VGT and use VST instead but can not determine a way to have a virtual machine (VM1) communicate with two other virtual machines (VM2 and VM3) whilst preventing VM2 and VM3 communicating with each other.

Do you have any thoughts or ideas on this?

0 Kudos
a_p_
Leadership
Leadership
‎11-15-2011 03:45 PM

Only a thought:

Put VM2 and VM3 on two separate vSwitches and add additional virtual NICs to VM1 which are connected to these two vSwitches.

André

0 Kudos
pcssteve
Contributor
Contributor
‎11-15-2011 03:49 PM

Thanks for your suggestions. I will be testing the configurations now and will advise the outcome.

0 Kudos
pcssteve
Contributor
Contributor
‎11-16-2011 02:05 AM

Considering there will be approx. 20 VMs in total that will be in this scenario we found the most appropraite method was to implement a Distributed Switch and configure Private VLANS to separate the virtual macine traffic.

This has allowed us to have specific VMs to communicate with all other VMs (Promiscuos PVLAN) and other VMs that communicate in an Isolated PVLAN, that is, they cannot communicate between other VMs in the Isolated PVLAN but they can communicate with VMs in the Promiscuos PVLAN.

0 Kudos
a_p_
Leadership
Leadership
‎11-16-2011 02:18 AM

Discussion moved from VI: VMware ESX™ 3.5 to VMware vSphere™ vNetwork

0 Kudos