2 Replies Latest reply on Jan 9, 2014 4:22 PM by will373794

    Isolating vLAN's in vCenter in a network environment

    dauphin77 Enthusiast

      Hello,

       

      I am attempting to isolate a grouping of vlan's in vCenter in a network'd environment. I currently have 10 resource pools assigned with different vlan id's (350 - 360). This network environment includes multiple Cisco 3750 switches configured for trunking. 2 seperate vlans have been created on the switches in order to prevent access in two seperate locations in our office building (vlans 50 and 60).

       

      The ultimate goal here is to limit access to 5 of the resource pools to one office. Meaning the 5 resource pools (consisting of 100 vm's) can only be accessible from this one office and not the other. The Cisco switch in this office has been configured to pass vlan 60 traffic only but is still not isolating vlan 50 traffic.

       

      My question: Are there additional changes that need to be made to the Network Configuration file in vCenter or do I need to make additional configuration changes to my Cisco 3750 switches?

       

      Any help/guidance would be appreciated!

        • 1. Re: Isolating vLAN's in vCenter in a network environment
          dauphin77 Enthusiast

          Additional info, I do have 2 ESXi 5 hosts running on a Dell blade server that has DRS enabled to balance the load for all the VM's.

          • 2. Re: Isolating vLAN's in vCenter in a network environment
            will373794 Novice

            This is my note based on vSphere Networking Guide 5.1 p12 and p16. I refer to it every now and then. Assuming you are using VST  (Virtual Switch Tagging) config, you need to make sure,

            1. VMs in 5 of the pools that you want to isolated are mapped to the correct port groups (corresponding to vlan 50 and 60)

            2. Trunk the correct uplink port on vSS/vDS and physical switch. A easy way is set both to 4095 but for security reason I usually allow only the vlans in use.

            3. Then from physical switch you would trunk between edge and core and allow specific vlans (e.g. vlan 50 or 60) on different port on edge switch that your office hook into.

             

            Hope this helps

             

            EST_VST_VGT.png