1 Reply Latest reply on Mar 29, 2014 7:43 PM by weinstein5

    VSA and VLANS

    Fluxblocker Novice

      I am new to VLANs and VSA. I read that for 3 hosts in a VSA cluster and without DHCP, one needs 14 IP addresses.  So here is the question:  I noticed that on the documentation there were 3 IP addresses in a 192.168.0.0/24 network and the other 11 were in a different network.  The front-end network I guess.  So when I create a VLAN there is a subnet associated with it if I understand this correctly.  My question is, are the frontend IP addresses (the esxi hosts and other services with IP addresses) supposed to be put in a VLAN with a separate IP network address like the back-end?  Put another way, if all my physical networked devices (servers, workstations, printers etc.) were in the 172.20.150.0/24 network, and the backend traffic is in the 192.168.0.0/24 network, do I need to put the front-end hosts and services into another separate subnet, like 172.20.151.0/24?  I know these devices (the ESXi hosts and the services and management IP addresses) need to have their own VLAN ID, but for a VLAN to exist, it must also have a separate IP network associated with it, right?  This probably seems like a really stupid question to some of you but I would really be grateful if anyone could help me understand this a little better.  My guess is that I need to put the 11 front-end nodes into a separate subnet from the rest of the network - the physical LAN.  I have worked with LANs and physical devices for a long time but I'm new to VMware and VLANs.  The instructions are not clear to me whether the 11 front-end IP addresses are on the same LAN segment as the rest of the network, but it seems to me that it would be be useless to use a VLAN ID and assign it to a few switch ports but not associate it with a different subnet.  I feel like I am doing a poor job of explaining my question...

        • 1. Re: VSA and VLANS
          weinstein5 Guru
          User Moderators

          One thing to remember about vlans is they provide separate broadcast domains and hence will require different IP ranges - front end addresses can be on the same subnet as the management network but best practice is to isolate on its own vlan/subnet -

          1 person found this helpful