How to setup private vlans on ESX4/VSphere?

What is the correct approach for setting up private vlans in vcenter?  I want to be able to create 8 networks total, 1 - promiscuous, 3 - isolated and 4 - community.

TIA!
timdinsdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vmwarun - ArunCommented:
How many NICs are available in your vSphere Hosts ?
0
timdinsdAuthor Commented:
6 nics for 2 of the main hosts we are trying to get vds + private vlans setup on.  There are an additional 4 hosts in the same datacenter that we have not added addl nics to, that still have the factory 2 onboard gig.
0
vmwarun - ArunCommented:
I suggest that you use 1 NIC for Service Console and then use vSwitches for segregating your VLAN Traffic.

Are you using Promiscuous Mode for deploying IDS / IPS ?
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

timdinsdAuthor Commented:
ok, so the service console nic needs to keep separate from the vds?  in 3.5 we had the 2 onboard nics bound to vswitch0 and had all traffic going through that.  That included vmotion, service console 1 & 2, as well as the guest networks, all using a single network.

What would the ideal setup be, use the 2 onboard nics for service console and vmotion, then the addl nics for vds stuff?

Also we are looking at doing promiscuous in the private vlans for default machines and the inside fw interface that all machines should have access to.  My understanding is that promiscuous in regards to private vlans is related to layer2 switch segmenting rather than the promiscuous in terms of nics and accepting all packets (like for sniffer, ids/ips) Does that sound right?

0
vmwarun - ArunCommented:
Its not a good security practice to use a single NIC for VM Traffic and Service Console Traffic.

An ideal config would be to have six NICs in total, 1 for SC, 1 for vMotion and the rest for your VM Traffic. In case you have iSCSI SAN then that would need a NIC as well.

0
timdinsdAuthor Commented:
great advice thank you.  Can you explain how private vlans settings need to be configured in vcenter?  I am trying to get my brain wrapped around the notion of trunks, switches, port groups and private vlans in vcenter.
0
vmwarun - ArunCommented:
Are you vSphere ESX 4.0 or ESX4i ?
0
timdinsdAuthor Commented:
vsphere esx 4.0 enterprise with vcenter server standard
0
vmwarun - ArunCommented:
I suggest that you kindly go through this PDF in order to clear your doubts -  From Page 13 - http://www.vmware.com/pdf/vsphere4/r40/vsp_40_esx_server_config.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timdinsdAuthor Commented:
you are awesome!!  I have been looking for something like on their site since Saturday!

Thank you!
0
timdinsdAuthor Commented:
extremely helpful and knowledgeable!
0
vmwarun - ArunCommented:
You are most welcome.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.