VLAN Primer

Posted on 2009-12-21
Last Modified: 2012-05-08
I'm facing a somewhat complicated network scenario and need some advice on how best to proceed.  I have clients that are sharing an ethernet switch.  Currently, there are about 15 computer organized into 3 separate peer-to-peer networks occupying the same subnet with DHCP served by a shared DSL router.  All users share Internet and a printer/scanner on a specific IP address.  Very simple.

I am preparing to install two new MS Small Business Servers to support two fully separate domains as well as the existing peer-to-peer network.  The two domain controllers will be hosted on a shared VMWare ESXi box with two physical NICS.  While testing the viability of this plan on my office's physical network,  I discovered that despite having set the managment IP address of the ESXi box to a different IP subnet than what is used for my office network, the DHCP service fails to start on the new virtual server.  This is what I'd like to do:

Shared Physical Ethernet
New VM Network1:  Domain controller on
New VM Network2:  Domain controller on  
Existing Network: No Domain controller.  192.168.0.x
Share Internet resources and IP Printer/Scanner on the 192.168.0.x subnet between all subnets.

In other words, I'd like to isolate each network to avoid networking conflicts and to improve security, but also need each network to have access to shared resources.

VMWare ESX supports VLAN which I assume is the best way to share a physical infrastructure between multiple, isolated networks.  Will I need a Layer-3 switch as well?  How would one best proceed to setup such an environment? I have no experience with VLAN.  What would be the most cost effective and simple way to get this job done?



Question by:Qualitycomputer
    LVL 42

    Accepted Solution

    You may want to look at VLANs with a Layer 3 switch or at least a router and a switch that supports VLANs.

    You can setup each subnet as a separate entity and shared resources as a separate subnet.  Enable routing from each subnet strictly to itself and the resource subnet.  Map shared resources via IP address and you should be ok (such as printers).  Here's a few links that can act as a primer on how to setup VLANs.  You can configure ESX host statically (having a separate vswitch for each subnet or enable trunking and use the same set of nics.
    LVL 21

    Assisted Solution

    You'd need to create a VLAN for each network, assign each switchport to its proper VLAN, trunk the port that the ESX server connects to so it can see all the VLAN's, create multiple DHCP scopes, then set up ACL's and/or routes to allow for internet access.  It's a good amount of work.

    Start with the switch that your clients connect to.  Seting up VLAN's can be a little different, depending on what gear you have.  Get the make/model so you can start researching VLAN's

    Author Closing Comment

    Gulp! I'm a bit out of my league now.  Rather than the VLAN route (no pun intended), I may be able to segment the network physically (using separate physical switches) and then plug each switch into a separate LAN port of a SonicWall firewall.  I believe that I can then allow each subnet to see the shared resources through the use of ARP entries.


    LVL 32

    Expert Comment

    to add to the above comments:

    You will need at a minimum, a switch such as this one to make this happen

    I would also recommend that you add a four port NIC to your ESXi box for redundancy and port based vlans for your network.  if you don't want to add more NICs, you you also referecne this artice on VGT for VLAN configs

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now