• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1030
  • Last Modified:

VLAN Primer

I'm facing a somewhat complicated network scenario and need some advice on how best to proceed.  I have clients that are sharing an ethernet switch.  Currently, there are about 15 computer organized into 3 separate peer-to-peer networks occupying the same subnet with DHCP served by a shared DSL router.  All users share Internet and a printer/scanner on a specific IP address.  Very simple.

I am preparing to install two new MS Small Business Servers to support two fully separate domains as well as the existing peer-to-peer network.  The two domain controllers will be hosted on a shared VMWare ESXi box with two physical NICS.  While testing the viability of this plan on my office's physical network,  I discovered that despite having set the managment IP address of the ESXi box to a different IP subnet than what is used for my office network, the DHCP service fails to start on the new virtual server.  This is what I'd like to do:

Shared Physical Ethernet
New VM Network1:  Domain controller on
New VM Network2:  Domain controller on  
Existing Network: No Domain controller.  192.168.0.x
Share Internet resources and IP Printer/Scanner on the 192.168.0.x subnet between all subnets.

In other words, I'd like to isolate each network to avoid networking conflicts and to improve security, but also need each network to have access to shared resources.

VMWare ESX supports VLAN which I assume is the best way to share a physical infrastructure between multiple, isolated networks.  Will I need a Layer-3 switch as well?  How would one best proceed to setup such an environment? I have no experience with VLAN.  What would be the most cost effective and simple way to get this job done?



2 Solutions
Paul SolovyovskySenior IT AdvisorCommented:
You may want to look at VLANs with a Layer 3 switch or at least a router and a switch that supports VLANs.

You can setup each subnet as a separate entity and shared resources as a separate subnet.  Enable routing from each subnet strictly to itself and the resource subnet.  Map shared resources via IP address and you should be ok (such as printers).  Here's a few links that can act as a primer on how to setup VLANs.  You can configure ESX host statically (having a separate vswitch for each subnet or enable trunking and use the same set of nics.

You'd need to create a VLAN for each network, assign each switchport to its proper VLAN, trunk the port that the ESX server connects to so it can see all the VLAN's, create multiple DHCP scopes, then set up ACL's and/or routes to allow for internet access.  It's a good amount of work.

Start with the switch that your clients connect to.  Seting up VLAN's can be a little different, depending on what gear you have.  Get the make/model so you can start researching VLAN's
QualitycomputerAuthor Commented:
Gulp! I'm a bit out of my league now.  Rather than the VLAN route (no pun intended), I may be able to segment the network physically (using separate physical switches) and then plug each switch into a separate LAN port of a SonicWall firewall.  I believe that I can then allow each subnet to see the shared resources through the use of ARP entries.


nappy_dThere are a 1000 ways to skin the technology cat.Commented:
to add to the above comments:

You will need at a minimum, a switch such as this one to make this happen http://netgear.com/Products/Switches/SmartSwitches/GS716T.aspx?detail=Specifications

I would also recommend that you add a four port NIC to your ESXi box for redundancy and port based vlans for your network.  if you don't want to add more NICs, you you also referecne this artice on VGT for VLAN configs www.vmware.com/pdf/esx3_vlan_wp.pdf
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now