How to set a vLAN on a Virtual Machine without Distributed Switches ...

Hi Experts,

I have a vmware HA environment setup, i want to enable vLANs on my virtual machines, but i dont have vDS (Distributed Switches) on my vmware server. How can i use my vLANs that i create on my router and access them from my Virtual Machines.

Thanks in advance.



Trevor
LVL 1
trevsoftAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul SolovyovskySenior IT AdvisorCommented:
1.  Create a standard vswitch
2.  Create a port channel group on the switch
3.  Create trunk on the port channel group and assign the nic ports assigned to your vswitch
4.  Configure vswitch for IP Hash
5.  Create port groups that correspond to your VLANs
6.  Ensure that the trunk is passing the appropriate VLANs
Jaroslav MrazCTOCommented:
ltle coverastion is here about it

http://communities.vmware.com/thread/307008
Luciano PatrãoICT Senior Infraestructure  Engineer  Commented:
Hi

You do not need vDS to create VLANs.

Here ares some examples how to build VLANs with normal vSwitch/Portgroup

http://kb.vmware.com/kb/1004074

http://kb.vmware.com/kb/1003806

How to create with command line

http://www.youtube.com/watch?v=zKedL_Sp31s

Also be attention on paulsolov information, regarding point 5 and 6. Its important.

Hope this can help

Jail
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

trevsoftAuthor Commented:
Hi Experts,

Im a bit lost, ive tried a bit from all these documents and i cant seem to get the vLAN working, am i missing something. I successful have vLANs working on my other servers in my core network. But im struggling to get this concept in my head.

Also, if i tell the the ESXi host to be on vLAN 0 (None) how do the virtual machines get set their vLAN or 2.

Another thing i cant find anything about trunking in the start vSwitch .. is this just terminology?

Thanks in advance for your help.



Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
1. Firstly, you must use a physical switch that can be configured for VLANs.

2. Create a TRUNK, port, and ensure that you have the Tagged VLANs run on that TRUNK port which is connected to your ESXi physical NICs.

3. For each VLAN you create a Virtual Machine Network Portgroup with the Tagged (VLAN) Required for that VLAN as in the screenshot above 36899367, in that example a VLAN 12 has been created for virtual machines to use. VMs connected to this Network (by selecting this Network in the Virtual Machine Properties, select the Network next to the VM NIC) will have their network packets tagged to use VLAN 12, so packets entering the virtual switch will be Tagged with VLAN 12, flow up the physical Uplink to the Physical Switch, which will detect the Tag in the packet, and send to VLAN 12.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
TRUNKing is performed on the physical switch (external to ESXi).
trevsoftAuthor Commented:
Hi Experts,

I have Trunked the connect from the router (where the vLANs are being created) and tagged a port on the switch to do this. With this i can vLAN my physical equipment fine.

So you are say, i need to tag also the the ports where the ESXi servers are connected too on the physical switch so the vLANs are then trunked into the ESXi servers allowing the VMs see the vLAN?

Is this right?


Trevor
trevsoftAuthor Commented:
Hi Experts,

I have managed to get the vLANs working but i dont think its the way i want it to work.

Once i tagged the physical network cards for all the physical vm servers, and set teh vLAN ID on the vSwitch i created. The DHCP server for that vLAN brought the VM online and on the internet. First step achieved.

Now im thinking about it, does this mean everytime i was to create a vLAN for a new network, im going to have to use a port on my physical network card in hte vm server.

If so, have i configured this wrong and is there another way to do this?


Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Normally, you would create a trunked network of one or more physical network ports, and ALL the VLANs would run over this trunk.

So, if you required another VLAN, you would add the Tag to the Trunk, and Create a Network Portgroup on the ESXi vSwitch for the virtual machines.
trevsoftAuthor Commented:
Hi Experts,

Ok now why would i have vLANs working on one vm server but no the other. Both Intel servers with the same NICs, version of ESXi, same vSwitch Setup, but when i vMotion from one server to the other i loose network connectivity.

Any ideas?



Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You've not got the same vLAN setup on the other Server?

The other server does not have the a trunk with the same VLANs?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Can you provide screenshots of both Server's Network Configuration?
trevsoftAuthor Commented:
Hi hancocka,

Do you have an email address i can send them too?

I dont really want to put my production servers here online for everyone to see.



Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
I'm sorry, EE forbids comminication outside of EE.

Screenshot them, and remove the server names, or just partially obscure them.
trevsoftAuthor Commented:
Ok cool give me a few minutes.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
no worries
trevsoftAuthor Commented:
Ok here we go ... This is the server thats working This is the server thats not working
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
why are you using a VLAN ID of 4095?

this is a special type of VLAN for Internal Use on ESXi vSwitches?

See here

http://www.yellow-bricks.com/2010/06/10/vlan-id-4095/

Normally, we allocate VLAN Tags, and reserve 0,1 and 4095, and use other numbers.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
It is also probably worth noting that the IEEE 802.1Q standard states that VLAN ID 4095 is reserved and should not be used for VLAN assignments. This is why VMware utilised ID 4095 to provide VGT.
trevsoftAuthor Commented:
Does vLAN 4095 mean that all vLANs are passed through to the vm Servers ?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
It basically means that the VLAN ID is stripped off at the Guest OS layer and not at the portgroup layer. In other words the VLAN trunk (multiple VLANs on a single wire) is extended to the virtual machine and the virtual machine will need to deal with it.

If you saw my original picture, and saw the VLAN ID of 4095, I'm using it for special debugging in my VM, looking at all traffic into the vSwitch!

Use standard VLAN Tags for your networks, (not 0, 1 or 4095)
trevsoftAuthor Commented:
But thats why i thought that if i used the new NIC in the vm's. VMXNET 3 cards i can set the vLANs in the guest OS.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
well you could, but its not normal!
trevsoftAuthor Commented:
ok fair enough. but its the only way i could get it working.

How should i be setting it up then, becausei tried all the previous documents above and couldnt get one to work for me.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
use a tag on a port group.

add the tag to the trunk on the switch.

does your switch support vlan tagging?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
what router do you have, does it support vlans correctly?
trevsoftAuthor Commented:
Router = Netgear Quad WAN SRX5308 (meant to be a layer 3 router)
Switch = Netgear GS748TS Stackable Smart Switch (meant to be Layer 3 also)

What i have done ...

I have setup the vLANs on LAN port # 1 on the router, i then plugged the router (LAN port # 1) into LAN port # 48 on the network switch and tagged that port. i have also tagged ports 21-28 (where the vm servers are connected too).

From this point, my vLANs on my physical network work fine.

What i want to do is create a vSwitch that i can use for any network that i want to vLAN, or do i have this all wrong?


Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
is lan port 1 a trunk port, tagged with all your vlans?

lan port 48 also trunk port, tagged with all your vlans?

how many vlans? and what vlan nos?

ports 21 to 28 are all a trunk? with the same vlans running on them?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
you should have a network port group per vLAN on the vSwitch.

traffic from the vm will be tagged on the vswitch into your physical trunk port.
trevsoftAuthor Commented:
this is what i dont understand, can you tell me step by step what i need to do. Up till a week ago i never needed to setup vLANs. :( and im stuggling to get my head around how it all works.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Why do you need to setup vLANs?
trevsoftAuthor Commented:
I have two physical networks i wanted to run on the same switch, so i dont have to connect over a wan and vpn connect to each network.

This is now done.


What i want to do, is my test lab, and the clients whos servers im hosting, i want them all to be on a seperate vLAN like this they can see each other.

Trevor
trevsoftAuthor Commented:
Ok what i have done now is removed the 4095 vLANs from all the vSwitches and i noticed an add button so i added a vm network and gave that vLAN # 2, but i still cant get it working.

Where am i going wrong?




Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay, so if hosting different clients, that is good reason to use VLANs.

that's all the config that is required on ESXi.

The rest is completed on the physical switches.

Have you setup TRUNKED ports to the ESX servers? carrying the VLAN 2 TAGGED!
trevsoftAuthor Commented:
This is the problem, there is nothin about trunking in this switch its just Tag, Untag or None.

I think this is where im confused ...
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay, maybe it does not call it trunk

normally, you have Access ports, and trunk ports, trunks carry multiple VLANs.

how many VLANs do you want?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
normally, you trunk (bond)(group) multiple ports together.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
states in manual on Page 3-2

When one port is assigned to multiple VLANs, the port is used as a trunk port to connect to
another switch or router.


ftp://downloads.netgear.com/files/SRX5308_RM_29Apr10.pdf
trevsoftAuthor Commented:
Yes i have done that already, all vLANs are configured to be on Port # 1 (on the router) which is then connected to the switch on port # 48. That port is then Tagged (im assuming TRUNKED) on the switch.

So what should i be doing on the switch to get the vLANs to go into the vm servers.



Trevor
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
yes, if it has more than 1 VLAN it's a trunk!

Both Ports, need to have the same VLANs running on them.

I would work on the switch first, and then later add the router.

But at the switch, add 2 VLANs to 2-Ports, connect one to ESX Server A, and ESX Server B, connect up Network Portgroup with same Tag, to a VM, and you should be able to ping.

(we do not use NetGear products, the last time we had NetGear products, the VLANs did not work with HP Procurve Kit, so we scrapped them.)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
trevsoftAuthor Commented:
Hi,

You were right .. im sorry.

Once i got my head around the way you were trying to explain how the vLANs should work it all came together.

Thank you for all your help :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.