Solved

ESX: setup a vLAN

Posted on 2013-06-06
8
610 Views
Last Modified: 2013-06-06
Hi All,

I've been asked to setup a vLAN for one of our Virtual Servers.  I followed this guide;

To configure a VLAN on the portgroup using the VMware Infrastructure/vSphere Client:
1.  Click the ESXi/ESX host.
2.  Click the Configuration tab.
3.  Click the Networking link.
4.  Click Properties.
5.  Click the virtual switch / portgroups in the Ports tab and click Edit.
6.  Click the General tab.
7.  Assign a VLAN number in VLAN ID (optional).
8.  Click the NIC Teaming tab.
9.  From the Load Balancing dropdown, choose Route based on originating virtual port ID.
10. Verify that there is at least one network adapter listed under Active Adapters.
11. Verify the VST configuration using the ping command to confirm the connection between the ESXi/ESX host and the gateway interfaces and another host on the same VLAN.

I've done steps 1-10 (dont know how to do 11), but I'm unable to ping the server on my new vLAN.

Here are the settings and I does say it's seen vLAN 2, but its not working.

vSwitch0 Settings
Any ideas on what i can check or should change?


many thanks
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 121
ID: 39226104
Have you configured the physical switch for VLAN, trunk ?

the physical switch which is connected to this physical network uplink ports?

e.g. vmnic 1,0,4 and 6 will need to be in a trunk configuration, with a VLAN tag of 2 configured otherwise, traffic of packets, tagged by ESXi, will not know where to go, when they hit the physical switch.

I can see you have a 1 virtual server on VLAN 2, but where are you trying to ping it from, another device on VLAN 2.

You will only be able to ping from another VLAN, if you have Inter-VLAN routing configured on the physical switch.

and what VLAN are the other 22+ servers in?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39226189
Yes I've configured the switch (a 3com 4500g) port as hybrid, so everything untagged is in vLAN1 and added vLAN2 (for voice).
0
 
LVL 121
ID: 39226452
use tags on the trunk. e.g. VLAN Tag 2, and VLAN Tag 3 for normal traffic etc

VLAN1 is a special VLAN, and should not be used.

how are you pinging the dsevice on VLAN 2 from where?
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 2

Author Comment

by:detox1978
ID: 39226493
We have to use VLAN1 as its used by our main network (which I inherited).  I've checked everything from the switch side, and it works perfectly.  So there must be something i've forgot to do on the ESX side.

If i set a dedicated physical port (untagged) and use the switch to tag it, everything works.  But i dont really want to tied up a NIC to a single vLAN (effectively making it a LAN rather than vLAN).
0
 
LVL 121
ID: 39226776
ESXi does very little, in the way of VLANs, other than set the correct VLAN Tag Number, which corresponds to the VLAN you want to use, traffic through that virtual port group will then be tagged by the Host, when it enters the physical switch, if tag matches physical switch config, it will be sent on it's way....on that VLAN 2.

have you checked which nic port the VM is assoicated with, and checked that trunk, is configured correctly, with all four nics, for VLAN 2.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39226888
Is there any segregation between vLAN that are on the same host?

Is there a way to check the packets are being tagged correctly?  If i plug my laptop into a switch port the ESX was using and put it on vLAN 2's IP address i can resolve everything on vLAN 2.
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 39227047
but is your laptop actually using VLAN 2, or just an IP address on VLAN 2.

e.g. have you actually used an 802.1Q Tag on your Laptop NIC?

Yes, there is complete isolation between VLANs on an ESXi host.

Unless you use the special VLAN tag of ALL (4095), connecting this portgroup to a NIC, with Wireshark, you should be able to monitor traffic.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39227400
I think this has many follow up questions, that I dont have time to fit in at the moment, so I'll close the question and reopen when I have time to do full diagnosing.  For now I've just put it on its own NIC.

Many thanks for your time.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to convert virtaul disk file formats and how to rename virtual machine files on datastores. Open vSphere Web Client: Review VM disk settings: Migrate VM to new datastore with a thick provisioned (lazy zeroed) disk format: Rename a…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question