[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ESX: setup a vLAN

Posted on 2013-06-06
8
Medium Priority
?
640 Views
Last Modified: 2013-06-06
Hi All,

I've been asked to setup a vLAN for one of our Virtual Servers.  I followed this guide;

To configure a VLAN on the portgroup using the VMware Infrastructure/vSphere Client:
1.  Click the ESXi/ESX host.
2.  Click the Configuration tab.
3.  Click the Networking link.
4.  Click Properties.
5.  Click the virtual switch / portgroups in the Ports tab and click Edit.
6.  Click the General tab.
7.  Assign a VLAN number in VLAN ID (optional).
8.  Click the NIC Teaming tab.
9.  From the Load Balancing dropdown, choose Route based on originating virtual port ID.
10. Verify that there is at least one network adapter listed under Active Adapters.
11. Verify the VST configuration using the ping command to confirm the connection between the ESXi/ESX host and the gateway interfaces and another host on the same VLAN.

I've done steps 1-10 (dont know how to do 11), but I'm unable to ping the server on my new vLAN.

Here are the settings and I does say it's seen vLAN 2, but its not working.

vSwitch0 Settings
Any ideas on what i can check or should change?


many thanks
0
Comment
Question by:detox1978
  • 4
  • 4
8 Comments
 
LVL 124
ID: 39226104
Have you configured the physical switch for VLAN, trunk ?

the physical switch which is connected to this physical network uplink ports?

e.g. vmnic 1,0,4 and 6 will need to be in a trunk configuration, with a VLAN tag of 2 configured otherwise, traffic of packets, tagged by ESXi, will not know where to go, when they hit the physical switch.

I can see you have a 1 virtual server on VLAN 2, but where are you trying to ping it from, another device on VLAN 2.

You will only be able to ping from another VLAN, if you have Inter-VLAN routing configured on the physical switch.

and what VLAN are the other 22+ servers in?
0
 
LVL 2

Author Comment

by:detox1978
ID: 39226189
Yes I've configured the switch (a 3com 4500g) port as hybrid, so everything untagged is in vLAN1 and added vLAN2 (for voice).
0
 
LVL 124
ID: 39226452
use tags on the trunk. e.g. VLAN Tag 2, and VLAN Tag 3 for normal traffic etc

VLAN1 is a special VLAN, and should not be used.

how are you pinging the dsevice on VLAN 2 from where?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 2

Author Comment

by:detox1978
ID: 39226493
We have to use VLAN1 as its used by our main network (which I inherited).  I've checked everything from the switch side, and it works perfectly.  So there must be something i've forgot to do on the ESX side.

If i set a dedicated physical port (untagged) and use the switch to tag it, everything works.  But i dont really want to tied up a NIC to a single vLAN (effectively making it a LAN rather than vLAN).
0
 
LVL 124
ID: 39226776
ESXi does very little, in the way of VLANs, other than set the correct VLAN Tag Number, which corresponds to the VLAN you want to use, traffic through that virtual port group will then be tagged by the Host, when it enters the physical switch, if tag matches physical switch config, it will be sent on it's way....on that VLAN 2.

have you checked which nic port the VM is assoicated with, and checked that trunk, is configured correctly, with all four nics, for VLAN 2.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39226888
Is there any segregation between vLAN that are on the same host?

Is there a way to check the packets are being tagged correctly?  If i plug my laptop into a switch port the ESX was using and put it on vLAN 2's IP address i can resolve everything on vLAN 2.
0
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 39227047
but is your laptop actually using VLAN 2, or just an IP address on VLAN 2.

e.g. have you actually used an 802.1Q Tag on your Laptop NIC?

Yes, there is complete isolation between VLANs on an ESXi host.

Unless you use the special VLAN tag of ALL (4095), connecting this portgroup to a NIC, with Wireshark, you should be able to monitor traffic.
0
 
LVL 2

Author Comment

by:detox1978
ID: 39227400
I think this has many follow up questions, that I dont have time to fit in at the moment, so I'll close the question and reopen when I have time to do full diagnosing.  For now I've just put it on its own NIC.

Many thanks for your time.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
In this article will go through how to backup a vPostgres DB from a broken vCenter Appliance and restore to a new vCenter Appliance.
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question