Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 401
  • Last Modified:

VLAN on VMware

Hi,
 
 I like to understand the concept and purpose of VLAN in VMware environment. When we have a network with internet network IP (192.168.1.x, 10.0.0.x ... etc), every device communicates with each other using its own IP address.
 Each VM that we create in VMware will receive an IP adress from DHCP server running on, typically, Domain Controller.
 Having said that, what is the purpose or benefit of VLAN?
0
sglee
Asked:
sglee
2 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The main benefit of a VLAN (which is not specific to VMware), is the number of physical cables that can be reduced and replaced with virtual networks.

e.g. in a physical network world, a single cable carries the traffic for a single network A, another single cable carries the traffic for a single network B, using VLANs, we can segregate the traffic and send the same network A and B, down the same cables, each network is isolated in it's own VLAN A and B.

BUT, we must have networking equipment, that we can use for VLANs, what is called VLAN Tagging.

Some more info here

Have a look here

Pages 13 - 73 Discuss Networking in Detail, iuncluding trunks, VLANs, switches, and load balancing

ESXi Configuration Guide ESXi 4.1

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf

Virtual Networking

http://www.vmware.com/technical-resources/virtual-networking/virtual-networks.html

Virtual Networking Concepts

http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

http://en.wikipedia.org/wiki/Virtual_LAN

http://en.wikipedia.org/wiki/IEEE_802.1Q
Sample configuration of virtual switch VLAN tagging (VST Mode)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004074

http://blog.scottlowe.org/2006/04/17/vlans-and-port-groups/

How to Setup VLANs

http://www.vladan.fr/great-kb-on-how-to-configure-vlans-on-vswitches-pswitches-and-vms/

VMware ESX Server 3: 802.1Q VLAN Solutions

http://www.vmware.com/pdf/esx3_vlan_wp.pdf

http://kb.vmware.com/kb/1004127

http://kb.vmware.com/kb/1004074

http://kb.vmware.com/kb/1004252
0
 
Michael MachieFull-time technical multi-taskerCommented:
Another huge benefit of vLANs is that you can segregate your network environment as needed and also increase your available IPs. For instance, I use vLANs and different IP schemes at different offices. Also, you can segregate within the same network or across a wide network.

Example:
All of my core Servers are configured on a vLAN using a specific IP set. My desktop PCs are on another vLAN using DHCP. Also, my laptops are on a separate vLAN as well. With switching equipment you can utilize vLANs to allow or block traffic from one switch port to another. One example would be if you have a vLAN (vLAN1)for your network peripherals (printers, scanners etc) you can use a specific IP scheme for that vLAN. Then, with another vLAN (vLAn2) for your desktop PCs you can allow, within the switch port configuration, the vLAN2 devices to speak to the vLAN1 devices, or block it, depending on what you want. My staff can send prints to printers but only from vLAN2 (desktops), meaning anyone else who is on the network with say, an iPAD on the wireless vLAN (vLAN3), could not print because I do not allow the wireless vLAN(3) to see or speak to vLAN1.

Sub-netting allows more IP addresses in an environment and you can assign a sub-net to a vLAN, helping to not only control access across sub-nets but to manage and structure your various sub-nets in an easier to understand structure.
I protect my core Server sub-net from our public facing web server sub-net  by disallowing the two to communicate, thereby increasing security.

I hope I was able to explain my thoughts enough to understand.
0
 
sgleeAuthor Commented:
Thanks for the information.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now