?
Solved

VLAN on VMware

Posted on 2014-10-01
3
Medium Priority
?
399 Views
Last Modified: 2014-10-02
Hi,
 
 I like to understand the concept and purpose of VLAN in VMware environment. When we have a network with internet network IP (192.168.1.x, 10.0.0.x ... etc), every device communicates with each other using its own IP address.
 Each VM that we create in VMware will receive an IP adress from DHCP server running on, typically, Domain Controller.
 Having said that, what is the purpose or benefit of VLAN?
0
Comment
Question by:sglee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 123

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1000 total points
ID: 40355727
The main benefit of a VLAN (which is not specific to VMware), is the number of physical cables that can be reduced and replaced with virtual networks.

e.g. in a physical network world, a single cable carries the traffic for a single network A, another single cable carries the traffic for a single network B, using VLANs, we can segregate the traffic and send the same network A and B, down the same cables, each network is isolated in it's own VLAN A and B.

BUT, we must have networking equipment, that we can use for VLANs, what is called VLAN Tagging.

Some more info here

Have a look here

Pages 13 - 73 Discuss Networking in Detail, iuncluding trunks, VLANs, switches, and load balancing

ESXi Configuration Guide ESXi 4.1

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf

Virtual Networking

http://www.vmware.com/technical-resources/virtual-networking/virtual-networks.html

Virtual Networking Concepts

http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

http://en.wikipedia.org/wiki/Virtual_LAN

http://en.wikipedia.org/wiki/IEEE_802.1Q
Sample configuration of virtual switch VLAN tagging (VST Mode)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004074

http://blog.scottlowe.org/2006/04/17/vlans-and-port-groups/

How to Setup VLANs

http://www.vladan.fr/great-kb-on-how-to-configure-vlans-on-vswitches-pswitches-and-vms/

VMware ESX Server 3: 802.1Q VLAN Solutions

http://www.vmware.com/pdf/esx3_vlan_wp.pdf

http://kb.vmware.com/kb/1004127

http://kb.vmware.com/kb/1004074

http://kb.vmware.com/kb/1004252
0
 
LVL 13

Accepted Solution

by:
Michael Machie earned 1000 total points
ID: 40355785
Another huge benefit of vLANs is that you can segregate your network environment as needed and also increase your available IPs. For instance, I use vLANs and different IP schemes at different offices. Also, you can segregate within the same network or across a wide network.

Example:
All of my core Servers are configured on a vLAN using a specific IP set. My desktop PCs are on another vLAN using DHCP. Also, my laptops are on a separate vLAN as well. With switching equipment you can utilize vLANs to allow or block traffic from one switch port to another. One example would be if you have a vLAN (vLAN1)for your network peripherals (printers, scanners etc) you can use a specific IP scheme for that vLAN. Then, with another vLAN (vLAn2) for your desktop PCs you can allow, within the switch port configuration, the vLAN2 devices to speak to the vLAN1 devices, or block it, depending on what you want. My staff can send prints to printers but only from vLAN2 (desktops), meaning anyone else who is on the network with say, an iPAD on the wireless vLAN (vLAN3), could not print because I do not allow the wireless vLAN(3) to see or speak to vLAN1.

Sub-netting allows more IP addresses in an environment and you can assign a sub-net to a vLAN, helping to not only control access across sub-nets but to manage and structure your various sub-nets in an easier to understand structure.
I protect my core Server sub-net from our public facing web server sub-net  by disallowing the two to communicate, thereby increasing security.

I hope I was able to explain my thoughts enough to understand.
0
 

Author Comment

by:sglee
ID: 40357304
Thanks for the information.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question