spinoza156
asked on
How Can I Segment My Lan Using VMWare Standard Switches
Hi.
I would like to be able to segment my flat LAN network into multiple segments mostly for security reasons. My current setup has two VMware 5.5 hosts connected to a couple managed Cisco switches. My goal is to be able to segment my VM's onto different networks. My license is Vmware Standard (which precludes the use of the Cisco 1000v).
Are there any solutions out there (perhaps a virtual router) that can let me do this? Or can I do this using the standard vSwitch technology included in Vmware?
I would like to be able to segment my flat LAN network into multiple segments mostly for security reasons. My current setup has two VMware 5.5 hosts connected to a couple managed Cisco switches. My goal is to be able to segment my VM's onto different networks. My license is Vmware Standard (which precludes the use of the Cisco 1000v).
Are there any solutions out there (perhaps a virtual router) that can let me do this? Or can I do this using the standard vSwitch technology included in Vmware?
just beware, you need a layer 3 or router to do intervlan routing, which also means all traffic has to go out the physical unless you do that in a virtual router
ASKER
Thanks Andrew.
Going with the first option I have created my switch with two port groups. How would the virtual router look in this simple scenario?
Going with the first option I have created my switch with two port groups. How would the virtual router look in this simple scenario?
ASKER
The virtual router, will have to have two nics, connected to Network Test1 and Test2.
using different IP Addresses, it will route traffic between the networks, no need to use VLAN Tags.
using different IP Addresses, it will route traffic between the networks, no need to use VLAN Tags.
ASKER
Thank you for the clarification.
Network isolation is paramount as I will be cloning my production network into the test networks. Is this achievable using the above configuration AND never connecting the physical adapter?
Network isolation is paramount as I will be cloning my production network into the test networks. Is this achievable using the above configuration AND never connecting the physical adapter?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is the most elegant solution. The information regarding virtual routing was also very helpful.
or create two vSwitches, different physical networks connected to different vSwitches, with different virtual machine network portgroups.
That's the network's created, but to route between the networks, you will need a virtual router.
Which could be Freesco or Monowall.