ESXi Server, VLANs, Trunks ...will this allow VMs to talk to each other?
I reveived some OVAs and an instruction book to set up an ESXi Server for testing.
Reading the instruction guide, it appears they are setting up one vSwitch with two physical nics (one as a failover).
ESXi-1 mgt is set to VLAN 50.
The virtual machines currently only have (1) Network Interface
The networking setup for ESXi-1 shows a single virtual switch (vswitch0) configured to use (2) physical ethernet interfaces
in an Active (vmnic0) and Standby (vmnic1) configuration.
The ESXi-1 host is configured as ESXi port 1 as vmnic0 and ESXi port 2 as vmnic1
It shows
ESXi-1 port 1 Trunk VLANs=20,30,50
ESXi-1 port 2 Trunk VLANs=20,30,50
VLAN 20 = 192.168.50.32/27
VLAN 30 = 192.168.50.128/27
VLAN 50 = 192.168.50.48/28
Then, they have two port groups off of vSwitch0 set with VLANs (101,102).
VLAN 101 (Port Group INF) = 10.10.10.62/26
VLAN 102 (Port Group FMT) = 10.10.10.126/26
The DC is on INF (DC 10.10.10.1)
Two VMs on FMT (VM-FM1 10.10.10.10, VM-FM2 10.10.10.11)
There are two VMs on DE_FXT based on the OVA deployment instructions.
(VM-DE1 192.168.50.22, VM-DE2 192.168.50.88).
Will this setup require an L3 switch?
Does the diagram correspond to what is to be set up?
ESXi Server set to VLAN 50
Trunked Ports for VLANs on the switch
Port Groups with VLANs
Etc..
Will this setup require an L3 switch?
Also
Is it possible to set his up using pfsense and not connect to a physical switch?
Something like a sandbox set up with no physical switch backing?
thanks
Reading the instruction guide, it appears they are setting up one vSwitch with two physical nics (one as a failover).
ESXi-1 mgt is set to VLAN 50.
The virtual machines currently only have (1) Network Interface
The networking setup for ESXi-1 shows a single virtual switch (vswitch0) configured to use (2) physical ethernet interfaces
in an Active (vmnic0) and Standby (vmnic1) configuration.
The ESXi-1 host is configured as ESXi port 1 as vmnic0 and ESXi port 2 as vmnic1
It shows
ESXi-1 port 1 Trunk VLANs=20,30,50
ESXi-1 port 2 Trunk VLANs=20,30,50
VLAN 20 = 192.168.50.32/27
VLAN 30 = 192.168.50.128/27
VLAN 50 = 192.168.50.48/28
Then, they have two port groups off of vSwitch0 set with VLANs (101,102).
VLAN 101 (Port Group INF) = 10.10.10.62/26
VLAN 102 (Port Group FMT) = 10.10.10.126/26
The DC is on INF (DC 10.10.10.1)
Two VMs on FMT (VM-FM1 10.10.10.10, VM-FM2 10.10.10.11)
There are two VMs on DE_FXT based on the OVA deployment instructions.
(VM-DE1 192.168.50.22, VM-DE2 192.168.50.88).
Will this setup require an L3 switch?
Does the diagram correspond to what is to be set up?
ESXi Server set to VLAN 50
Trunked Ports for VLANs on the switch
Port Groups with VLANs
Etc..
Will this setup require an L3 switch?
Also
Is it possible to set his up using pfsense and not connect to a physical switch?
Something like a sandbox set up with no physical switch backing?
thanks
ASKER
thanks,,,,I found out the switch we may use is a Cisco SG300-52 (i think an L3).
Following the diagram, are there any particular settings on the switch that needs to be set other than setting up the VLANs and setting the ports as trunk ports?
Also, i am not sure why the guide has ESXi server is set to a VLAN (50).
I don't recall ever having to set the VLAN ID at the console after installation.
Test-vSwitch-and-VLANs.jpg
Following the diagram, are there any particular settings on the switch that needs to be set other than setting up the VLANs and setting the ports as trunk ports?
Also, i am not sure why the guide has ESXi server is set to a VLAN (50).
I don't recall ever having to set the VLAN ID at the console after installation.
Test-vSwitch-and-VLANs.jpg
If you have a L3 switch, then no issues - just need to ensure correct configuration.
Just setup VLAN and Trunks (do not use LACP - not supported), static trunks, etherchannel.
Just setup VLAN and Trunks (do not use LACP - not supported), static trunks, etherchannel.
ASKER
ok,,,,
why set the VLAN id to 50 for the ESXi host?
on other task, we have used port groups with VALN IDs on vSwitch(s), set switch ports to trunks, and have not set the ESXi VLAN ID.
why set the VLAN id to 50 for the ESXi host?
on other task, we have used port groups with VALN IDs on vSwitch(s), set switch ports to trunks, and have not set the ESXi VLAN ID.
Because you want to isolate ESXi traffic ?
ASKER
isolate from what ?
we are on a test/dev network,,nothing else,.,,
do we need to set the ESXi VLAN ID to 50?
we are on a test/dev network,,nothing else,.,,
do we need to set the ESXi VLAN ID to 50?
You do not need to set it to anything, it depends what you are trying to achieve.
Some organisations have a Management VLAN, where all management traffic passes.
So users cannot access and configure servers, network switches, access points etc
Some organisations have a Management VLAN, where all management traffic passes.
So users cannot access and configure servers, network switches, access points etc
ASKER
which mode drops tagged data from the physical switch at the vSwitch? EST mode?
ASKER
yes,,
i was considering
What the vSphere switch does with untagged data received from the physical switch, ?
Doesn't it depend on how the physical switch ports are configured?
If there are 3 switch ports as access ports in VLAN 10 and i have a standard vSwitch set with no vlan IDs (portgroups), and the packet received on VLAN 10 is untagged, they would be received at the vSwitch and sent to the VM [EST Mode]. If by chance the packet is sent to VLAN 10 with tagged data , it is dropped an not received at the vSwitch?
i was considering
What the vSphere switch does with untagged data received from the physical switch, ?
Doesn't it depend on how the physical switch ports are configured?
If there are 3 switch ports as access ports in VLAN 10 and i have a standard vSwitch set with no vlan IDs (portgroups), and the packet received on VLAN 10 is untagged, they would be received at the vSwitch and sent to the VM [EST Mode]. If by chance the packet is sent to VLAN 10 with tagged data , it is dropped an not received at the vSwitch?
Your switch ports in VLAN 10 if they are access ports, may not have a VLAN Tag.
Untagged traffic will flow right through the vSwitch to the vSwitch ports (portgroups).
just like a physical switch with no tags on traffic.
If traffic has a tag, it will be directed to the Portgroup which has a matching tag.
Untagged traffic will flow right through the vSwitch to the vSwitch ports (portgroups).
just like a physical switch with no tags on traffic.
If traffic has a tag, it will be directed to the Portgroup which has a matching tag.
ASKER
ok,
your first two responses then are EST mode?
"Your switch ports in VLAN 10 if they are access ports, may not have a VLAN Tag."
"Untagged traffic will flow right through the vSwitch to the vSwitch ports (portgroups)."
your last comment is VST mode ? (in that the VLAN is tagged and traffic with the TAG will be sent to the vSwitch which has a portgroup with a VLAN ID)
"traffic has a tag, it will be directed to the Portgroup which has a matching tag."
your first two responses then are EST mode?
"Your switch ports in VLAN 10 if they are access ports, may not have a VLAN Tag."
"Untagged traffic will flow right through the vSwitch to the vSwitch ports (portgroups)."
your last comment is VST mode ? (in that the VLAN is tagged and traffic with the TAG will be sent to the vSwitch which has a portgroup with a VLAN ID)
"traffic has a tag, it will be directed to the Portgroup which has a matching tag."
ASKER
thanks,,,i assumed i had the correct nomenclature .
the reason i asked this,,,,going back to the original diagram i posted,,,
i created this diagram based on a r user manual setup of the ESXi
another engineer wants the ability to have the VMs in the diagram to be able to communicate with software on another platform.
he wants to remove the ESXi from the switch I was defining for them (with trunked ports) and connect it to his switch (not sure of the config yet - may be just access ports with VLANs).
If we plug the ESXi Server into an access port on his switch, that will mean changes on the virtual switch set up
remove the VLAN ID of 50 on the ESXi host
Remove VLAN ID tags on the port groups ..
However,
Without routing, the VMs will not be able to communicate with each other (different networks) to the other system(s) connected to his
switch?
the reason i asked this,,,,going back to the original diagram i posted,,,
i created this diagram based on a r user manual setup of the ESXi
another engineer wants the ability to have the VMs in the diagram to be able to communicate with software on another platform.
he wants to remove the ESXi from the switch I was defining for them (with trunked ports) and connect it to his switch (not sure of the config yet - may be just access ports with VLANs).
If we plug the ESXi Server into an access port on his switch, that will mean changes on the virtual switch set up
remove the VLAN ID of 50 on the ESXi host
Remove VLAN ID tags on the port groups ..
However,
Without routing, the VMs will not be able to communicate with each other (different networks) to the other system(s) connected to his
switch?
Correct, he will need some sort of router, for traffic to pass between networks, and VLANs.
Buy he does not need to use VLANS for routing, he could use a PC with two network interfaces, and create a router.
Buy he does not need to use VLANS for routing, he could use a PC with two network interfaces, and create a router.
ASKER
but how do the VMs and ESXi communicate wit each other if they are in different networks (10.10.10.0/26), (192.168.50.0/24)
They don't, or don't have to....
ESXi is just a Host.
Why do you think Hosts and Guests have to communicate ?
ESXi is just a Host.
Why do you think Hosts and Guests have to communicate ?
ASKER
not esxi,,,,but there are VMs with 192.168.50.0/24 in VLAN 20
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i have explained that the only VMs can communicate to other systems in different networks via their switch is by a reconfiguration of the switch and a router...
how would a PC work as you mentioned as a router?
...we can't use wireless in the lab
how would a PC work as you mentioned as a router?
...we can't use wireless in the lab
A PC with two network interfaces can act as a Router!
Your VLAN Tags need to go somewhere and be understood by a physical switch (or virtual machine switch)
You can use Pfsense, Vyatt, Freesco virtual network switches for this purpose.