Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
How to route across vLans to virtual machines on ESXi host
I am trying to add a VMware ESXi 6.5 host with 3 virtual machines to our network and I am having an issue with the routing.
The network is divided up into several vLans. the two I am using are vlan100 for servers and vlan200 for desktops. There is route between vLan100 and vLan200. Machines on one can see machines on the other.
We are using layer 2 switches and a layer 3 router.
vLan 100 is configured with port 1 tagged and attached to the router. Ports 2-24 are untagged. PVID is set to 100 on all ports
vLan 200 is configued with port 25 tagged and attached to the router. Ports 26-48 are untagged. PVID is set to 200 on all ports
Routes have been added to the router to pass traffic between vLan100 and vLan200
Workstations are all connected to vLan 200 and our servers are connected to vLan100. Using all physical machines i have no issues and everything works fine. I wanted to add a VMware ESXi server on which I have configured 3 servers. I attached it to port 15 and as able to ping it from computers connected to vLan100 but not from vLan200. I tagged port 15 and added vLan100 to the ESXi host with the same results.
How do I get the workstations on vLan200 to communicate the virtual machines on my ESXi host?
The network is divided up into several vLans. the two I am using are vlan100 for servers and vlan200 for desktops. There is route between vLan100 and vLan200. Machines on one can see machines on the other.
We are using layer 2 switches and a layer 3 router.
vLan 100 is configured with port 1 tagged and attached to the router. Ports 2-24 are untagged. PVID is set to 100 on all ports
vLan 200 is configued with port 25 tagged and attached to the router. Ports 26-48 are untagged. PVID is set to 200 on all ports
Routes have been added to the router to pass traffic between vLan100 and vLan200
Workstations are all connected to vLan 200 and our servers are connected to vLan100. Using all physical machines i have no issues and everything works fine. I wanted to add a VMware ESXi server on which I have configured 3 servers. I attached it to port 15 and as able to ping it from computers connected to vLan100 but not from vLan200. I tagged port 15 and added vLan100 to the ESXi host with the same results.
How do I get the workstations on vLan200 to communicate the virtual machines on my ESXi host?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You would need to setup the port on the switch as a trunk to the esx host that will pass all vlans
The other option, tag the port as you have vlan100
The segments are separate between the vlans and the rputer is where you would configure the access-list to authorize traffic between the segments since you are using a level 2 switch.
A level 3 switch would have allowed for access-list, vlan rules.
Refreshed, the addition of vlan50 as the feed to the host over which the VMs communicate means the VMs you setup on vlan100 have no path out
In the absence of a trunk feed to the host, use a second Nic from the host and attach it to a vlan100 port
This way, the esx host will be accessible on ip segment configured for vlan50 while VMs will be using the vlan100 feed.
To add throughput, add the remaining three esx host nics into a lag configured ports on the switch allowing for either three gig throu put from the VMs along with redundancy if host Nic or switch port fails, cable disconnect, cable cut.
The other option, tag the port as you have vlan100
The segments are separate between the vlans and the rputer is where you would configure the access-list to authorize traffic between the segments since you are using a level 2 switch.
A level 3 switch would have allowed for access-list, vlan rules.
Refreshed, the addition of vlan50 as the feed to the host over which the VMs communicate means the VMs you setup on vlan100 have no path out
In the absence of a trunk feed to the host, use a second Nic from the host and attach it to a vlan100 port
This way, the esx host will be accessible on ip segment configured for vlan50 while VMs will be using the vlan100 feed.
To add throughput, add the remaining three esx host nics into a lag configured ports on the switch allowing for either three gig throu put from the VMs along with redundancy if host Nic or switch port fails, cable disconnect, cable cut.
OH, point of clarification, not sure there is such classification as a level three router.
Switches can either be level 2 or level 3
Presumably you have a trunk feed to the level2 over which all your defined vlan traffic flows.
The traffic is the dispersed based on the port tag ..
Level 2 advantage if not mistaken is higher throughput, faster switching, disadvantage, inter vlan traffic has to flow back to the rourer.
In a large env. Router feeds level 2 switch feeds level 3 switches
Switches can either be level 2 or level 3
Presumably you have a trunk feed to the level2 over which all your defined vlan traffic flows.
The traffic is the dispersed based on the port tag ..
Level 2 advantage if not mistaken is higher throughput, faster switching, disadvantage, inter vlan traffic has to flow back to the rourer.
In a large env. Router feeds level 2 switch feeds level 3 switches
Sorry, I'm working on a couple of different things. vLan50 was a mistake on my part. The server is connected to vLan100 on the layer2 switch and I have setup vLan100 on the ESXi server as per the attached image.
I currently have routing setup up between physical devices on vLan100 and vLan200. It is getting to the virtual machines on the ESXi host I am having problems with.
You have
The port Tagged as VLAn 100
you then within the VLAN tag packets as VLAn100
That would be unnecessary.
The odd part from your image is that you are not reflecting the IPS you assigned to the VM. you are showing mac address?
Are you looking for the IPs to the VMs to be assigned by a DHCP server on the router?
The port Tagged as VLAn 100
you then within the VLAN tag packets as VLAn100
That would be unnecessary.
The odd part from your image is that you are not reflecting the IPS you assigned to the VM. you are showing mac address?
Are you looking for the IPs to the VMs to be assigned by a DHCP server on the router?
The servers are assigned static IPs in the same range as everything else connected to vLan100. Traffic between the vlan100 and vlan200 is through a router.
I have tried tagging the port the ESXi host is connected to and creating vlan100 on the host and using an untagged port with no vlan defined on the ESXi host with the same results.
I have tried tagging the port the ESXi host is connected to and creating vlan100 on the host and using an untagged port with no vlan defined on the ESXi host with the same results.
Create a trunk port on the switch you connect to the ESXi host, with all the tagged VLANs, e.g. 100 and 200.
then create virtual machine Portgroups with the numbers 100 and 200 as the TAG, and then connect these to the switch which is connected to the static trunk.
then select these portgroups in each VM, next to their network interface.
This will connect VMs to vLAN 100 and vLAN 200 but it will not create any routing.
ESXi does not have a routing function, just switch.
if you want to route, you will need a virtual router VM with two nics connected to VLAN 100 and VLAN 200.
then create virtual machine Portgroups with the numbers 100 and 200 as the TAG, and then connect these to the switch which is connected to the static trunk.
then select these portgroups in each VM, next to their network interface.
This will connect VMs to vLAN 100 and vLAN 200 but it will not create any routing.
ESXi does not have a routing function, just switch.
if you want to route, you will need a virtual router VM with two nics connected to VLAN 100 and VLAN 200.
I did not see a way to connect a single nic on the virtual machine to more than one vlan-portgroup. Do I need to have two nics one connected to each vlan-portgroup on the host?
Yes, if you want to connect a VM to two VLANs you need two nics!
but that is not routing that's dual homed server connected to two networks!
or you can send all VLANs to a VM, using 4095 (ALL) and then use tagging in the VM!
and let the OS deal with the Tags.
but that is not routing that's dual homed server connected to two networks!
or you can send all VLANs to a VM, using 4095 (ALL) and then use tagging in the VM!
and let the OS deal with the Tags.
All this time working on this and removing the Nic from the VM and re-adding it resolved the issue.
I was setting up the VLans on the Server and the nic didn't allow me to specify the network card. I removed it and re-added it and set it to vlan100 and I could see it. I started to do the same thing on another server , got interrupted and clicked ok and re-added the same nic with the same settings and suddenly it started working as well.
After that it didn't matter if I connected it to the Management network (not best practice I know) or to the data network I was able to see them and ping them from vlan200.
Thanks for the suggestions.
I was setting up the VLans on the Server and the nic didn't allow me to specify the network card. I removed it and re-added it and set it to vlan100 and I could see it. I started to do the same thing on another server , got interrupted and clicked ok and re-added the same nic with the same settings and suddenly it started working as well.
After that it didn't matter if I connected it to the Management network (not best practice I know) or to the data network I was able to see them and ping them from vlan200.
Thanks for the suggestions.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial