asked on
How to route across vLans to virtual machines on ESXi host
I am trying to add a VMware ESXi 6.5 host with 3 virtual machines to our network and I am having an issue with the routing.
The network is divided up into several vLans. the two I am using are vlan100 for servers and vlan200 for desktops. There is route between vLan100 and vLan200. Machines on one can see machines on the other.
We are using layer 2 switches and a layer 3 router.
vLan 100 is configured with port 1 tagged and attached to the router. Ports 2-24 are untagged. PVID is set to 100 on all ports
vLan 200 is configued with port 25 tagged and attached to the router. Ports 26-48 are untagged. PVID is set to 200 on all ports
Routes have been added to the router to pass traffic between vLan100 and vLan200
Workstations are all connected to vLan 200 and our servers are connected to vLan100. Using all physical machines i have no issues and everything works fine. I wanted to add a VMware ESXi server on which I have configured 3 servers. I attached it to port 15 and as able to ping it from computers connected to vLan100 but not from vLan200. I tagged port 15 and added vLan100 to the ESXi host with the same results.
How do I get the workstations on vLan200 to communicate the virtual machines on my ESXi host?![Network layout summary]()
![ESXi vswitch Layout]()
The network is divided up into several vLans. the two I am using are vlan100 for servers and vlan200 for desktops. There is route between vLan100 and vLan200. Machines on one can see machines on the other.
We are using layer 2 switches and a layer 3 router.
vLan 100 is configured with port 1 tagged and attached to the router. Ports 2-24 are untagged. PVID is set to 100 on all ports
vLan 200 is configued with port 25 tagged and attached to the router. Ports 26-48 are untagged. PVID is set to 200 on all ports
Routes have been added to the router to pass traffic between vLan100 and vLan200
Workstations are all connected to vLan 200 and our servers are connected to vLan100. Using all physical machines i have no issues and everything works fine. I wanted to add a VMware ESXi server on which I have configured 3 servers. I attached it to port 15 and as able to ping it from computers connected to vLan100 but not from vLan200. I tagged port 15 and added vLan100 to the ESXi host with the same results.
How do I get the workstations on vLan200 to communicate the virtual machines on my ESXi host?
* intervlan routingNetworkingVMware
Last Comment
qvfps
OH, point of clarification, not sure there is such classification as a level three router.
Switches can either be level 2 or level 3
Presumably you have a trunk feed to the level2 over which all your defined vlan traffic flows.
The traffic is the dispersed based on the port tag ..
Level 2 advantage if not mistaken is higher throughput, faster switching, disadvantage, inter vlan traffic has to flow back to the rourer.
In a large env. Router feeds level 2 switch feeds level 3 switches
Switches can either be level 2 or level 3
Presumably you have a trunk feed to the level2 over which all your defined vlan traffic flows.
The traffic is the dispersed based on the port tag ..
Level 2 advantage if not mistaken is higher throughput, faster switching, disadvantage, inter vlan traffic has to flow back to the rourer.
In a large env. Router feeds level 2 switch feeds level 3 switches
You need a Router, or setup inter-VLAN-routing.
There is no function in ESXI that does this.
There is no function in ESXI that does this.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
Sorry, I'm working on a couple of different things. vLan50 was a mistake on my part. The server is connected to vLan100 on the layer2 switch and I have setup vLan100 on the ESXi server as per the attached image.
ASKER
I currently have routing setup up between physical devices on vLan100 and vLan200. It is getting to the virtual machines on the ESXi host I am having problems with.
You have
The port Tagged as VLAn 100
you then within the VLAN tag packets as VLAn100
That would be unnecessary.
The odd part from your image is that you are not reflecting the IPS you assigned to the VM. you are showing mac address?
Are you looking for the IPs to the VMs to be assigned by a DHCP server on the router?
The port Tagged as VLAn 100
you then within the VLAN tag packets as VLAn100
That would be unnecessary.
The odd part from your image is that you are not reflecting the IPS you assigned to the VM. you are showing mac address?
Are you looking for the IPs to the VMs to be assigned by a DHCP server on the router?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
The servers are assigned static IPs in the same range as everything else connected to vLan100. Traffic between the vlan100 and vlan200 is through a router.
I have tried tagging the port the ESXi host is connected to and creating vlan100 on the host and using an untagged port with no vlan defined on the ESXi host with the same results.
I have tried tagging the port the ESXi host is connected to and creating vlan100 on the host and using an untagged port with no vlan defined on the ESXi host with the same results.
Create a trunk port on the switch you connect to the ESXi host, with all the tagged VLANs, e.g. 100 and 200.
then create virtual machine Portgroups with the numbers 100 and 200 as the TAG, and then connect these to the switch which is connected to the static trunk.
then select these portgroups in each VM, next to their network interface.
This will connect VMs to vLAN 100 and vLAN 200 but it will not create any routing.
ESXi does not have a routing function, just switch.
if you want to route, you will need a virtual router VM with two nics connected to VLAN 100 and VLAN 200.
then create virtual machine Portgroups with the numbers 100 and 200 as the TAG, and then connect these to the switch which is connected to the static trunk.
then select these portgroups in each VM, next to their network interface.
This will connect VMs to vLAN 100 and vLAN 200 but it will not create any routing.
ESXi does not have a routing function, just switch.
if you want to route, you will need a virtual router VM with two nics connected to VLAN 100 and VLAN 200.
ASKER
I did not see a way to connect a single nic on the virtual machine to more than one vlan-portgroup. Do I need to have two nics one connected to each vlan-portgroup on the host?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks for explaining that. I will try setting it on the server.
no problems
ASKER
All this time working on this and removing the Nic from the VM and re-adding it resolved the issue.
I was setting up the VLans on the Server and the nic didn't allow me to specify the network card. I removed it and re-added it and set it to vlan100 and I could see it. I started to do the same thing on another server , got interrupted and clicked ok and re-added the same nic with the same settings and suddenly it started working as well.
After that it didn't matter if I connected it to the Management network (not best practice I know) or to the data network I was able to see them and ping them from vlan200.
Thanks for the suggestions.
I was setting up the VLans on the Server and the nic didn't allow me to specify the network card. I removed it and re-added it and set it to vlan100 and I could see it. I started to do the same thing on another server , got interrupted and clicked ok and re-added the same nic with the same settings and suddenly it started working as well.
After that it didn't matter if I connected it to the Management network (not best practice I know) or to the data network I was able to see them and ping them from vlan200.
Thanks for the suggestions.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
The other option, tag the port as you have vlan100
The segments are separate between the vlans and the rputer is where you would configure the access-list to authorize traffic between the segments since you are using a level 2 switch.
A level 3 switch would have allowed for access-list, vlan rules.
Refreshed, the addition of vlan50 as the feed to the host over which the VMs communicate means the VMs you setup on vlan100 have no path out
In the absence of a trunk feed to the host, use a second Nic from the host and attach it to a vlan100 port
This way, the esx host will be accessible on ip segment configured for vlan50 while VMs will be using the vlan100 feed.
To add throughput, add the remaining three esx host nics into a lag configured ports on the switch allowing for either three gig throu put from the VMs along with redundancy if host Nic or switch port fails, cable disconnect, cable cut.