Author: Rusty Hann URL: www.rustyhann.com How to Create VLANs Within a Virtual Switch in VMware ESXi I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support for the information herein. If you do not understand something, figure it out on your own. If you need help figuring it out, use Google to solve your problems. Introduction VLANs in ESXi allow you to create disparate networks on the same virtual switch in VMware. They also allow you to connect a virtual switch, with the proper VLAN ID, to a physical switch that has the same VLAN ID assigned to it. Proper VLAN configuration on the physical switch is absolutely necessary to have physical hosts on a VLAN communicate with virtual hosts within the ESXi virtualization environment. This tutorial will cover two topics. The first portion of this tutorial will cover how to properly setup a Cisco switch to pass VLAN traffic to the ESXi hypervisor. The second portion of this tutorial will cover how to create a VLAN within an ESXi virtual switch and properly set switch characteristics to successfully receive and transmit VLAN traffic within the virtual and physical networking environments. For further information, refer to VMware Knowledge Base article located (at the time of this writing) at http://kb.vmware.com/selfservice/microsites/search.do?language=en US&cmd=displayKC&externalId= 1004074 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com Cisco Switch Setup To begin properly setting up a Cisco switch to pass VLAN traffic to the ESXi hypervisor, start by creating the VLANs on the physical switch itself. When the proper VLANs have been created, proceed by creating a trunk port which is connected to the physical server hosting the ESXi hypervisor. The connection being made to the physical switch trunk port must be assigned to the virtual switch you wish to pass traffic to. 802.1q VLAN encapsulation must be enabled on the switch in order for ESXi to properly assign traffic to the correct VLAN ID within the virtual switch. Spanning tree protocol must be set to portfast trunk. The most critical configuration setting for successfully assigning VLAN traffic to an ESXi hypervisor regards VLAN traffic of the native VLAN on the physical switch you are using. A BEST PRACTICE IS TO NOT PASS TRAFFIC FROM THE NATIVE VLAN TO THE ESXi HOST. All traffic going to a virtual switch from a physical switch, or vice versa, must be tagged with a VLAN ID. On a Cisco switch, the native VLAN ID is set to the default value of 1. Any traffic passing on that switch should have a DIFFERENT VLAN ID when traveling to the ESXi host. If you have a management network, assign it a different VLAN ID from the native VLAN ID (1). This will ease troubleshooting and implementation significantly. Changing the native VLAN ID of a Cisco switch, or any switch for that matter, will not facilitate communication. In the case of a Cisco switch, leave the native VLAN ID set to its default value of 1, and assign all traffic on the switch to a designated VLAN. To put it simply, all ports on the switch must be part of a designated VLAN that is NOT the default VLAN. The following is a sample Cisco switch configuration: Interface GigabitEthernet1/2 switchport switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate no ip address spanning-tree portfast trunk This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com Steps 1. Start at the Inventory screen of the vSphere client. NOTES: This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com 2. Highlight the Configuration tab and click the Networking link. Then click Properties of the virtual switch you wish to add a VLAN ID to. NOTES: In this tutorial I am adding a VLAN to vSwitch0. This is done to simulate a home environment where multiple NICS may not be present. This is not a best practice. vSwitch0 should ideally be set aside for a dedicated management network. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com 3. Click the Add button. NOTES: The NIC teaming policy is set to its default value of, "Route based on originating virtual port ID", and will not be addressed in this tutorial. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com 4. Ensure the Connection Type Virtual Machine is selected and click the Next button. NOTES: This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com 5. Give the VLAN a Network Label and VLAN ID, then click the Next button. NOTES: This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com 6. Click the Finish button. NOTES: You should see the VLAN you created under the Virtual Machine Port Group of the vSwitch you are working with. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com Wrap Up Take note of the new Network Label included with, in this example, vSwitch0. Traffic originating on VLAN ID 100, from a physical host, will be passed through switch and physical NIC, tagged with the appropriate VLAN ID (100), and then passed to the appropriate virtual machine located on Virtual Machine Port Group "Test" with VLAN ID 100. This will hold true for any traffic originating on any VLAN, as long as the physical switch and virtual switch are properly setup. NOTES: The, "Main", Virtual Machine Port Group is still present. This can be deleted if desired. Deleting the Virtual Machine Port Group, "Main", will not affect VLAN traffic nor improve performance. I usually do not delete the, "Main", port group. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Author: Rusty Hann URL: www.rustyhann.com Troubleshooting • • • • • • • • Ensure the physical switch is properly configured Ensure the uplink to the server hosting the ESXi hypervisor is set to trunk mode Ensure traffic is not being mistakenly passed on the native VLAN of the physical switch Ensure your VLAN IDs match Ensure physical connectivity is correct Ensure the physical NIC is assigned to the correct virtual switch Ensure the network settings of the virtual machine(s) are correct (IP Address, default gateway, subnet mask, etc.) Ensure Inter-VLAN routing is correctly setup if present I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support for the information herein. If you do not understand something, figure it out on your own. If you need help figuring it out, use Google to solve your problems. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.