Knowledge
- Identify types of VLANs and PVLANs
Skills and Abilities
- Determine use cases for and configure VLAN Trunking
- Determine use cases for and configure PVLANs
-
Use command line tools to troubleshoot and identify VLAN configurations
Determine use cases for and configure VLAN Trunking
Official Documentation:
vSphere Networking, Chapter 7 “Advanced Networking”, Section, “VLAN Configuration”, page 68
VLAN Configuration
Virtual LANs (VLANs) enable a single physical LAN segment to be further segmented so that groups of ports are isolated from one another as if they were on physically different segments.
Configuring ESXi with VLANs is recommended for the following reasons.
- It integrates the host into a pre-existing environment.
- It secures network traffic.
- It reduces network traffic congestion.
- iSCSI traffic requires an isolated network.
You can configure VLANs in ESXi using three methods: External Switch Tagging (EST), Virtual Switch Tagging (VST), and Virtual Guest Tagging (VGT).
With EST, all VLAN tagging of packets is performed on the physical switch. Host network adapters are connected to access ports on the physical switch. Port groups that are connected to the virtual switch must have their VLAN ID set to 0.
With VST, all VLAN tagging of packets is performed by the virtual switch before leaving the host. Host network adapters must be connected to trunk ports on the physical switch. Port groups that are connected to the virtual switch must have an appropriate VLAN ID specified.
With VGT, all VLAN tagging is performed by the virtual machine. VLAN tags are preserved between the virtual machine networking stack and external switch when frames are passed to and from virtual switches.
Physical switch ports are set to trunk port.
NOTE When using VGT, you must have an 802.1Q VLAN trunking driver installed on the virtual machine.
More information
- VMware KB 1003806 VLAN Configuration on Virtual Switch, Physical Switch, and Virtual Machines. Also info on External Switch Tagging (EST), Virtual Switch Tagging (VST), Virtual Guest Tagging (VGT)
Determine use cases for and configure PVLANs
vSphere Networking, Chapter 3 “Setting up Networking with vSphere Distributed Switches”, Section “Private VLANs”, page 27.
Private VLANs
Private VLANs are used to solve VLAN ID limitations and waste of IP addresses for certain network setups.
A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. Primary VLANs are Promiscuous, so that ports on a private VLAN can communicate with ports configured as the primary VLAN. Ports on a secondary VLAN can be either Isolated, communicating only with promiscuous ports, or Community, communicating with both promiscuous ports and other ports on the same secondary VLAN.
To use private VLANs between a host and the rest of the physical network, the physical switch connected to the host needs to be private VLAN-capable and configured with the VLAN IDs being used by ESXi for the private VLAN functionality. For physical switches using dynamic MAC+VLAN ID based learning, all corresponding private VLAN IDs must be first entered into the switch’s VLAN database.
To configure distributed ports to use Private VLAN functionality, you must create the necessary Private VLANs on the vSphere distributed switch to which the distributed ports are connected.
Picture Source: http://blog.axiomdynamics.com/2010/04/vsphere-private-vlans-explained-in.html
Create a Private VLAN
You can create a private VLAN for use on a vSphere distributed switch and its associated distributed ports.
Procedure
- Log in to the vSphere Client and select the Networking inventory view.
- Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
- Select the Private VLAN tab.
- Under Primary Private VLAN ID, click [Enter a Private VLAN ID here], and enter the number of the
- primary private VLAN.
- Click anywhere in the dialog box, and then select the primary private VLAN that you just added. The primary private VLAN you added appears under Secondary Private VLAN ID.
- For each new secondary private VLAN, click [Enter a Private VLAN ID here] under Secondary Private VLAN ID, and enter the number of the secondary private VLAN.
- Click anywhere in the dialog box, select the secondary private VLAN that you just added, and select either Isolated or Community for the port type.
- Click OK.
Remove a Primary Private VLAN
Remove unused primary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
- Log in to the vSphere Client and select the Networking inventory view.
- Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
- Select the Private VLAN tab.
- Select the primary private VLAN to remove.
- Click Remove under Primary Private VLAN ID, and click OK.
Removing a primary private VLAN also removes all associated secondary private VLANs.
Remove a Secondary Private VLAN
Remove unused secondary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites
Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure
- Log in to the vSphere Client and select the Networking inventory view.
- Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
- Select the Private VLAN tab.
- Select a primary private VLAN to display its associated secondary private VLANs.
- Select the secondary private VLAN to remove.
- Click Remove under Secondary Private VLAN ID, and click OK.
More information
- VMware KB Article 1010691 Private VLAN (PVLAN) on vNetwork Distributed Switch – Concept Overview
- VMware KB Article 1010703 Configuration of Private VLAN (PVLAN) on vNetwork Distributed Switch
- Chris Wahl’s blog: Understanding vSphere Private VLANs For Fun and Profit
- Eric Sloof blog: Online Training – Configure Private VLAN IDs
Use command line tools to troubleshoot and identify VLAN configurations
Official Documentation:
vSphere 5 Command-Line Documentation. Command vicfg-vswitch, vicfg-vmknic, vicfg-nics.
The important commands are:
- vicfgvswitch
- vicfg-vmknic
- vicfgnics
vicfgvswitch
vicfg-vswitch – create and configure virtual switches and port groups.
The vicfg-vswitch command adds or removes virtual switches or modifies virtual switch settings. A virtual switch is an abstracted network device. It can route traffic internally between virtual machines and link to external networks. The ESX Configuration Guide and the ESXi Configuration Guide discuss virtual switches, vNetwork Distributed Switches (vDS), port groups, and vDS port groups. The vSphere CLI manual presents some sample scenarios.
By default,each ESX/ESXi host has a single virtual switch called vSwitch0.
See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-vswitch.html
vicfg-vmknic
vicfg-vmknic – configure virtual network adapters
The vicfg-vmknic command configures VMkernel NICs (virtual network adapters).
Use the esxcli swisis nic command to specify NIC bindings for VMkernel NICs.
See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-vmknic.html
vicfgnics
vicfg-nics – get information, set speed and duplex for ESX/ESXi physical NICs
The vicfg-nics command manages uplink adapters, that is, the Ethernet switches used by an ESX/ESXi host. You can use vicfg-nics to list the VMkernel name for the uplink adapter, its PCI ID, driver, link state, speed, duplex setting, MAC address and a short PCI description of the card. You can also specify speed and duplex settings for an uplink adapter.
See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-nics.html
Other exam notes
- The Saffageek VCAP5-DCA Objectives http://thesaffageek.co.uk/vcap5-dca-objectives/
- Paul Grevink The VCAP5-DCA diaries http://paulgrevink.wordpress.com/the-vcap5-dca-diaries/
- Edward Grigson VCAP5-DCA notes http://www.vexperienced.co.uk/vcap5-dca/
- Jason Langer VCAP-DCA notes http://www.virtuallanger.com/vcap-dca-5/
- The Foglite VCAP5-DCA notes http://thefoglite.com/vcap-dca5-objective/
VMware vSphere official documentation
| VMware vSphere Basics Guide | html | epub | mobi | |
| vSphere Installation and Setup Guide | html | epub | mobi | |
| vSphere Upgrade Guide | html | epub | mobi | |
| vCenter Server and Host Management Guide | html | epub | mobi | |
| vSphere Virtual Machine Administration Guide | html | epub | mobi | |
| vSphere Host Profiles Guide | html | epub | mobi | |
| vSphere Networking Guide | html | epub | mobi | |
| vSphere Storage Guide | html | epub | mobi | |
| vSphere Security Guide | html | epub | mobi | |
| vSphere Resource Management Guide | html | epub | mobi | |
| vSphere Availability Guide | html | epub | mobi | |
| vSphere Monitoring and Performance Guide | html | epub | mobi | |
| vSphere Troubleshooting | html | epub | mobi | |
| VMware vSphere Examples and Scenarios Guide | html | epub | mobi |
Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.
