VCAP5-DCA Objective 2.2 – Configure and Maintain VLANs, PVLANs and VLAN Settings

Knowledge

  • Identify types of VLANs and PVLANs

Skills and Abilities

  • Determine use cases for and configure VLAN Trunking
  • Determine use cases for and configure PVLANs
  • Use command line tools to troubleshoot and identify VLAN configurations

Determine use cases for and configure VLAN Trunking

Official Documentation:

vSphere Networking, Chapter 7 “Advanced Networking”, Section, “VLAN Configuration”, page 68
VLAN Configuration

Virtual LANs (VLANs) enable a single physical LAN segment to be further segmented so that groups of ports are isolated from one another as if they were on physically different segments.

Configuring ESXi with VLANs is recommended for the following reasons.

  • It integrates the host into a pre-existing environment.
  • It secures network traffic.
  • It reduces network traffic congestion.
  • iSCSI traffic requires an isolated network.

You can configure VLANs in ESXi using three methods: External Switch Tagging (EST), Virtual Switch Tagging (VST), and Virtual Guest Tagging (VGT).

With EST, all VLAN tagging of packets is performed on the physical switch. Host network adapters are connected to access ports on the physical switch. Port groups that are connected to the virtual switch must have their VLAN ID set to 0.

With VST, all VLAN tagging of packets is performed by the virtual switch before leaving the host. Host network adapters must be connected to trunk ports on the physical switch. Port groups that are connected to the virtual switch must have an appropriate VLAN ID specified.

With VGT, all VLAN tagging is performed by the virtual machine. VLAN tags are preserved between the virtual machine networking stack and external switch when frames are passed to and from virtual switches.

Physical switch ports are set to trunk port.

NOTE When using VGT, you must have an 802.1Q VLAN trunking driver installed on the virtual machine.
More information

  • VMware KB 1003806 VLAN Configuration on Virtual Switch, Physical Switch, and Virtual Machines. Also info on External Switch Tagging (EST), Virtual Switch Tagging (VST), Virtual Guest Tagging (VGT)

Determine use cases for and configure PVLANs

vSphere Networking, Chapter 3 “Setting up Networking with vSphere Distributed Switches”, Section “Private VLANs”, page 27.
Private VLANs

Private VLANs are used to solve VLAN ID limitations and waste of IP addresses for certain network setups.

A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. Primary VLANs are Promiscuous, so that ports on a private VLAN can communicate with ports configured as the primary VLAN. Ports on a secondary VLAN can be either Isolated, communicating only with promiscuous ports, or Community, communicating with both promiscuous ports and other ports on the same secondary VLAN.

To use private VLANs between a host and the rest of the physical network, the physical switch connected to the host needs to be private VLAN-capable and configured with the VLAN IDs being used by ESXi for the private VLAN functionality. For physical switches using dynamic MAC+VLAN ID based learning, all corresponding private VLAN IDs must be first entered into the switch’s VLAN database.

To configure distributed ports to use Private VLAN functionality, you must create the necessary Private VLANs on the vSphere distributed switch to which the distributed ports are connected.

Picture Source: http://blog.axiomdynamics.com/2010/04/vsphere-private-vlans-explained-in.html

Create a Private VLAN

You can create a private VLAN for use on a vSphere distributed switch and its associated distributed ports.
Procedure

  1. Log in to the vSphere Client and select the Networking inventory view.
  2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
  3. Select the Private VLAN tab.
  4. Under Primary Private VLAN ID, click [Enter a Private VLAN ID here], and enter the number of the
  5. primary private VLAN.
  6. Click anywhere in the dialog box, and then select the primary private VLAN that you just added. The primary private VLAN you added appears under Secondary Private VLAN ID.
  7. For each new secondary private VLAN, click [Enter a Private VLAN ID here] under Secondary Private VLAN ID, and enter the number of the secondary private VLAN.
  8. Click anywhere in the dialog box, select the secondary private VLAN that you just added, and select either Isolated or Community for the port type.
  9. Click OK.

Remove a Primary Private VLAN

Remove unused primary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites

Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure

  1. Log in to the vSphere Client and select the Networking inventory view.
  2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
  3. Select the Private VLAN tab.
  4. Select the primary private VLAN to remove.
  5. Click Remove under Primary Private VLAN ID, and click OK.
    Removing a primary private VLAN also removes all associated secondary private VLANs.

Remove a Secondary Private VLAN

Remove unused secondary private VLANs from the networking inventory view of the vSphere Client.
Prerequisites

Before removing a private VLAN, be sure that no port groups are configured to use it.
Procedure

  1. Log in to the vSphere Client and select the Networking inventory view.
  2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.
  3. Select the Private VLAN tab.
  4. Select a primary private VLAN to display its associated secondary private VLANs.
  5. Select the secondary private VLAN to remove.
  6. Click Remove under Secondary Private VLAN ID, and click OK.

More information

Use command line tools to troubleshoot and identify VLAN configurations

Official Documentation:

vSphere 5 Command-Line Documentation. Command vicfg-vswitch, vicfg-vmknic, vicfg-nics.
The important commands are:

  • vicfgvswitch
  • vicfg-vmknic
  • vicfgnics

vicfgvswitch

vicfg-vswitch – create and configure virtual switches and port groups.

The vicfg-vswitch command adds or removes virtual switches or modifies virtual switch settings. A virtual switch is an abstracted network device. It can route traffic internally between virtual machines and link to external networks. The ESX Configuration Guide and the ESXi Configuration Guide discuss virtual switches, vNetwork Distributed Switches (vDS), port groups, and vDS port groups. The vSphere CLI manual presents some sample scenarios.

By default,each ESX/ESXi host has a single virtual switch called vSwitch0.

See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-vswitch.html
vicfg-vmknic

vicfg-vmknic – configure virtual network adapters

The vicfg-vmknic command configures VMkernel NICs (virtual network adapters).

Use the esxcli swisis nic command to specify NIC bindings for VMkernel NICs.

See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-vmknic.html
vicfgnics

vicfg-nics – get information, set speed and duplex for ESX/ESXi physical NICs

The vicfg-nics command manages uplink adapters, that is, the Ethernet switches used by an ESX/ESXi host. You can use vicfg-nics to list the VMkernel name for the uplink adapter, its PCI ID, driver, link state, speed, duplex setting, MAC address and a short PCI description of the card. You can also specify speed and duplex settings for an uplink adapter.

See for more information about this command, http://pubs.vmware.com/vsphere-50/topic/com.vmware.vcli.ref.doc_50/vicfg-nics.html

Other exam notes

VMware vSphere official documentation

VMware vSphere Basics Guide html pdf epub mobi
vSphere Installation and Setup Guide html pdf epub mobi
vSphere Upgrade Guide html pdf epub mobi
vCenter Server and Host Management Guide html pdf epub mobi
vSphere Virtual Machine Administration Guide html pdf epub mobi
vSphere Host Profiles Guide html pdf epub mobi
vSphere Networking Guide html pdf epub mobi
vSphere Storage Guide html pdf epub mobi
vSphere Security Guide html pdf epub mobi
vSphere Resource Management Guide html pdf epub mobi
vSphere Availability Guide html pdf epub mobi
vSphere Monitoring and Performance Guide html pdf epub mobi
vSphere Troubleshooting html pdf epub mobi
VMware vSphere Examples and Scenarios Guide html pdf epub mobi

Related articles:

Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.

Marco

Marco works for ViaData as a Senior Technical Consultant. He has over 15 years experience as a system engineer and consultant, specialized in virtualization. VMware VCP4, VCP5-DC & VCP5-DT. VMware vExpert 2013, 2014,2015 & 2016. Microsoft MCSE & MCITP Enterprise Administrator. Veeam VMSP, VMTSP & VMCE.