vSphere vNetwork

 View Only
  • 1.  How to setup DMZ on vSphere Infrastructure

    Posted Jan 21, 2020 01:07 AM

    Hi,

    My client have DMZ network on HyperV. And wants to migrate their VMs on vSphere 6.7. But we unable to ping the DMZ network on HyperV. I thought we missed out some requirements or other configurations.

    We have 4 ESXi hosts, used vmnic2 and vmnic3 (both 1G), we assign these vmnics on vSwitch1 (VSS) and create port group named as DMZ Network with an VLAN ID of 50. vSwitch1 is in Route based originating virtual port, NIC teaming on vmnic 2 and vmnic 3 are both active.

    I emailed their Network Administrator if he did the following steps below that I saw in this KB. VMware Knowledge Base

    This sample is a supported Cisco Trunk Port configuration:

    interface GigabitEthernet1/2
    switchport (Set to layer 2 switching)
    switchport trunk encapsulation dot1q (ESXi/ESX only supports dot1q, not ISL)
    switchport trunk allowed vlan 10-100 (Allowed VLAN to ESXi/ESX. Ensure ESXi/ESX VLANs are allowed)
    switchport mode trunk (Set to Trunk Mode)
    switchport nonegotiate (DTP is not supported)
    no ip address
    no cdp enable (ESXi/ESX 3.5 or higher supports CDP)
    spanning-tree portfast trunk (Allows the port to start forwarding packets immediately on linkup)

    Note: For more information on configuring your physical network switch, contact your switch vendor.


  • 2.  RE: How to setup DMZ on vSphere Infrastructure

    Broadcom Employee
    Posted Jan 21, 2020 06:50 AM

    Moderator: Moved to vSphere vNetwork



  • 3.  RE: How to setup DMZ on vSphere Infrastructure
    Best Answer

    Posted Jan 21, 2020 07:31 AM

    Sounds like the VLAN hasnt been trunked, did your network administrator get back to you to confirm whether the switch ports are correct?



  • 4.  RE: How to setup DMZ on vSphere Infrastructure

    Posted Jan 21, 2020 08:44 AM

    Hi,

    I emailed the Network Administrator, he replied.

    "Our DMZ switch is L2 only. The switch port configuration that is connected to the Dell Server is only access mode tagged to DMZ Vlan. I will change this trunk and allowed only the DMZ vlan, since Dell servers only support trunking."

    After a while he emailed again.

    "Done changing the switchport to trunk, please check again on your end."

    Then just now the System Administrator replied that it is now working.

    "Server in DMZ is now working. I moved the container also and tested it already."

    Thank You T180985