Hi,

I'm creating a lab in my ESXi (192.168.1.10) server. The defualt VLAN (VMNetwork) connected to ESXi is VLAN 1. So the VMs with IP 192.168.1.xx. is able to communicate to outer network.

But I created a new VLAN 25 in my ESXi and added two VMs in that ESXi. The communication between these two VMs is perfect.

My question is, what should I do if I need these 2 VMs to communicate to a VM hosted in another ESXi with VLAN 25?

Thanks,

Nithin

Hi Nithin,

You will need to configure VLAN 25 on the other ESXi vSwitch and also configure VLAN 25 on the uplink physical switches.

Does the uplink physical switches that connect to ESXi supports VLAN?

You can screenshot your ESXi network configuration too so we have a clearer picture of your configuration

Hi Bayu,

I do not want to make any changes in the existing switch configurations. Any other way we can make it communicate ?

Regards,

Nithin

If you want to use VLAN tagging, you will need to make changes in the physical switches, see this KB article:

VMware KB: Sample configuration of virtual switch VLAN tagging (VST Mode)

If you don't want to make any changes, then you cannot use VLAN tagging / assign VLAN to the port groups.

Thanks for your reply Bayu.

One more thing, what if I choose a VLAN (say VLAN 3), which is already configured in the physical switch instead of VLAN 25 ?

What should be the gateway of the VM configured in this VLAN ?

I need the machines in VLAN 3 to communicate with the physical network.

Both VLANs have its own gateway (say 192.168.1.2 & 192.168.3.2). But my doubt is like how can we make a VM in VLAN 3 communicate with other servers in VLAN 3 when the VM is hosted in an ESXi with uplink in VLAN 1.

Is the gateway on physical switch?
You should configure the uplink in multiple VLAN, the sample is described in the KB I have provided in above post.

I could be off on this one but I think where he is getting tripped up is the routing.  Even on the same switch network if you don't have a layer 3 switch I don't belive the VLANS will route unless you put static routes in your VM's.  With some VM's on VLAN 3 and others on VLAN 25 he would have to put a route into his router / firewall to allow traffic to go between VLAN 25 and VLAN 3

Since VLANs exist in their own layer 3 subnet, routing will need to occur for traffic to flow in between VLANs.  This is where a layer 3 switch can be utilized.  A Layer 3 switch is basically a switch that can perform routing functions in addition to switching.  A client computer requires a default gateway for layer 3 connectivity to remote subnets.  When the computer sends traffic to another subnet, the destination MAC address in the packet will be that of the default gateway, which will then accept the packet at layer 2, and proceed to route the traffic to the appropriate destination based on its routing table.

I could be off on this tho,

Are you using stand vSwitches or VDS?

We are using vSS in the host connected to a L3 switch. I was just looking for a resolution which do not require a Switch configuration

Well lets go back to the original question:

But I created a new VLAN 25 in my ESXi and added two VMs in that ESXi. The communication between these two VMs is perfect.

My question is, what should I do if I need these 2 VMs to communicate to a VM hosted in another ESXi with VLAN 25?

If you only want your VM's in VLAN 25 on HOST A to talk to other VM's in VLAN 25 in HOST B you will need to set it up like the attached picture:

Your psyhical switch needs the VLAN tagged on the ports so it knows how to route the traffic.  Now I'm assuming your default VLAN on all your switchs is 1 as that is pretty standard.  VLAN 1 also gets passed reguardless so you will probably only have to tag the ports with VLAN 25.  Once the ports are all tagged with that VLAN they will be able to talk successfully.  Right now what is happening is your 2 VM's in the vSwitch can talk becuase they are both on the same vSwitch with the VLAN tagged on it, however when you try to talk to another VM on another host the packet gets to your psyhical switch and doesn't see a tag on that port so it drops it.  The only ports you would have to add that VLAN tag to are the ones your psyhical nics on the host with that vSS are plugged into.

I hope this has helped or made things more clear