VMware vSphere

 View Only
Expand all | Collapse all

Portgroups and VLAN ID

  • 1.  Portgroups and VLAN ID

    Posted Jan 04, 2022 05:06 PM

    Hello,

    I have the following concern:

    You can create a portgroup that is associated with multiple VLAN IDs, for example a single portgroup with ID 20,30,50,70.

    Because I have always created portgroups but with a VLAN ID, associated with each portgroup.

    It is an environment with vCenter and ESXi, both 7.0



  • 2.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 05:17 PM

    VLAN-Trunking - i.e. assigning multiple VLANs to a single port group - is available on Virtual Distributed Switches.

    Standard vSwitches allow only a single VLAN-ID  per port group. You may consider to assign VLAN-ID 4095, which however will pass traffic for all VLANs to the VMs

    André



  • 3.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 05:34 PM

    Hello,

    Well currently the environment is a cluster of 4 nodes, in the four ESXi there are three vswitches, one for administration, another for vmotion and another for virtual machines.

    The client has a vcenter enterprise plus license, which would allow me to create the vDS and create the trunking vlan.

    However, I could have those 4 nodes simultaneously connected to the Distributed vswitch with the standard vswitch that are already configured in the four esxi?



  • 4.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 06:10 PM

    Each vSwitch - Standard and/or Distributed - needs its own uplinks (vmnics), so unless the hosts have unused network ports, you need to do a migration. As a side note, if the physical switches are the same for Management, vMotion, and VM traffic, you may consider to merge the different networks into one distributed switch.

    Please don't mind me asking, but what's the reason to move from virtual switch tagging to virtual machine tagging?

    André



  • 5.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 07:01 PM

    It is for a specific vm that needs to work with those VLAN IDs.

    But as I said before, we have standard switches for the different services.

    I don't know if the hosts have unused ports, in this case I would have to validate it.

    Regarding assigning vlan ID 4095 in a portgroup, would it be the most recommended for this situation?



  • 6.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 07:12 PM

    Not necessarily the most recommended option (at least not in my opinion), because the VM will receive all tagged traffic from the vSwitch, which - besides the amount of traffic itself - could raise security concerns. However, in case of standard vSwitches that's the only option for VGT.

    André



  • 7.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 07:44 PM

    ok ok I understand.

    In case you have uplinks available on the ESXi, you could have those hosts simultaneously connected to a standard vswitch and a distributed vswitch



  • 8.  RE: Portgroups and VLAN ID

    Posted Jan 04, 2022 10:20 PM

    Yes.
    An Host can use vSS and vDS simultaneously. It helps if you have enough pNICs so that every vSwitch have atleast one Uplink

    We use a combination from  beginning with vSphere 4.0? since 2010 or so because for our IP based storage we would like to stay on vSS. All VMs and vMotion,FT use the vDS since then.

    Regards,
    Joerg



  • 9.  RE: Portgroups and VLAN ID

    Posted Jan 05, 2022 09:38 PM

    Hello,

    Thanks for all your comments,

    Seeing from another point of view, it could be feasible that at the physical switch level a trunk port is configured with those vlans and at the esxi level it can create the portgroups with their respective vlan id, I mean a portgroup for each vlan id



  • 10.  RE: Portgroups and VLAN ID

    Posted Jan 06, 2022 09:32 AM

    That's how this is usually done. Create port groups with the required VLAN-ID's, add additional virtual network adapters to your VM, and assign these network adapters to the port groups. Please note that the maximum number of virtual NICs per VM is 10.

    André



  • 11.  RE: Portgroups and VLAN ID

    Posted Jan 06, 2022 06:55 PM

    Ok ok, at the ESXi level I would do it like this, but at the physical switch level you should configure a trunk port with those allowed vlan.



  • 12.  RE: Portgroups and VLAN ID

    Posted Jan 06, 2022 07:16 PM

    Yes, for this to work, the physical switch port(s) need to be configured as tagged (802.1Q) ports with the required VLANs allowed.

    André



  • 13.  RE: Portgroups and VLAN ID

    Posted Jan 13, 2022 04:42 PM

    Good afternoon,

    again here, reviewing the recommendations that they indicated to me, and analyzing the scenarios.

    I have two options to offer the client:

    1- In the vm, add network adapters that are connected to the portgroups with their respective VLAN ID.

    2- Create a portgroup with VLAN ID 4095, and in this case at the operating system level (linux appliances) of the vm, add those VLAN IDs, in vm with Windows I have done it, but I would like to know if a linux level, is VGT possible?



  • 14.  RE: Portgroups and VLAN ID

    Posted Jan 13, 2022 05:54 PM

    I guess that this is possible with all Linux distribution, but why don't you just go with option 1 and avoid additional/unnecessary guest network configurations? The configuration for the physical network port(s) is the same in both cases.

    André



  • 15.  RE: Portgroups and VLAN ID

    Posted Apr 28, 2023 01:06 PM

    I am creating a virtual firewall and will have a virtualized network interface going to my Internet ISP. I am not planning on bringing this connection to a switch. I am just going to plug it into the physical NIC on my OPNsense server. On the virtual switch/port group side would I just use 0 for the vlan?