vSphere vNetwork

 View Only
  • 1.  vm belong to two vlans

    Posted Nov 15, 2011 08:26 AM

    We have a ESXi 4.1 host that has three Win2008 R2 VM's

    VM1 needs to communicate with VM2

    VM1 also needs to communicate with VM3

    VM2 must not be able to communicate with VM3

    We have attempted to achieve this by putting all VM's in their own port group.

    The VM1 port group having VLAN ID 4095

    The VM2 port group having VLAN ID 100

    The VM3 port group having VLAN ID 200

    The result is that neither machine can communicate.We were of the understanding that by having VM1 in a port group with VLAN ID 4095 it will be able to communicate with other VLANS on the same vSwitch. This does not appear to be the case.

    Any suggestions on how we can achieve the desired result?



  • 2.  RE: vm belong to two vlans



  • 3.  RE: vm belong to two vlans

    Posted Nov 15, 2011 11:37 PM

    We would like to avoid using VGT and use VST instead but can not determine a way to have a virtual machine (VM1) communicate with two other virtual machines (VM2 and VM3) whilst preventing VM2 and VM3 communicating with each other.

    Do you have any thoughts or ideas on this?



  • 4.  RE: vm belong to two vlans

    Posted Nov 15, 2011 11:46 PM

    Only a thought:

    Put VM2 and VM3 on two separate vSwitches and add additional virtual NICs to VM1 which are connected to these two vSwitches.

    André



  • 5.  RE: vm belong to two vlans

    Posted Nov 15, 2011 11:50 PM

    Thanks for your suggestions. I will be testing the configurations now and will advise the outcome.



  • 6.  RE: vm belong to two vlans

    Posted Nov 16, 2011 10:06 AM

    Considering there will be approx. 20 VMs in total that will be in this scenario we found the most appropraite method was to implement a Distributed Switch and configure Private VLANS to separate the virtual macine traffic.

    This has allowed us to have specific VMs to communicate with all other VMs (Promiscuos PVLAN) and other VMs that communicate in an Isolated PVLAN, that is, they cannot communicate between other VMs in the Isolated PVLAN but they can communicate with VMs in the Promiscuos PVLAN.



  • 7.  RE: vm belong to two vlans

    Posted Nov 16, 2011 10:19 AM