Knowledge Base

VLAN Access and Layer 2 switching

• Physical LAN switch is configured for Virtual LAN (VLAN) segmentation.
• ESX simply connects to a switch port that belongs to a VLAN at physical switch level.
• Cisco defines a VLAN as a broadcast domain within a switched network.
• VLANs allow you to segment your switched network so that broadcast domains are smaller, leaving more bandwidth for your end nodes.
• Devices that are in one VLAN do not receive broadcasts from devices in another VLAN.
• For devices on different VLANs to communicate, a layer 3 device (usually a router) must be used.
• VLAN configuration is recommended for securing network traffic.

Virtual Switch (ESX) configuration to connect to VLAN switch port

• No VLAN configuration is required on ESX side.
• Set ESX port group to belong to VLAN 0.
• Value zero as VLAN means that the vSwitch is not VLAN tagging the ESX packets.
• Virtual switch NIC teaming policy set to route based on originating virtual port ID by default depending if ether-channel is enabled on switch port.
• If Ether-channel is configured on Cisco switch port virtual switch NIC teaming policy is set to route base on IP HASH.

Physical Switch Configuration (Cisco, HP, DELL, etc)

• Physical switch Mode Access (Layer2)
• Switch port access VLAN tagging (ID)
• Define VLAN interface
• Assign IP range to VLAN interface
• VLAN routing may be required or VLAN Isolation – (refer to VLAN layer 3 routing Article)

The following commands are applied on Cisco IOS to configure switch port for VLAN access:

interface GigabitEthernet1/15

switchport                     ( Configures the LAN port for Layer 2 switching)

switchport access vlan vlan_ID ( The value can be 1 through 4094, except reserved VLANs)
switchport mode access         ( Configures the port to be an access port to prevent trunk negotiation delays)

spanning-tree portfast         ( Configure port-fast for initial STP delay)  

The following is a sample EST topology:

Configuration within the Virtual Infrastructure Client

To configure this within the Virtual Infrastructure Client:

1. Highlight the ESX Server host
2. Click Configuration > Networking > Properties.
3. Highlight the virtual switch in the Ports tab.
4. Click Edit.
5. Click the General tab.
6. Type a value of 0 or NONE in the VLAN ID field. This indicates that VLAN Tagging is off.
7. Click the NIC Teaming tab.
8. From the Load Balancing dropdown, choose Route based on originating virtual port ID
9. Verify that there is at least one network adapter listed under ActiveAdapters

To perform VLAN configuration and verification via command line:

• Run the following command:
  
  esxcfg-vswitch –l
  
  The results appear similar to:

Switch Name   Num Ports  Used Ports  Configured Ports  MTU    Uplinks

vSwitch0      64         5          64               1500   vmnic3,vmnic1

PortGroup Name     VLAN ID  Used Ports  Uplinks

VM Network         0          0          vmnic1,vmnic3

Service Console    0         1          vmnic1,vmnic3

Switch Name   Num Ports  Used Ports  Configured Ports  MTU    Uplinks

vSwitch2      64         8          64               1500   vmnic2,vmnic0

PortGroup Name     VLAN ID  Used Ports  Uplinks

VMkernel           0          1         vmnic0,vmnic2

Service Console 2  0          1          vmnic0,vmnic2

Production         0          2          vmnic0,vmnic2

 

• If the VLAN ID is missing or incorrect, correct the VLAN ID value with the following command:  
  
  esxcfg-vswitch -v <VLAN> -p “Service Console” vSwitch0