VLANs intro
VLANs (Virtual LANs) are logical groupings of devices in the same broadcast domain.
They are usually configured on switches by placing some ports into one broadcast domain and other ports into another.
VLANs can spread across multiple switches, enabling communications as if all virtual machines or ports in a VLAN are on the same physical LAN segment.
Here in networks pioneers Labs : we are using different subnet for each port group > so with somehow we don’t need VLAN technique ,
BUT
its good idea to have an overview of the concept if you are limited to IP network in your environment
VLANs advantages
VLANs offer many advantages, including but NOT limited to :
- broadcast traffic will be received and processed only by devices inside the same VLAN, which can improve network performance.
- users can be grouped by a department and not by the physical location.
- sensitive traffic can be isolated in a separate VLAN for the purpose of security.
VLAN tagging methods
There are three methods of VLAN tagging that can be configured on ESXi/ESX:
- External Switch Tagging (EST)
- Virtual Switch Tagging (VST)
- Virtual Guest Tagging (VGT)
External Switch Tagging (EST)
- All VLAN tagging of packets is performed on the physical switch.
- ESXi/ESX host network adapters are connected to access ports on the physical switch.
- The portgroups connected to the virtual switch must have their VLAN ID set to 0.
Virtual Switch Tagging (VST)
- All VLAN tagging of packets is performed by the virtual switch before leaving the ESXi/ESX host.
- The ESXi/ESX host network adapters must be connected to trunk ports on the physical switch.
- The portgroups connected to the virtual switch must have an appropriate VLAN ID specified.
Note: The Native VLAN is not tagged and thus requires no VLAN ID to be set on the ESXi/ESX portgroup.
Virtual Guest Tagging (VGT)
- All VLAN tagging is performed by the virtual machine.
- You must install an 802.1Q VLAN trunking driver inside the virtual machine.
- VLAN tags are preserved between the virtual machine networking stack and external switch when frames are passed to/from virtual switches.
- Physical switch ports are set to trunk port.
Configure VLAN for specific port group
when you create any port group it has been set VLAN ID to 0 > so you will see it cleared
we will change VLAN ID for port group vMotion from 0 to 101 for three ESXI host in pioneers environment
Please follow the steps to configure a port group with a VLAN ID on a standard virtual switch using vCenter [as the great tool to vSphere environment ] :
currently port group in each ESXI server has VLAN ID = 0
let us to change VLAN ID of ESXI 151
now port group called vMotion is belong to VLAN ID 101
but still the other ESXI belogin to default VLAN ID = 0
when try ping IP address of Port group > it will unreachable
let us to change VLAN ID for ort group vmotion in other ESXI servers with same yay above
now after change VLAN ID for port group in ALL ESXI host to 101
and try to ping them > it will pingable 🙂
Conclusion
VLAN is good technique to isolate your network from broadcasting congestion and provide some kind of security
BUT
don’t bother your self with it and try to use different subnet , until you have to [ this is my opinion as maher islaieh ]
