Saturday, October 26, 2019

VLAN's in ESXi - require seperate vswitches?



I am trying to configure two separate vlans in ESXi. Right now I have two vlan's set up on a single vswitch in separate port groups (one for vlan 100, one for vlan 110). None of the ports connected to the port group for vlan 100 can go anywhere, including the gateway. Everything connected to the port group for vlan 110 works just fine. I've verified that both VLANs are configured on the router and on the local physical switch. The physical switch ports are set up in trunking mode currently per the KB articles I could find for vlan setup.



The only other thing that may be a bit strange is that the management IP for esx/vsphere is located on vlan 110, though I'm not sure if that would make any difference.



Based on some of the EB's, will I need to set up a separate vswitch for each vlan instead of using two port groups on a single vswitch?




Edit: here is a screenshot
enter image description here



Here is the switchport config (this same config applied to each port connected):



interface GigabitEthernet2/3
 description basqa1vm01 Sig
 switchport
 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,110
 switchport mode trunk
 switchport nonegotiate
 no ip address
 wrr-queue cos-map 1 1 0 1
 wrr-queue cos-map 1 3 2
 wrr-queue cos-map 2 1 3
 wrr-queue cos-map 2 2 4 6 7
 no cdp enable
end


Answer



Separate vSwitches are only required when you need a hard separation of which physical up-links can be used.



The vSwitch itself will have a NIC teaming configuration which determines the default behavior for both port groups and kernel ports. Typically I set all NICs as active here for the default behavior.



Then at each port group or kernel port, you can override which NICs are active and which are standby for that object, unless you run into performance tuning issues, you can be lazy and not do this and just leave all the NICs as active.



In a performance scenario, you might set the vSwitch default to use all uplinks, and then set management to use the first NIC standby to the rest. vMotion to use the 2nd NIC, standby to the rest, and so forth.




So in this case... if both physical uplinks have been added to the vSwitch, and you've set the VLAN-ID on each port group, and one works, and one does not I am going to guess that either:



1) you have the native VLAN set on the other side as the one that is working



or



2) you haven't sent all the vlans down the trunk



How about a screenshot of this vSwitch?




What type of physical switch are you uplinking to?


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...