Objective 2.2 – Configure and Maintain VLANs, PVLANs and VLAN Settings

Knowledge

• Identify types of VLANs and PVLANs

Skills and Abilities

• Determine use cases for and configure VLAN Trunking
• Determine use cases for and configure PVLANs
• Use command line tools to troubleshoot and identify VLAN configurations

Tools

• vSphere Command-Line Interface Installation and Scripting Guide
• ESX Configuration Guide
• ESXi Configuration Guide
• Product Documentation
• vSphere Client
• vSphere CLI
  • vicfg-*

Notes

Determine use cases for and configure VLAN Trunking

Several good blog articles that describe configuring VLAN Trunking on both the VMware and switch side can be found below.

• http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1515418,00.html
• http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1515654,00.html
• http://blog.scottlowe.org/2010/04/23/configuring-inter-vlan-routing/
• http://blog.scottlowe.org/2008/09/05/vmware-esx-nic-teaming-and-vlan-trunking-with-hp-procurve/

Determine use cases for and configure PVLANs

I would recommend checking out Eric Sloof’s video training session on PVLANs.

• A private VLAN is an extension of the VLAN standard.
• It allows further segmentation to create private groups.
• This means others cannot see hosts in the same PVLAN, with the exception of those in the promiscuous PVLAN.

VMware has a good knowledge base article on configuring PVLANs on vNetwork Distributed Switches. The procedures below, from the article, explain how to create a PVLAN table and set the PVLAN in the dvPortGroup.

To create the PVLAN table in the dvSwitch:

1. In vCenter, go to Home > Inventory > Networking.
2. Click Edit Setting for the dvSwitch.
3. Choose the Private VLAN tab.
4. On the Primary tab, add the VLAN that is used outside the PVLAN domain. Enter a private VLAN ID and/or choose one from the list.
5. On the Secondary tab, create the PVLANs of the desired type. Enter a VLAN ID in the VLAN ID field.
6. Select the Type for the Secondary VLANID. Choose one of the options from the dropdown menu.
   • Isolated
   • Community
     Note: There can be only one Promiscuous PVLAN and is created automatically for you.
     Beware: Before deleting any primary/secondary PVLANs, make sure that they are not in use or the operation is not be performed.
7. Click OK.

To set PVLAN in the dvPortGroup:

1. Highlight dvPortGroup and click Edit Settings.
2. Click General> VLAN > Policies.
3. Using the dropdown, set the VLAN type to Private.
4. Select VLAN from the Private VLAN Entry dropdown.
   Note: The VLANs created in step 1 are listed here.

Use command line tools to troubleshoot and identify VLAN configurations

Reference the vSphere Command Line reference.

Show VLAN of port groups vicfg-vswitch -l