Knowledge
- Identify types of VLANs and PVLANs
Skills and Abilities
- Determine use cases for and configure VLAN Trunking
- Determine use cases for and configure PVLANs
- Use command line tools to troubleshoot and identify VLAN configurations
Tools
- vSphere Command-Line Interface Installation and Scripting Guide
- ESX Configuration Guide
- ESXi Configuration Guide
- Product Documentation
- vSphere Client
- vSphere CLI
- vicfg-*
Notes
Determine use cases for and configure VLAN Trunking
Several good blog articles that describe configuring VLAN Trunking on both the VMware and switch side can be found below.
- http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1515418,00.html
- http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1515654,00.html
- http://blog.scottlowe.org/2010/04/23/configuring-inter-vlan-routing/
- http://blog.scottlowe.org/2008/09/05/vmware-esx-nic-teaming-and-vlan-trunking-with-hp-procurve/
Determine use cases for and configure PVLANs
I would recommend checking out Eric Sloof’s video training session on PVLANs.
- A private VLAN is an extension of the VLAN standard.
- It allows further segmentation to create private groups.
- This means others cannot see hosts in the same PVLAN, with the exception of those in the promiscuous PVLAN.
VMware has a good knowledge base article on configuring PVLANs on vNetwork Distributed Switches. The procedures below, from the article, explain how to create a PVLAN table and set the PVLAN in the dvPortGroup.
To create the PVLAN table in the dvSwitch:
- In vCenter, go to Home > Inventory > Networking.
- Click Edit Setting for the dvSwitch.
- Choose the Private VLAN tab.
- On the Primary tab, add the VLAN that is used outside the PVLAN domain. Enter a private VLAN ID and/or choose one from the list.
- On the Secondary tab, create the PVLANs of the desired type. Enter a VLAN ID in the VLAN ID field.
- Select the Type for the Secondary VLANID. Choose one of the options from the dropdown menu.
- Isolated
- Community
Note: There can be only one Promiscuous PVLAN and is created automatically for you.
Beware: Before deleting any primary/secondary PVLANs, make sure that they are not in use or the operation is not be performed.
- Click OK.
To set PVLAN in the dvPortGroup:
- Highlight dvPortGroup and click Edit Settings.
- Click General> VLAN > Policies.
- Using the dropdown, set the VLAN type to Private.
- Select VLAN from the Private VLAN Entry dropdown.
Note: The VLANs created in step 1 are listed here.
Use command line tools to troubleshoot and identify VLAN configurations
Reference the vSphere Command Line reference.
Show VLAN of port groups vicfg-vswitch -l