VLAN configuration on virtual switches, physical switches, and virtual machines

Purpose

This article describes the various VLAN tagging methods used with ESXi/ESX.

Virtual LAN (VLAN) implementation is recommended in ESXi/ESX networking environments because:

• It integrates ESXi/ESX into a pre-existing network
• It secures network traffic
• It reduces network traffic congestion
• iSCSI traffic requires an isolated network

Resolution

  

 

There are three methods of VLAN tagging that can be configured on ESXi/ESX:

• External Switch Tagging (EST)
• Virtual Switch Tagging (VST)
• Virtual Guest Tagging (VGT)

External Switch Tagging (EST)

• All VLAN tagging of packets is performed on the physical switch.
• ESXi/ESX host network adapters are connected to access ports on the physical switch.
• The portgroups connected to the virtual switch must have their VLAN ID set to 0.
• For more information, see Sample Configuration - ESXi/ESX connecting to physical switch via VLAN access mode and External Switch VLAN Tagging (EST Mode) (1004127).
• See this example snippet of a code from a Cisco switch port configuration:
  
  switchport mode access
switchport access vlan x

Virtual Switch Tagging (VST)

• All VLAN tagging of packets is performed by the virtual switch before leaving the ESXi/ESX host.
• The ESXi/ESX host network adapters must be connected to trunk ports on the physical switch.
• The portgroups connected to the virtual switch must have an appropriate VLAN ID specified.
• For more information, see Configuring a VLAN on a portgroup (1003825).
• For a sample of VST, see Sample configuration of virtual switch VLAN tagging (VST Mode) (1004074).
• See this example snippet of code from a Cisco switch port configuration:
  
  switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan x,y,z
spanning-tree portfast trunk

Note: The Native VLAN is not tagged and thus requires no VLAN ID to be set on the ESXi/ESX portgroup.

Virtual Guest Tagging (VGT)

• All VLAN tagging is performed by the virtual machine.
• You must install an 802.1Q VLAN trunking driver inside the virtual machine.
• VLAN tags are preserved between the virtual machine networking stack and external switch when frames are passed to/from virtual switches.
• Physical switch ports are set to trunk port.
• For more information, see Sample configuration of virtual machine (VM) VLAN Tagging (VGT Mode) in ESX (1004252).
• See this example snippet of code from a Cisco switch port configuration:
  
  switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan x,y,z
spanning-tree portfast trunk

For additional information on these configurations, see VMware ESX Server 3: 802.1Q VLAN Solutions.

Source:-

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1003806