Enable VMwareESXi vswitch to support VLAN

Enable VMwareESXi vswitch to support VLAN

Currently, virtualization is widely used. Generally, a physical host can create multiple virtual machines on a physical host after installing VMware ESXi or Hyper-V Virtual Machine Software, in addition, each created virtual machine can provide external services like the original physical machine, which can undoubtedly make full use of server resources to save power and space. But when most of our friends use virtual machines, there is also a problem: the physical host performance is high enough. Generally, 64 GB memory is configured, and two intel CPU hosts with 6 cores are configured, you can create 30 ~ 60 virtual machines. However, physical hosts are generally only configured with 2 ~ Four NICs, each of which is connected to only one CIDR block. The enterprise network may be divided into multiple VLANs. In this way, how can these virtual machines flexibly use IP addresses of different network segments? To solve this problem, we need to make the "virtual switch supports VLAN". This article introduces this aspect.

1 experiment environment overview

If you want to create a virtual machine in VMware ESXi and use the IP address of another network segment, you need to create a VLAN for the virtual port in the vSphere Virtual Switch following the physical switch.

VMware Workstation and VMware ESXi are virtual machine software that can simulate multiple "virtual" computers on a physical machine. The virtual switch is similar to this. The vswitch is bound to a physical Nic, and the "virtual computer" is connected to the "virtual switch" through the "virtual machine port group" of the "virtual switch ", then, communicate with computers and virtual machines in other networks on the host through the physical network card bound to the vswitch. Each vswitch can be bound to one or more physical NICs (vswitches without physical NICs cannot communicate directly with the host network ).

The attribute of the vswitch port bound to the physical Nic determines whether the vswitch can divide VLANs. To put it simply, if the physical network adapter is connected to a common switch or an Access port of a layer-3 Switch (that is, a common VLAN-based port), then the virtual switch bound to the physical network adapter, only the VLAN specified by the Access port can be set. If the physical network adapter is connected to the Trunk port of the layer-3 switch, you can divide (or add) the vlan on the vswitch bound to the physical network adapter) virtual Machine port group. Each added port group can divide or specify a VLAN and communicate with other computers in the network through the connected layer-3 switch. The following describes a specific instance.

To implement VLAN functions in a vswitch, it must be used with a layer-3 switch in the network, as shown in Figure 1-1 of the experiment topology in this section.

-1 vswitch Network Topology

In the-1 topology, there is a layer-3 Switch and a server with two NICs. A layer-3 switch is divided into six VLANs: VLAN2001, VLAN2002, VLAN2003, VLAN2004, VLAN2005, and VLAN2006. The CIDR blocks of each VLAN are shown in Table 4-1.

Table 4-1 VLAN, address, and gateway for layer-3 switches

VLAN	Address	Gateway address
VLAN2001	172.18.91.0/255.255.255.0	172.18.91.254
VLAN2002	172.18.92.0/255.255.255.0	172.18.92.254
VLAN2003	172.18.93.0/255.255.255.0	172.18.93.254
VLAN2004	172.18.94.0/255.255.255.0	172.18.94.254
VLAN2005	172.18.95.0/255.255.255.0	172.18.95.254
VLAN2006	172.18.96.0/255.255.255.0	172.18.96.254

The main configuration parameters of a layer-3 Switch are as follows:

<3526b> disp curr

#

Sysname 3526b

#

Dhcp-server 1 ip address 172.18.96.1 172.18.96.5

#

Vlan 2001

Vlan 2002

Vlan 2003

Vlan 2004

Vlan 2005

Vlan 2006

Interface Vlan-interface2001

Ip address 172.18.91.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2002

Ip address 172.18.92.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2003

Ip address 172.18.93.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2004

Ip address 172.18.94.254 255.255.255.0

Dhcp-server 2

#

Interface Vlan-interface2005

Ip address 172.18.95.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2006

Ip address 172.18.96.254 255.255.255.0

Dhcp-server 2

#

Interface Ethernet0/1

Port access vlan 2001

#

Interface Ethernet0/2

Port access vlan 2001

#

Interface Ethernet0/3

Port access vlan 2002

#

Interface Ethernet0/4

Port access vlan 2002

#

Interface Ethernet0/5

Port access vlan 2003

#

Interface Ethernet0/6

Port access vlan 2003

#

Interface Ethernet0/7

Port access vlan 2004

#

Interface Ethernet0/8

Port access vlan 2004

#

Interface Ethernet0/9

Port access vlan 2005

#

#

Interface Ethernet0/14

Port access vlan 2006

#

Interface Ethernet0/15

Port access vlan 2006

#

Interface Ethernet0/16

Port access vlan 2006

#

Interface Ethernet0/23

Port link-type trunk

Port trunk permit vlan all

Interface Ethernet0/24

Port link-type trunk

Port trunk permit vlan all

Interface GigabitEthernet1/1

#

VMware ESXi 5.1 is installed on this server. The first Nic of this server is connected to an Access port, which is divided into VLAN2006 and the management address 172.18.96.11 is set for this Nic; the other network adapter connects to the Trunk port of the vswitch (port 23 or 24 of the vswitch ).

Next, let's take a look at how to enable VLAN for a vswitch and assign it to a virtual machine.

2. Add a vswitch for the NIC connected to the Trunk Port

Connect to the VMware ESXi Server using the vSphere Client. In "configuration> network", you can see that there is only one vswitch and the management address 172.18.96.11 is assigned to the vswitch, as shown in figure 1-2.

-2 Current Network <喎?http: www.bkjia.com kf ware vc " target="_blank" class="keylink"> VcD4KPHA + kernel/kernel + qGxo6yyotGh1PG12rb + v + nN + L + kernel + lRydW5rtsu/2 rXEzfi/qKOpo6zI5828MS00y/kernel "http://www.2cto.com/uploadfile/Collfiles/20141010/2014101009210085.jpg" alt = "\">

-4 create a standard switch

(3) In the "port group attributes" VLAN group, add the first available VLAN tag in the "Network tag" area, and add VLAN2001 here, enter the corresponding VLAN in the "VLANID" text box, as shown in-5.

-5 add network tags and select VLANs

(4) In the "coming soon" dialog box, the virtual machine port group to be added is displayed.

After returning to the vSphere Client console, you can see that the second standard switch has been added, as shown in figure 1-7. Only VLAN2001 virtual machine port groups are available in this standard switch.

-7. vswitch added

3. Add virtual machine port groups for other VLANs

In the previous operation, when creating a vswitch, you have added the virtual machine port group VLAN2001. Next, you need ~ Add a virtual machine port group in VLAN2006, and add VLAN2002 as an example.

(1) In-7, select the second vswitch, click the "properties" link, open the "vSwitch1 CH1 "dialog box, and click the "add" button, as shown in figure 1-8.

-8 Add a virtual machine port group

(2) Select "Virtual Machine" in the connection type ".

(3) In "port group properties", add VLAN2002 to "network tag" and enter the corresponding VLAN2002 in the "VLAN" text box, as shown in figure 1-10.

-10 set the virtual machine port group name

(4) In the "coming soon" dialog box, click the "finish" button to add the virtual machine port group.

(5) return to the "vSwitch1 "dialog box. Next, click the "add" button to continue adding other virtual machine port groups. For details, refer to (1 )~ (4) steps, in sequence VLAN2003 ~ Add VLAN2006. After all the virtual machine port groups are added, click "close" to return.

After returning to the vSphere Client console, you can see two vswitches, as shown in figure 1-14.

-14 Added vswitches and virtual machine port groups

4. Verify in the VM

In the future virtual machine usage, assign the corresponding virtual machine port group to the virtual machine, that is, assign it to the specified VLAN. The following is an experiment.

(1) Start a virtual machine and modify its attributes. Change the network label to VLAN2001, as shown in figure 1-15.

-15 modify Virtual Machine Network Properties

(2) log on to the VM and view the current network configuration, as shown in figure 1-16. As you can see, the current computer obtains the IP address of 172.18.91.200, which complies with the allocation in Table 4-1 (DHCP server configured in the network ).

-16 view the current IP Address

(3) run the ping command to test the connectivity of other network segments. You can test the connectivity of the DHCP server 172.18.96.1, as shown in figure 1-17. As you can see, the test is very successful!

-17 test network connectivity

(4) change the Virtual Machine network to another network segment, as shown in VLAN2005, 1-18.

-18 modify Virtual Machine Network Properties

(5) enter the VM again, disable and enable the NIC, and then enter the command prompt again to check whether the current address is the VLAN2005 address, and run the ping command to test it, as shown in figure 1-19, the test is still successful.

-19 test in VLAN2005 network segment

[Note] You can also set the switch port that is connected to the ESXi Nic to "Trunk" and set the VLAN in the management address.