Enable the VMware ESXi virtual switch to support VLAN

Currently, virtualization is widely used. Generally, a physical host can create multiple virtual machines on a physical host after installing VMware ESXi or Hyper-V Virtual Machine Software, in addition, each created virtual machine can provide external services like the original physical machine, which can undoubtedly make full use of server resources to save power and space. But when most of our friends use virtual machines, there is also a problem: the physical host performance is high enough. Generally, 64 GB memory is configured, and two intel CPU hosts with 6 cores are configured, you can create 30 ~ 60 virtual machines. However, physical hosts are generally only configured with 2 ~ Four NICs, each of which is connected to only one CIDR block. The enterprise network may be divided into multiple VLANs. In this way, how can these virtual machines flexibly use IP addresses of different network segments? To solve this problem, we need to make the "virtual switch supports VLAN". This article introduces this aspect.

1 experiment environment overview

If you want to create a virtual machine in VMware ESXi, you need to use addresses of other network segments.In vSphere vswitches, VLAN is divided based on physical switches.

VMware Workstation and VMware ESXi are virtual machine software that can simulate multiple "virtual" computers on a physical machine. The virtual switch is similar to this. The vswitch is bound to a physical Nic, and the "virtual computer" is connected to the "virtual switch" through the "virtual machine port group" of the "virtual switch ", then, communicate with computers and virtual machines in other networks on the host through the physical network card bound to the vswitch. Each vswitch can be bound to one or more vswitches that do not bind a physical Nic. Therefore, it cannot communicate directly with the host network ).

The attribute of the vswitch port bound to the physical Nic determines whether the vswitch can divide VLANs. To put it simply, if a physical Nic is connected to a common switch or an Access port connected to a layer-3 Switch, that is, a common VLAN-based port), then the virtual switch bound to the physical Nic, only the VLAN specified by the Access port can be set. If the physical network adapter is connected to the Trunk port of the layer-3 switch, you can divide or add the virtual machine port group to the virtual switch bound to the physical network adapter, each added port group can divide or specify a VLAN and communicate with other computers in the network through the connected layer-3 switch. The following describes a specific instance.

To implement VLAN functions in a vswitch, it must be used with a layer-3 switch in the network, as shown in Figure 1-1 of the experiment topology in this section.

650) this. width = 650; "height =" 213 "title =" clip_image002 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image002 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92332-0.jpg "border =" 0 "/>

-1 vswitch Network Topology

In the-1 topology, there is a layer-3 Switch and a server with two NICs. A layer-3 switch is divided into six VLANs: VLAN2001, VLAN2002, VLAN2003, VLAN2004, VLAN2005, and VLAN2006. The CIDR blocks of each VLAN are shown in Table 4-1.

Table 4-1 VLAN, address, and gateway for layer-3 switches

VLAN	Address	Gateway address
VLAN2001	172.18.91.0/255.255.255.0	172.18.91.254
VLAN2002	172.18.92.0/255.255.255.0	172.18.92.254
VLAN2003	172.18.93.0/255.255.255.0	172.18.93.254
VLAN2004	172.18.94.0/255.255.255.0	172.18.94.254
VLAN2005	172.18.95.0/255.255.255.0	172.18.95.254
VLAN2006	172.18.96.0/255.255.255.0	172.18.96.254

The main configuration parameters of a layer-3 Switch are as follows:

<3526b> disp curr

#

Sysname 3526b

#

Dhcp-server 1 ip address 172.18.96.1 172.18.96.5

#

Vlan 2001

Vlan 2002

Vlan 2003

Vlan 2004

Vlan 2005

Vlan 2006

Interface Vlan-interface2001

Ip address 172.18.91.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2002

Ip address 172.18.92.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2003

Ip address 172.18.93.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2004

Ip address 172.18.94.254 255.255.255.0

Dhcp-server 2

#

Interface Vlan-interface2005

Ip address 172.18.95.254 255.255.255.0

Dhcp-server 1

#

Interface Vlan-interface2006

Ip address 172.18.96.254 255.255.255.0

Dhcp-server 2

#

Interface Ethernet0/1

Port access vlan 2001

#

Interface Ethernet0/2

Port access vlan 2001

#

Interface Ethernet0/3

Port access vlan 2002

#

Interface Ethernet0/4

Port access vlan 2002

#

Interface Ethernet0/5

Port access vlan 2003

#

Interface Ethernet0/6

Port access vlan 2003

#

Interface Ethernet0/7

Port access vlan 2004

#

Interface Ethernet0/8

Port access vlan 2004

#

Interface Ethernet0/9

Port access vlan 2005

#

#

Interface Ethernet0/14

Port access vlan 2006

#

Interface Ethernet0/15

Port access vlan 2006

#

Interface Ethernet0/16

Port access vlan 2006

#

Interface Ethernet0/23

Port link-type trunk

Port trunk permit vlan all

Interface Ethernet0/24

Port link-type trunk

Port trunk permit vlan all

Interface GigabitEthernet1/1

#

VMware ESXi 5.1 is installed on this server. The first Nic of this server is connected to an Access port, which is divided into VLAN2006 and the management address 172.18.96.11 is set for this Nic; the other network adapter connects to the Trunk port of the switch to port 23 or 24 of the switch ).

Next, let's take a look at how to enable VLAN for a vswitch and assign it to a virtual machine.

2. Add a vswitch for the NIC connected to the Trunk Port

Connect to the VMware ESXi Server using the vSphere Client. In "configuration> network", you can see that there is only one vswitch and the management address 172.18.96.11 is assigned to the vswitch, as shown in figure 1-2.

650) this. width = 650; "height =" 380 "title =" clip_image004 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image004 "src =" http://www.bkjia.com/uploads/allimg/131228/060F91153-1.png "border =" 0 "/>

-2 Current Network

1) In-2, click the "add network" link to enter the "add Network Wizard" dialog box, and select "Virtual Machine" in "connection type ".

2) In the "virtual machine-network access" dialog box, select "create vSphere Standard switch", and select the second Nic to connect to the switch Trunk port), as shown in figure 1-4.

650) this. width = 650; "height =" 423 "title =" clip_image006 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image006 "src =" http://www.bkjia.com/uploads/allimg/131228/060F91945-2.png "border =" 0 "/>

-4 create a standard switch

3) in the "port group properties" VLAN group, add the first available VLAN tag in the "Network tag" area, add VLAN2001 here, and enter the corresponding VLAN in the "VLANID" text box, this is shown in-5.

650) this. width = 650; "height =" 377 "title =" clip_image008 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image008 "src =" http://www.bkjia.com/uploads/allimg/131228/060F95360-3.png "border =" 0 "/>

-5 add network tags and select VLANs

4) in the "coming soon" dialog box, the virtual machine port group to be added is displayed.

After returning to the vSphere Client console, you can see that the second standard switch has been added, as shown in figure 1-7. Only VLAN2001 virtual machine port groups are available in this standard switch.

650) this. width = 650; "height =" 380 "title =" clip_image010 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image010 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92Q8-4.png "border =" 0 "/>

-7. vswitch added

3. Add virtual machine port groups for other VLANs

In the previous operation, when creating a vswitch, you have added the virtual machine port group VLAN2001. Next, you need ~ Add a virtual machine port group in VLAN2006, and add VLAN2002 as an example.

1) In-7, select the second vswitch, click the "properties" link, open the "vSwitch1 CH1 "dialog box, and click the "add" button, as shown in figure 1-8.

650) this. width = 650; "height =" 421 "title =" clip_image012 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image012 "src =" http://www.bkjia.com/uploads/allimg/131228/060F96228-5.png "border =" 0 "/>

-8 Add a virtual machine port group

2) Select "Virtual Machine" in the connection type ".

3) In "port group properties", add VLAN2002 to "network tag" and enter the corresponding VLAN2002 in the "VLAN" text box, as shown in figure 1-10.

650) this. width = 650; "height =" 423 "title =" clip_image014 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image014 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92196-6.png "border =" 0 "/>

-10 set the virtual machine port group name

4) in the "coming soon" dialog box, click the "finish" button to add the virtual machine port group.

5) return to the "vSwitch1 properties" dialog box. Next, click the "add" button to continue adding other virtual machine port groups. For details, refer to 1 )~ 4) step, in sequence VLAN2003 ~ Add VLAN2006. After all the virtual machine port groups are added, click "close" to return.

After returning to the vSphere Client console, you can see two vswitches, as shown in figure 1-14.

650) this. width = 650; "height =" 421 "title =" clip_image016 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image016 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92013-7.png "border =" 0 "/>

-14 Added vswitches and virtual machine port groups

4. Verify in the VM

In the future virtual machine usage, assign the corresponding virtual machine port group to the virtual machine, that is, assign it to the specified VLAN. The following is an experiment.

1) Start a virtual machine and modify its attributes. Change the network label to VLAN2001, as shown in figure 1-15.

650) this. width = 650; "height =" 510 "title =" clip_image018 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image018 "src =" http://www.bkjia.com/uploads/allimg/131228/060F94040-8.png "border =" 0 "/>

-15 modify Virtual Machine Network Properties

2) log on to the VM and view the current network configuration, as shown in figure 1-16. As you can see, the current computer obtains the IP address of 172.18.91.200, which complies with the DHCP server configured in the allocation network of Table 4-1 ).

650) this. width = 650; "height =" 400 "title =" clip_image020 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image020 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92109-9.png "border =" 0 "/>

-16 view the current IP Address

3) run the ping command to test the connectivity of other network segments. You can test the connectivity of the DHCP server 172.18.96.1, as shown in figure 1-17. As you can see, the test is very successful!

650) this. width = 650; "height =" 400 "title =" clip_image022 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image022 "src =" http://www.bkjia.com/uploads/allimg/131228/060F94360-10.png "border =" 0 "/>

-17 test network connectivity

4) change the Virtual Machine network to another network segment, as shown in VLAN2005, 1-18.

650) this. width = 650; "height =" 322 "title =" clip_image024 "style =" margin: 0px; border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image024 "src =" http://www.bkjia.com/uploads/allimg/131228/060F93K5-11.png "border =" 0 "/>

-18 modify Virtual Machine Network Properties

5) Go to the VM again, disable and enable the NIC, and then enter the command prompt again to check whether the current address is the VLAN2005 address, and run the ping command to test it, as shown in figure 1-19, the test is still successful.

650) this. width = 650; "height =" 400 "title =" clip_image026 "style =" border: 0px currentcolor; background-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; "alt =" clip_image026 "src =" http://www.bkjia.com/uploads/allimg/131228/060F92Y3-12.png "border =" 0 "/>

-19 test in VLAN2005 network segment

Note: You can also set the switch port that is connected to the ESXi Nic to "Trunk" and set the VLAN in the management address.

This article from the "Wang chunhai blog" blog, please be sure to keep this source http://wangchunhai.blog.51cto.com/225186/1296309