This is one of the smaller objectives plus only the PVLAN concepts and practices are new – VLAN support remains relatively unchanged from VI3 (although the vDS and it’s associated VLAN support is new).
Knowledge
- Identify types of VLANs and PVLANs
Skills and Abilities
- Determine use cases for and configure VLAN Trunking
- Determine use cases for and configure PVLANs
- Use command line tools to troubleshoot and identify VLAN configurations
Tools & learning resources
- Product Documentation
- vSphere Client
- vSphere CLI
- vicfg-*
Types of VLAN
VLANs are a network standard (802.1q) which are fully supported in vSphere. They can be used to minimise broadcast traffic and as a security measure to segregate traffic (although like any technology there are weaknesses). Typical uses for VLANs with vSphere are to isolate infrastructure (vMotion, iSCSI and NFS) traffic and VM traffic.
There are three main ways of using VLANs with vSphere (covered in this VMware whitepaper);
- Virtual guest tagging (VGT) – requires VLAN driver support in the guest OS
- Virtual Switch tagging (VST) – common option, requires VLAN trunking on external switches
- External switch tagging (EST) – less flexible and requires more physical NICs
In the Cisco world you set a port to be an ‘access port’ or a ‘trunk port’ if it’s going to carry multiple VLANs. VLAN IDs are 16 bit values giving a range of 0-4095. 4095 is used within vSphere to mean ‘all VLANs’ and is how you configure a portgroup when using VGT.
Configuring VLANs and VLAN trunking
For standard vSwitches you configure VLAN tags on portgroups. This configuration is done at the ESX host using the VI client (Configuration -> Networking);
- Use VLAN 0 when no VLAN tags are present (EST)
- Use VLAN 4095 to pass all VLANs (VGT)
Use a specific VLAN ID depending on the isolation required (VST)
Continue reading VCAP-DCA Study Notes – 2.2 Configure and Maintain VLANs and PVLANs