VLAN Cheat Sheet for VMware & Cisco
I recently found myself in the midst of having to setup some VLANs from scratch in an environment that was a hodgepodge of switches. The terms alone between vendors can drive you mad (e.g. access mode vs untagged, dot1q trunk vs. tagged, etc.)
Long story short, we got the switches down to either Cisco Catalysts or Cisco Small Business switches. After hopping between switch models enough times, the commands would just get muddled up in my head. Finally, after the umpteenth typo, I made some cheat sheets for myself as I found I was issuing the same commands over and over, but depending on the switch product line, it was slightly different.
To start off, let’s look at the Cisco Catalyst series:
Create VLANs
Switch1#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#vlan 10 Switch1(config-vlan)#name Clients Switch1(config-vlan)#vlan 20 Switch1(config-vlan)#name Webserver Switch1(config-vlan)# exit
Add Port to VLANs
Switch1(config)#interface gigabitEthernet 0/8 Switch1(config-if)#switchport access vlan 10
Trunk VLANs
Switch1(config)#interface GigabitEthernet 0/5 Switch1(config-if)#switchport mode trunk Switch1(config-if)#switchport trunk allowed vlan 1,10,20
And for the Cisco Small Business Series:
Create VLANs
Switch1(config)#interface vlan 10 Switch1(config-if)#name clients
Add Port to VLANs
Switch1(config-if)#interface gi1/1/1 Switch1(config-if)#switchport access vlan 10
Trunk VLANs
Switch1(config)#interface GigabitEthernet 1/1/1 Switch1(config-if)#switchport mode trunk Switch1(config-if)#switchport trunk allowed vlan add 20
You’ll see that they are similar … but not quite the same. Lot’s of typos and error messages along the way.
Lastly I had to get these hooked up into a few ESXi hosts. This part took longer than it should have as I could not get the VLANs on the vSphere side to talk properly to the VLANs on the switches (as well as physical hosts that I had plugged into them).
If you aren’t familiar with setting up VLANs on the host side, I’ll give a quick overview. There are three options when comes to VLANs (note that we aren’t talking about Private VLANs):
- EST – External Switch Tagging
- VST – Virtual Switch Tagging
- VGT – Virtual Guest Tagging
EST – In this scenario, the switch will do all the VLAN assignments (tagging). The guests are assigned to VLAN 0 and it is up to the switch to tag the packets. A use case for this might be if you have a bunch of VMs that all need the same VLAN, then you can pop them all onto the same virtual switch.
VST – The benefit here is that you can have multiple virtual switches using the same vSwitch and the same physical adapter(s). Say I have two groups of machines (Dev and Production), 1 physical network card plugged into a switch, and two port groups (A & B) defined on that physical network card. In this case we can assign all of the Dev machines to Port Group A, and all of the Production machines to Port Group B. Then, at the port group level, we can assign which VLAN to use. This lets you get multiple VLANs out of a single physical network card. Note that if you use this method, be sure that your physical switch port is set to trunking to allow it to receive traffic for multiple VLANs.
VGT – Using this method, you can assign VLANs within the individual guests. You’ll need to go into the advanced settings of the guests’ network cards to assign the VLAN. The port group should be configured as VLAN 4095 (all) in order to recognize all of the VLANs that the guests may be using. Using this mode, the physical switch port should be configured in trunk mode as well.
I have tended to stick to port groups in the past as I feel that visually they are easier to quickly identify what is running on what VLAN. If I have a machine like a DNS server that needs access to multiple VLANs, then I will typically add another vmnic to the guest and pop it onto the required port group.
Thanks for sharing, I was looking for something short and useful.