KB ID 0001065
Problem
If you don’t need different virtual machines to be in different VLANS on your vSphere/ESXi servers then you probably just connect everything together and it all works fine. I was trying to carve off some hosts into their own VLAN today, and setup a new vSwitch.
or if you prefer to work in the fat client.
Now you can see (above), I’ve presented one physical NIC to this vSwitch (vmnic1). This is patched into a Cisco 3750 Catalyst switch. I configured this switch as an ‘access port’ in VLAN 200, I made sure VLAN 200 had an IP address (an SVI address on the switch). and hit a brick wall!
No entries in the switch MAC address table, no bytes being transmitted from the VM, nothing?
Solution
I was pondering on this during my drive home, and the thought struck me, “I’ve got a ‘port group’ in VLAN 200. I had made the port on the Cisco switch an ‘access port’, so I could never add another port group with another VLAN, that’s probably why it’s not working”.
Now if I was connecting two ‘real’ switches together and wanted to do this, I would need to create a ‘trunk’ port between the two switches, and ‘allow’ VLANs across the trunk, (or allow all VLANs).
Just because you are connecting to a VMware virtual switch the process is the same, even if you only have one port group and VLAN connecting to the vSwitch! You CANT configure trunking on the virtual switch (because it does not support DTP), so you need to do everything on the Cisco Catalyst Switch.
In the example below you will need to change the port and VLAN to match your own (highlighted in red).
interface FastEthernet1/0/2 description Connected to ESX vmnic1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 200 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk
Here’s me carrying out the procedure on my 3750;
User Access Verification Password: Petes-3750>enable Password:******** Petes-3750#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Petes-3750(config)#interface fastEthernet 1/0/2 Petes-3750(config-if)# description Connected to ESX vmnic1 Petes-3750(config-if)# switchport trunk encapsulation dot1q Petes-3750(config-if)# switchport trunk allowed vlan 200 Petes-3750(config-if)# switchport mode trunk Petes-3750(config-if)# switchport nonegotiate Petes-3750(config-if)# spanning-tree portfast trunk %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION Petes-3750(config-if)#exit Petes-3750(config)#exit Petes-3750#write mem Building configuration... [OK] Petes-3750#
ESX/Cisco ‘Switchport Mode Access’
So can you do this? Yes you can, as long as you DO NOT specify the VLAN number on the vSwitch ‘port group’.
To prove it here’s another switch, connected to vmnic2, it has NO VLAN ID, and it’s connected to port FastEthernet 1/0/5 on my switch. Here is the configuration for that, (again this assumes you have VLAN 201 created with an SVI);
Petes-3750#show run Interface FastEthernet 1/0/5 Building configuration...
Current configuration : 148 bytes ! interface FastEthernet1/0/5 description Connected to ESX vmnic2 switchport access vlan 201 switchport mode access spanning-tree portfast end
Petes-3750#
Related Articles, References, Credits, or External Links
NA
