VMware Esxi 三种VLAN tagging methods (网络工作原理）

michellc

VLAN configuration on virtual switches, physical switches, and virtual machines(1003806)
Purpose
This article describes the various VLAN tagging methods used with ESXi/ESX.

Virtual LAN (VLAN) implementation is recommended in ESXi/ESX networking environments because:

• 　　It integrates ESXi/ESX into a pre-existing network
  
• 　　It secures network traffic
  
• 　　It reduces network traffic congestion
  
• 　　iSCSI traffic requires an isolated network
  

Resolution


There are three methods of VLAN tagging that can be configured on ESXi/ESX:

• 　　External Switch Tagging (EST)
  
• 　　Virtual Switch Tagging (VST)
  
• 　　Virtual Guest Tagging (VGT)
  

External Switch Tagging (EST)

• 　　All VLAN tagging of packets is performed on the physical switch.
  
• 　　ESXi/ESX host network adapters are connected to access ports on the physical switch.
  
• 　　The portgroups connected to the virtual switch must have their VLAN ID set to 0.
  
• 　　For more information, see Sample Configuration - ESXi/ESX connecting to physical switch via VLAN access mode and External Switch VLAN Tagging (EST Mode) (1004127).
  
• 　　See this example snippet of a code from a Cisco switch port configuration:
  
  switchport mode access
  switchport access vlan x
  

Virtual Switch Tagging (VST)

• 　　All VLAN tagging of packets is performed by the virtual switch before leaving the ESXi/ESX host.
  
• 　　The ESXi/ESX host network adapters must be connected to trunk ports on the physical switch.
  
• 　　The portgroups connected to the virtual switch must have an appropriate VLAN ID specified.
  
• 　　For more information, see:
  
  
  
  
  • 　　Configuring a VLAN on a portgroup (1003825)
    
  • 　　Configuring Virtual Switch VLAN Tagging (VST) mode on a vNetwork Distributed Switch (1010778)
    
    
    
  　　
  
  
  
• 　　For a sample of VST, see Sample configuration of virtual switch VLAN tagging (VST Mode) (1004074).
  
• 　　See this example snippet of code from a Cisco switch port configuration:
  
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan x,y,z
  spanning-tree portfast trunk
  

Note: The Native VLAN is not tagged and thus requires no VLAN ID to be set on the ESXi/ESX portgroup.

Virtual Guest Tagging (VGT)

• 　　All VLAN tagging is performed by the virtual machine.
  
• 　　You must install an 802.1Q VLAN trunking driver inside the virtual machine.
  
• 　　VLAN tags are preserved between the virtual machine networking stack and external switch when frames are passed to/from virtual switches.
  
• 　　Physical switch ports are set to trunk port.
  
• 　　For more information, see Sample configuration of virtual machine (VM) VLAN Tagging (VGT Mode) in ESX (1004252).
  
• 　　See this example snippet of code from a Cisco switch port configuration:
  
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan x,y,z
  spanning-tree portfast trunk
  

For additional information on these configurations, see VMware ESX Server 3: 802.1Q VLAN Solutions.
Additional Information
For translated versions of this article, see:

• 　　Português: Configurao de VLAN em switch virtual, switch físico e máquinas virtuais (2018937)
  

Tags
esx esx-networking network-security
See Also

• 　　Configuring a VLAN on a portgroup (1003825)
  

• 　　Sample configuration of virtual switch VLAN tagging (VST Mode) (1004074)
  

• 　　Sample Configuration - ESX/ESXi connecting to physical switch via VLAN access mode and External Switch VLAN Tagging (EST Mode) (1004127)
  

• 　　Sample configuration of virtual machine VLAN Tagging (VGT Mode) in ESX (1004252)
  

• 　　Configuring Virtual Switch VLAN Tagging (VST) mode on a vNetwork Distributed Switch (1010778)
  

• 　　Configurao de VLAN em switch virtual, switch físico e máquinas virtuais (2018937)
  

Update History
02/08/2013 - Added ESXi 5.x and vCenter Server 5.x to Products04/18/2013 - Added link to article 1003825  



Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.