Knowledgebase

  2. Home
  4. Knowledgebase
  6. VMware vSphere (ESXi)
  8. Configure Single Physical NIC for VMware vSphere (ESXi)

Configure Single Physical NIC for VMware vSphere (ESXi)

Although it is recommended to dedicate separate physical NIC’s for lan0 and wan0, in certain cases only a single NIC might be available for Wanos and worth the compromise.

Things to consider when only one physical NIC is available:

  • Performance compromise, traffic will traverse the same interface at least twice.
  • The bridge appliance will bridge traffic from the lan0 to the wan0 and vice versa. Bridge loops can still occur.
  • To split the single NIC traffic into two virtual interfaces, two VLAN’s are required, the inside lan0 VLAN and the outside wan0 VLAN.
  • Promiscuous mode needs to be enabled on portgroup level and not vswitch level. In other words promiscuous is disabled (reject) for the vswitch and enabled for the outside and inside VLAN’s.
  • VMware is not native VLAN aware. Use normal VLAN’s to ensure the traffic flow is predictable.
    For more flexibility, Routed mode has been added to use a single physical and virtual NIC.

Caveats:

  • On a Cisco switch and possibly other spanning-tree enabled switches, spanning-tree bpdufilter enable is required on the trunk interface between the host NIC and the switch.
  • The switch can’t also be the gateway for the inside lan0 VLAN if it’s a Layer3 switch. On the switches tested, frames were implicitly dropped on the trunk if the destination MAC was also the one of the switch local MAC addresses. This is either a feature or a bug, either way take note that the gateway needs to be another L3 switch, router or firewall.

Example:

Example Vswitch

Switch Config:

interface FastEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 30,101
  switchport mode trunk
  spanning-tree portfast trunk
  spanning-tree bpdufilter enable

Credit goes to spoonzw

Two notes to remember with a single NIC setup:

  • Promiscuous needs to be enabled on the Portgroup / VLAN level (i.e. not vSwitch).

Portg Goup Promiscuous Mode

  • Depending on the switch config, bpdufilter might be required.
interface FastEthernet0/5
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 30,101
  switchport mode trunk
  spanning-tree portfast trunk
  spanning-tree bpdufilter enable

 




Tags ,
Was this article helpful to you? Yes No

How can we help?