Author Topic: Re: Vmware ESXi single NIC with multiple Vlans  (Read 10910 times)

dave99

  • Member
  • ***
  • Posts: 3
    • View Profile
Re: Vmware ESXi single NIC with multiple Vlans
« on: January 24, 2015, 03:42:37 AM »
I was wondering if you could give any tips on this config where the firewall (pfsense) is also virtualized. Network config screenshot below. I'm hesitant to just wing it, as this would be for a remote home user about 1000 miles away, so if I get the config wrong and lose remote access, it would be difficult to fix.
Basic config:
cable modem comes into switch port 8/vlan 200
intel nuc/esxi switch port 7/ all vlans (100, 200, 300) trunk to pfsense
dell workstation switch port 6 / vlan 100
2 virtual servers / vlan 100
unfiltered personal internet switch ports 1,2,3 / vlan 300

The optimization I'm looking for would be for vlan 100: the workstation and the 2 virtual servers which connect via vpn to the main office. Ideally vlan 300 (the personal internet), would be untouched.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Re: Vmware ESXi single NIC with multiple Vlans
« Reply #1 on: January 24, 2015, 09:19:27 AM »
Hi dave99,

Are you looking for a config to place a wanos vm in the mix for the vlan 100 devices?
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

dave99

  • Member
  • ***
  • Posts: 3
    • View Profile
Re: Re: Vmware ESXi single NIC with multiple Vlans
« Reply #2 on: January 24, 2015, 05:30:57 PM »
Hi dave99,

Are you looking for a config to place a wanos vm in the mix for the vlan 100 devices?

yes, exactly.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Vmware ESXi single NIC with multiple Vlans
« Reply #3 on: January 27, 2015, 08:11:26 PM »
Hi Dave99,

Yes, I agree, its probably best not to just go ahead. Do you have an offline lab where the configs can be tested first?

The safest starting point would probably be to move the vlan-100 VM's to vlan-101. Wanos-lan0 would go into this 101-port-group and Wanos-wan0 into vlan-100 port-group. Enable promiscuous only on the port-group level. Create nice specific traffic rules for the VM's e.g. src-vm-1-IP  > dst-subnet

Once that is up and running and you are happy that everything is ok, then its possible to flip the switchport 6 for the dell workstation over to vlan-101. If it supports PVSTP and BPDU filter equivalents, enable those on switchport-7. If things do go horribly wrong then, a reboot of the switch could be a simple way to rollback that last risky change.

Apologies for not getting an answer for this sooner. I wanted to lab it up, but unfortunately not getting around to it, so here are at least the steps I was planning to do.

Good luck.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

dave99

  • Member
  • ***
  • Posts: 3
    • View Profile
Re: Vmware ESXi single NIC with multiple Vlans
« Reply #4 on: January 30, 2015, 04:57:52 AM »
Thanks, I'll give it a try. I don't have another NUC or the same switch (hp 1810g-8), but I have dell t110 with a single NIC and an sg300 switch to test in my lab.

I'll report back next week hopefully so the forum has an answer one way or the other.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: Vmware ESXi single NIC with multiple Vlans
« Reply #5 on: March 10, 2015, 12:30:19 AM »
Dave99,

Just a note, Routed mode has been added for more flexibility when it comes to limited NIC's.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs