How vSphere sees VLANs
Share this page:-Virtual Switch (vSwitch): Manages virtual machine and networking at the host level. There is NEVER a direct connection between two vSwitches, and the Spanning Tree is OFF. So EAST-WEST Traffic is NOT ALLOWED between the vSwitches, and the only way out of the vSwitch is via UPLINKs (physical interconnections with the Physical Switch, NIC=VMNIC) that are Teamed to work as one link. There is a variety of ways of teaming them (Active-Standby, LACP etc.).
Since Spanning-Tree is not running at all, be sure to do BPDUGUARD and PORTFAST TRUNK on the physical ports of the Switch.
The existence of VLANs is inevitable in any kind of L2 environment, but in the case of vSphere, there are 3 methods to configure them:
- EST (External Tag Switching), which is a default method, and all Port Groups on a vSwitch are in VLAN 0. The Physical Switch facing the host needs to be set to an Access Mode (any VLAN will work, depends on your network), because the traffic is coming untagged.
- VST (Virtual Switch Tagging), which means that you basically create a new port group and put it into the VLAN you want, and the VLAN is automatically created on the vSwitch. The Physical Switch needs to have the ports defined as Trunk.
- VGT (Virtual Guest Tagging), when you want to TRUNK to the actual VMs (VM receives the packets with dot1q Trunk with various VLANs). To do this, you need to set the VLAN to be All (4095).