Dell VRTX Running ESXi And VLAN Setup

Hi,

I think if you're using ESXi with multiple VLANs (like VLAN10 for vMotion/internal and VLAN100 for management), make sure your switch ports are set to trunk mode so ESXi can see both VLANs. For NICs that only need one VLAN (like management), use access mode and assign VLAN100.

On the ESXi side:

• Create port groups: one for VLAN10, one for VLAN100.
• Assign the right VLAN IDs.
• Attach your VMkernel NICs to the correct port groups.
• And make sure your physical NICs are plugged into trunk ports on the switch.

Hope that helps!

@DELL-Erman O Thank you for that wonderful explanation, but I only have two physical NIC's per blade server. I have that same infrastructure already setup you explained above, but it is all on VLAN10 (vMotion/Internal/Management) currently and each vSwitch is set to VLAN4095 for testing purposes only. I tested VLAN100 yesterday and that is the management port and got it to work and as mentioned I was able to ping the assigned address (192.168.100.x) and got a reply but was not able to get to the management page of the ESXi host as from what I read it needs to be access port.

Currently the R1-2401 Switch is configured for Trunk mode on both external and internal ports for each blade just to get both VLAN10 and VLAN100 to work.

What I am not clear on is utilizing two physical ports on the blade side and switch side for VLAN setup on the R1-2401 switch. As mentioned they are both setup for trunk mode so then I have no idea how to create an access port on the physical port of the Blade, because the Emulex 10GB Emulex Mezzanine card has ONLY two physical Nics, but when I enable Virtualization mode they are not showing up on the switch side to assign them an actual VLAN tag to be configured as an access port or even a trunk. I need some assistance with the R1-2401 switch configuration with putting the 10 GB Emulex Mezzanine in Virtualization Mode with 8 Nic's and carving out the VLAN's. 

Do you know of instructions for the 10GB Emulex Mezzanine Card? I have searched and found none at all. 

This R1-2401 switch has been a thorn in my side for a while now. I know a port can not be an access port and a trunk port at the same time.

Thank you for your help.

Hello,

 

As far as the VRTX configuration, you can have all ports on the VRTX configured as “switchport mode trunk”, native vlan 10, and all scenarios will be covered with that configuration. You do not have a specify a list of vlans to be tagged, all vlans will be allowed to go through. When the server sends untagged frame it will show up in vlan 10. The frames that arrive with a “tag” from the server will show up in the respective vlan in the VRTX based on the tag value in the frame. This is all that is needed on the VRTX. Let us know if something is still not working and if you are requiring assistance on the server side.

@DELL-Charles R​ Thank you again Charles for the wonderful explanation, but how does the VRTX know if the port on the vSwitch is an access port or not? How would the VRTX know if a packet from VLAN 10 needs to go to say VLAN100 if it is not tagged on the R1-2401 switch? My management needs to be an access port only and from what I read its own physical port, but again I could be wrong. I am just trying to understand for clarification purposes.

Wouldn't VLAN100 need to be allowed in the trunk? So I would add the command "switchport trunk allowed vlan 100 for all interfaces external and internal?

Thank you kindly. You have been a big help with this!

Hello,

 

Hello,

The VRTX is not expected to do routing. Routing is usually a function of your router that is connected to the uplink. So we would not expect to go from vlan 10 to vlan 100 at the VRTX. VRTX is like a “pipe”, it does not change anything in the frame. The frame comes from the server and goes out to the uplink unchanged. The server determines what vlan tag to append to the frame. The VRTX just looks at that vlan tag and puts the frame in the correct vlan.

 

If you have configuration like the example below “switchport mode trunk” on all ports internal and external without any vlans in the list, a frame with a tag for vlan 100 will go through ok.

 

console(config)# interface range gi1/1 – gi1/4

console(config-if-range)# switchport mode trunk    

console(config-if-range)# switchport trunk native vlan 10

console(config-if-range)# no shutdown

console(config-if-range)# exit

 

For vlan 10, it again depends how the server sends it. The server should not send sometimes tagged, sometimes untagged for vlan 10. Whether the server sends tagged frame for vlan 10 or untagged frame, it will go through.

Hello @DELL-Charles R I understand the VRTX will not do any sort of routing. The switch in the VRTX is just doing VLAN tagging and nothing more.

My firewall does does all the routing and my Cisco switches are configured for VLAN tagging via Switchport trunk mode and allowing VLAN10 and VLAN100 and all it does is forward all the packets to the correct VLAN. So I am performing a trunk on my Cisco switches and the R1-2401 switch as well and the configuration on my Cisco switch applies to the VRTX external ports Gi0/1 - Gi08. You mention “uplink”, where is that configuration in the switch? The main issue is the R1-2401 switch in the VRTX that is hindering my progress.

I want to be able to assign a vSwitch say vSwitch2 to a physical NIC port and then tag the interface with VLAN100 as an access port , but I only have two physical NIC’s until I use the Virtual LAN mode on the Emulex 10GB Messanine Card. How do I accomplish that? This is what VMWare mentions in there best practices as each the managment and the vMotion need to be access ports and NOT on a trunk.

My router is not in a tagged VLAN yet for this very reason until I get this figured out and tested. I should be able to prove all this by leaving it untagged.

Thank you.

@DELL-Charles R Here are the results of my testing so far just on Vlan10 on the vSwitch1 with just server traffic and I am remote desktop into the windows machine and lose connectivity instantly and untag to None(0) and it works just fine. I added the command "switchport access vlan 10" to the ports on my test host and got the same results. See current config below:

interface gigabitethernet0/3
 switchport mode trunk
 switchport access vlan 10
 switchport trunk native vlan 10
!
interface gigabitethernet0/4
 switchport mode trunk
 switchport access vlan 10
 switchport trunk native vlan 10

and 

interface gigabitethernet2/1
 switchport mode trunk
 switchport access vlan 10
 switchport trunk native vlan 10
!
interface gigabitethernet2/2
 switchport mode trunk
 switchport access vlan 10
 switchport trunk native vlan 10

Another issue I noticed with the config on port gigabitEthernet0/1 when I remove the two lines. See below:

switchport trunk allowed vlan remove 1-9,11-19,21-29,31-39,41-99

switchport trunk allowed vlan remove 101-4094

I lose total connectivity to everything in my ESXi environment. As soon as I add those two lines back everything comes back online and I was doing this on my active node. Please keep in mind nothing is tagged at all as no VLAN's applied. The config for that interface is below:

interface gigabitethernet0/1
 switchport mode trunk
 switchport access vlan 10
 switchport trunk native vlan 10
 switchport trunk allowed vlan remove 1-9,11-19,21-29,31-39,41-99
 switchport trunk allowed vlan remove 101-4094

and this looks nothing like this configuration. See below:

interface gigabitetherneti0/1
 switchport mode trunk

 switchport access vlan 10

 switchport trunk allowed vlan add 10,20,30
 switchport trunk native vlan 10
 no shutdown

Three questions:

1. Why do those two lines need to be added back as according to what you said I should NOT need those and only need the native VLAN10?

2. Why does the configuration of GigbitEthernet0/1 look different in first config then in the second config?

3. Is there a CLI switch or setting I need to fix?

I am at a total loss here, because I am not seeing what the actual working config should look like. Thank you in advance.