Hello Guys!
After little break I am back again ! I was busy with new infrastructure of our new office and could not find chance to get these things done…
So! We are going to configure our VM machines in different VLAN’s in our LAB we do have firewall (That is VM too) and we are going to configure VLAN’s on firewall. (#pfsense)
But on live network environments we do use L3 and L2 switches / routers to get this job done. (Either way it give ability to secure your network and separate them from each other etc.)
Let’s start with PFSENSE configuration first;
I am using VLAN 13 and for this VLAN I am going to use 10.13.1.0/24 subnet. I am going to create that as an interface on my firewall and going to give an access rule. After that as a final I will crate VLAN on ESXI.
We are going to see as default OPT xx. and than we will set this as we want to see. (It will make it easier to remember and understand which interface going to which source or other way around, in this case it will help us to generate rules on our firewall too. But again this is test lab and it can be different on live environments via Layer3 or L2 type of switches.)
Now we are going to select VLAN ip slot details!
“add a new gateway” also important to configure a new gateway IP for this VLAN.
It is now giving our configuration details, all we need to do is final check and than click green APPLY button !
Now time to get ESXI host configured, let’s start that section;
This part is a bit important for me;
If we want to use VLAN on a physical port, we can create a new switch and we can define the VLAN on this physical port that also might help to isolate the traffic on it. I am going use same switch as it is.
Once we are done with this configuration, we can see the VLAN on this ESXI host. But one more important part is we need to do this configuration on all ESXI host devices.
We can see the VLAN ready, via Distributed Switch we can make same thing easily with just one step !
Time for TEST !
We need to give an IP address to our virtual machine (VM1) from VLAN13 and after that we need to move VM’s network card under VLAN13 section.
My DC is 10.1.1.1 and according to this I am giving VM1 ip slot as you see below
Changing the network card for VLAN13 ;
Now test time to ping it !
And results are perfect !
10.13.1.254 is IP of the firewall and my DC (Which is 10.1.1.1) got access directly and got TTL=64 BUT VM1 is using VLAN13 and because of this reason TTL value is 127 ! It means they are connected via VLAN.
I hope you guys likes this and please let me know if you guys having any questions in your mind ! I’ll try to make another topic & deep dive regarding Distributed Switches on VMWARE ESXI environment.