VLAN handling in virtual switches

VLAN handling in virtual switches

 

There are 3 modes of accessing VLANs in vswitches on esxi.

 

• EST (External Switch Tagging)
• VST (Virtual Switch Tagging)
• VGT (Virtual Guest Tagging)

EST (External Switch Tagging)
 

In this method your physical switch port is configured as Access port, and no VLAN configured on virtual port group, Physical switch handle VLAN tagging. vSwitches receives untagged traffic. Downside of this method it will consume lots of NICs, if you want to use different VLANs

 

 

VST (Virtual Switch Tagging)

 

This is the very common, popular and recommended best method. Virtual Port Groups are configured with VLAN. To work this design connected physical switch port should be configured as Trunk port and can be configured with either one VLAN or multiple VLANs. Traffic with VLAN tag is sent down to vSwitches. vSwitches will forward that traffic to concerned port group by stripping the VLAN tag. Tagging is added when traffic is left from vSwitches to uplink port. There is little CPU cycle involved using this technique.

 

 

VGT (Virtual Guest Tagging)

Configuration for this method is as same as VST at physical switch. Physical switch port should be configured as trunk. Actual VLAN is configured on VM in the virtual NIC settings and VLAN 4095 configured on virtual port group. (4095 can read all VLANs traffic, this VLAN is generally used for monitoring or sniffing traffic)

 

VLAN id option in vmxnet3 Ethernet adapter only.