Hello Sir !

we u recommend some time back to buy netgear managed switch for vlan i have purchased that expansive switch but now how to i configure vlan with switch and vlan in firewall and vmware and other guest os

presently i am using normal switch and connected all cables to that normal switch my firewall and all guest are working but there is lot of icmp packets and vmware crash some times

can u please recommend how do i configure vmware vlan to netgear switch
I have only 1 physical network card installed

thanks

If you have a single NIC connected to a switch then you'll need to configure that port as a trunk port. That will allow the port to pass any VLAN tagged traffic. Lets say you'll use VLAN 200 for Internet traffic. You'll configure your ISP router port with that VLAN and you'll then create a vSWitch with a virtual machine port group set to use VLAN 200. Your VM firewall will have a vNIC on that VM port group.

For your LAN if you use VLAN 100, you'll create another VM port group with VLAN 100. The VM firewall will have it's internal vNIC on that VM port along with any VMs on the LAN. Any physical LAN hosts should be connected to ports configured with VLAN 100.

Hello Sir !

now i have purchase Netgear gs 108t switch which support vlan and i also purchaes ADSL router which support VLAN now the task i have to understand is

i am able to configure utm with stand alone system and dmz on vlan its working

1)how many Vswitch i will require
2)how do i assign this nic to guest
3)what additional networking i have to add
4)how many vlan i will require ?
5)do i have to assign or bridge this interface with utm ?
6)i am using 4 interface in use ,how many max interface i can add to vsphere 4.1 ?
7)4 gb ram should be ok to windows (windows server 2008 and ubuntu and utm =utm use 1.5 gb ram )

now i am using vsphere 4.1

thanks

Could you post a diagram of how you want things to look logically?

pleae check image

i have static ip from my isp

thanks

Let's say you'll use VLAN 100 for your LAN and 200 for the DMZ. The port for the XP physical machine will be configured with VLAN 100.

For the port(s) that connect to ESXi, you'll configured those as a trunk port (i.e. these ports will pass VLAN traffic without modifying the VLAN tag).

In ESXi you'll create a single vSwitch (with 1 or more NIC ports). Remember that each of the NIC ports of this vSwitch should be connected to a physical NIC port that is configured as a trunk.

Within the DCUI for ESXi you'll configure the management port for ESXi to use VLAN 100. That way you can connect to it from the XP workstation.

Create two virtual machine port groups. Each port group should be configured with the appropriate VLAN. You'll then configure your VMs to connnect to the appropriate port group. You won't have to configure a VLAN within the guest OS.

Sorry !

i think i made some mistake to explain the usage scenario

i am using UTM (unified threat management ) ,where i want to all traffic should come and filter traffic from utm /all incoming and outgoing traffic should go through UTM
my utm is vmware certified

my utm support vpn,dmz and lan ,and other stuff

internet>>utm>>dmz and lan
now where i should configure trunk ?
which device should be gateway ?


thanks

Will all the DMZ hosts be virtual?

again Sorry , if u mean my dmz guest/host are on vmware and separated ?

yes basically i want windows server 2008 and linux and they are on same network 192.168.3.100
other then this dmz i have no plan to add any other dmz

thanks

And the host just has one physical NIC port? Even if it has 2 it's best to go with both NIC ports in a single vSwitch.

So on the physical switch (and you don't have to use the exact ports I list)

Port 1 - VLAN 100 (Internet) - you'll plug the ISP router in here.

Port 2 - VLAN 200 (LAN) - you'll plug in the XP physical box

Port 3 - trunk port - you'll plug in ESXi (and the same for port 4, etc if you have multiple ESXi NIC ports


vSwitch0 - you'll configure the Management (VMkernel) port to run on VLAN 200 - this way you can manage it from the XP workstation

You'll end up with a total of 3 virtual machine port groups

- the default Virtual Machine port group you can set to VLAN 200 (any virtual machines on here get LAN acces

- Internet VM port group - VLAN 100 -

- DMZ VM port group - VLAN 300

Virtual machines
- the UTM VM will have 3 virtual NICs, each connected to each one of the virtual machine port groups

- DMZ VMs - one virtual NIC connected to the DMZ port group

etc.