Yes, that is the IP of the VM itself.

OK, you'll need to create a new port group(s) with a VLAN tag(s) to get to the appropriate networks. Go to Host and Cluster --> Configuration Tab --> Networking --> Properties --> Add --> VM Networking and then add in the port group properties. Also, you should consider separating the Service Console away from the virtual machines and vMotion if possible onto separate vSwitches. This is a security best practice. You'll need additional pNICs to host the separate vSwitches.

I'm on Configuration > Networking > i see the Virtual Switch: vSwitch0 and the VM's listed underneathe it. If i hit properties on that one i see the VM Network. If i click Add, i see Virtual Machine (Add a labeled network to handle virtual machine network traffic) and VMKernel and Service Console. Can you clarify it a little?

Thanks!

swisst, I agree with you on that. But unfortunately, i can't re-ip them right now. I will be doing that in the future, but i have a couple of different subnets that need to go on this box. We are trying to consolidate these and then we will re-ip everything to be on the 10.10.x.x subnet.

ah ok, got ya.

you would need to implement a couple of new pNICs that are physically attached to the required subnets, upon these you will need to create new vSwitches and connect your guests to these.

I think you should be able to change your IP addresses on the P2V'd guests if you booted them into Safe mode.

Yeah, i could change them, but that will require alot of DNS changes that we can't make at the moment.

Adam, the only network that can be seen will be the native VLAN on that vSwitch. There isn't a way for the the VLAN tag assignment to occur now unless you're using the OS to perform that action (usually Linux only). If you setup a separate port group and add the VLAN ID to that port group, you should be able to get your 10.0.x.x VMs to see the appropriate VLAN. Once you setup the VLAN IDs on new port groups, you'll need to change the VMs network label to match the correct port group.

If the pNIC has been specifically allocated a certain VLAN on the pSwitch then there's not a lot you can do with VLAN tagging.

You may be able get your friendly neighbouhood network chap to reconfigure your pSwtich port to create a trunk port.

Basically this would leave the port open to allow VLAN tagging within the esx port group to indicate which network you wish to access...

you could in theory then add several port groups with different VLAN tags to the same pNIC.

...to be fair I haven't seen this working and when I asked my network chap he started shaking his head whilst stroking his chin, he added in theory it should work but it removed someof the controls that he had put in place.

I must admit I am with him.

one pSwitch port = one VLAN....

It appears that the configuration is trunked based on what was mentioned eariler. "The network port on the switch is fully open to accept any VLAN." If this is the case, then the multiple VLANs are traversing over vmnic0 as illustrated in previously attached jpg. Since this is a trunked connection and not an access port, VLAN assignment must occur somewhere (OS or vSwitch). If I had to guess, the vast majority of implementations are using VLAN tagging on the vSwitch as the mechanism to assign VMs to specific networks on a trunked port. I personally have 21 VLANs (aka Port Groups) traversing two pNICs into a single vSwitch.

Hello,

I am with your network guy and at the same time not. Your network guy things the pSwitch is the edge switch in his network and quite frankly it is not, there is a vSwitch that is the real edge switch.

The network team should be able to see, manipulate and manage those edge switches. If you use the Nexus 1000V you would get this capability, but with the regular VMware vSwitch the virtualization admin needs to give the networking folks the controls to do what is necessary.

So now you have to work with the network folks to allow you to do VST, else you may have some serious cabling issues. In the case mentioned, you would need 21 network ports to support a 1 to 1 mapping between pNIC/VLAN. This is just not optimal.

Instead I would say the pNIC is used to distinguish the difference between 'security' zones not VLANs themselves. Unless you are also using VLANs as a security mechanism (which they are not).

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]