6

In our lab, we have static IPs assigned to everything. We have less than 20 devices, some physical and some virtual on ESXi, ranging from servers to android tablets. Everything is wired ethernet. There are 3 VLANs on the switch. Our virtual linux machines work fine because the vSwitch seems to apply the tags, but our physical Linux machines need to have their ifcfg-eth0 interface changed to be ifcfg-eth0.20 in order to participate with the network. Our Android tablet with ethernet dongle cannot create this new ethernet config for vlan tagging the way linux does, due to it not being rooted and there are no tools for wired vlan setups as far as I know. (It is Android 4.0.)

Shouldn't the switch be responsible for tagging the network traffic based on a machine's subnet and the ports it is plugged into? Why do the physical Window's machines seem to handle the VLAN without extra setup, but the Linux physical machines need a new interface config to see traffic? Shouldn't the physical switch be able to do this the same way the vSwitch is doing it for our Virtual machines?

I just want the Android device to consume services from the VMs and Windows machines, but I can't even ping them or the gateway because the VLAN can't be set manually on the device.

Xenophod
  • 61
  • 1
  • 4

2 Answers2

8

Shouldn't the switch be responsible for tagging the network traffic based on a machine's subnet and the ports it is plugged into?

VLAN's are a Layer 2 construct and IP addresses are a Layer 3 construct. There's no direct relationship between a VLAN and an ip address.

It sounds to me like you have your switch ports configured as tagged ports for your VLAN's and you probably shouldn't have them configured as such. When a switch port is tagged then the switch inserts a VLAN tag in the frame and the endpoint connected to that switch port is responsible for dealing with that VLAN tag. Normally, you don't want or need VLAN tagging except for the trunk ports on your switches. Most VLAN traffic transits the switch untagged. The switch knows to which VLAN the traffic belongs and will move it between switch ports as appropriate based on VLAN. A trunk port normally carries traffic for more than one VLAN between switches and therefore needs those frames to be tagged so that the receiving switch knows to which VLAN the traffic belongs.

It sounds like you're using VST (Virtual Switch Tagging) on your ESXi vSwitches, which would explain why your virtual machines work. The vSwitch is handling the VLAN tags.

I suspect that the Windows machines are connected to the native/default VLAN, which is untagged, which explains why they are working.

So to summarize my assumptions:

Your physical Windows machines are working because they're connected to switch ports in the native/default VLAN, which is untagged, and they require no VLAN tag in their NIC configuration.

Your virtual machines work because the ESXi vSwitch is managing the VLAN tags.

Your other devices aren't working because they're not in the native/default VLAN and you have your VLAN ports configured as tagged and the NIC configuration of those machines isn't configured with the appropriate VLAN ID and therefore can't deal with the VLAN tagged traffic.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
4

You really shouldn't be in a situation where you set VLAN tags on an actual client device. There's too much administrative overhead and it's simply not scalable.

Instead, you should set the relevant switch ports for the devices to be untagged (or native) for the desired VLAN.

VMware is an exception to this, but the parallel would be understanding why tags aren't set in the guest OS versus the vswitch.

ewwhite
  • 194,921
  • 91
  • 434
  • 799