Private VLANs

Private VLANs are used to solve VLAN ID limitations and waste of IP addresses for certain network setups. A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. Primary VLANs are Promiscuous, so that ports on a private VLAN can communicate with ports configured as the primary VLAN. Ports on a secondary VLAN can be either Isolated, communicating only with promiscuous ports, or Community, communicating with both promiscuous ports and other ports on the same secondary VLAN.

To use private VLANs between a host and the rest of the physical network, the physical switch connected to the host needs to be private VLAN-capable and configured with the VLAN IDs being used by ESXi for the private VLAN functionality. For physical switches using dynamic MAC+VLAN ID based learning, all corresponding private VLAN IDs must be first entered into the switch’s VLAN database.

How To Create a Private VLAN

You can create a private VLAN for use on a vSphere distributed switch and its associated distributed ports.

Procedure

1. Log in to the vSphere Client and select the Networking inventory view.
2. Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.

image

3. Select the Private VLAN tab.

4 Under Primary Private VLAN ID, click [Enter a Private VLAN ID here], and enter the number of the primary private VLAN. I’ve entered 777

SNAGHTML59177bb

5 Click anywhere in the dialog box, and then select the primary private VLAN that you just added. The primary private VLAN you added appears under Secondary Private VLAN ID.

SNAGHTML5932143
6 For each new secondary private VLAN, click [Enter a Private VLAN ID here] under Secondary Private VLAN ID, and enter the number of the secondary private VLAN.

7 Click anywhere in the dialog box, select the secondary private VLAN that you just added, and select either Isolated or Community for the port type.

SNAGHTML59535eb

8 Click OK.

Add a Distributed Port Group with PLVAN enabled

Add a distributed port group to a vSphere distributed switch to create a distributed switch network for your virtual machines which needs PVLAN

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.
2 Select Inventory > vSphere Distributed Switch > New Port Group.
3 Enter a Name and the Number of Ports for your new distributed port group.
4 Select a VLAN Type, as Private VLAN

5 From down menu of Private VLAN Entry: select appropriate VLAN

SNAGHTML59d5c11

5 Click Next.
6 Click Finish.

 

Note Before removing a private VLAN, be sure that no port groups are configured to use it.