Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
|
Identify types of VLANs and PVLANs: VLAN
|
Networking, pages 27 - 28, 52, 68
Virtual LAN (VLAN) - is a mechanism to divide a broadcast domain into several logical broadcast domains. |
|
|
Identify types of VLANs and PVLANs: PVLAN
|
Networking, pages 27 - 28, 52, 68
Private VLAN (PVLAN) - is an extension to the VLAN standard, already available in several (more recent) physical switches). It adds a further segmentation of the logical broadcast domain, to create "Private" groups. There is no encapsulation of a PVLAN inside a VLAN, everything is done with one tag per packet. A Private VLAN is further divided into the groups: Primary PVLAN and Secondary PVLANs |
|
|
Identify types of VLANs and PVLANs: Primary PVLAN
|
Networking, pages 27 - 28, 52, 68
The original VLAN that is being divided into smaller groups is called Primary, and all the secondary PVLANs exist only inside the primary. This Primary PVLAN is designated as promiscuous by default as it has to be able to communicate with all Secondary PVLANs. |
|
|
Identify types of VLANs and PVLANs: Secondary PVLAN
|
Networking, pages 27 - 28, 52, 68
The secondary PVLANs exist only inside the primary. Each secondary PVLAN has a specific VLAN ID associated to it, and each packet travelling through it is tagged with an ID as if it were a normal VLAN. The physical switch associates this behavior (isolated, community, or promiscuous) depending on the VLAN ID found in each packet. |
|
|
Identify types of VLANs and PVLANs: Promiscuous Secondary PVLAN
|
Promiscuous - A node attached to a port in a promiscuous secondary PVLAN may send and receive packets to any node in any others secondary VLAN associated to the same primary. Routers are typically attached to promiscuous ports.
|
|
|
Identify types of VLANs and PVLANs: Isolated Secondary PVLAN
|
Isolated - A node attached to a port in an isolated secondary PVLAN may only send to and receive packets from the promiscuous PVLAN.
|
|
|
Identify types of VLANs and PVLANs: Community Secondary PVLAN
|
Community - A node attached to a port in a community secondary PVLAN may send to and receive packets from other ports in the same secondary PVLAN, as well as send to and receive packets from the promiscuous PVLAN.
|
|
|
Determine use cases for VLAN Trunking
|
If you have multiple VLANs in place for logical separation, or if you want to isolate your VM traffic because you have a limited amount of physical uplink ports dedicated to your ESXi hosts, you would use VLAN trunking.
Port groups are created and tagged with the required VLAN IDs. Each of the vmnics is bonded together in and is configured to "trunk" the various VLANs. Alternatively, you may need to provide VLAN tagging at the virtual machine level, for example: 802.1Q VLAN trunking driver is required inside the virtual machine. |
|
|
Configure VLAN Trunking: GUI
|
From Inventory -> Hosts and Clusters
1. Select a host. 2. Click on the Configuration tab. 3. Select Networking. 4. On the vSwitch you want to modify, select Properties. 5. On the Ports tab, select the portgroup to modify and click Edit. 6. Click the General tab. 7. Set a VLAN ID. 7. Alternatively, set the VLAN ID to 4095 for trunking at the virtual machine level. |
|
|
Configure VLAN Trunking: command-line
|
esxcli network vswitch standard portgroup set -v <VLAN ID> -p <portgroup name>
|
|
|
Determine use cases for PVLANs
|
Private VLANs (PVLANs) provide additional security between virtual machines on the same subnet, without exhausting VLAN number space.
PVLANs are particularly useful on a DMZ where the server needs to be available to external connections and possibly internal connections, but rarely needs to communicate with other servers on the DMZ. |
|
|
Configure PVLANs
|
From Inventory -> Networking
1. Right-click the dvSwitch and select Edit Settings. 2. Click o the Private VLAN tab. 3. On the Primary tab, add the VLAN that is used outside of the PVLAN domain. 4. On the secondary tab, create the PVLANs of the desired type. Enter a VLAN in the VLAN ID field. 5. Select the Type for the Secondary VLAN. 6. Click OK |
|
|
Set PVLAN on dvPortGroup
|
1. Expand the dvSwitch.
2. Highlight the dvPortgroup and click Edit Settings. 3. Click Policies. 4. In the left-hand pane, click the VLAN drop-down box and set the VLAN type to Private VLAN. 5. Select VLAN from the Private VLAN entry drop-down. |
