Virtual LANs (VLANs) enable a single physical LAN segment to be further isolated so that groups of ports are isolated from one another as if they were on physically different segments.

Benefits of Using VLANs in vSphere

The VLAN configuration in a vSphere environment provides certain benefits.

  • Integrates ESXi hosts into a pre-existing VLAN topology.

  • Isolates and secures network traffic.

  • Reduces congestion of network traffic.

Watch the video about the benefits and main principles in introducing VLANs in a vSphere environment.

VLAN Tagging Modes

vSphere supports three modes of VLAN tagging in ESXi: External Switch Tagging (EST), Virtual Switch Tagging (VST), and Virtual Guest Tagging (VGT).

Tagging Mode

VLAN ID on switch port groups

Description

EST

0

The physical switch performs the VLAN tagging. The host network adapters are connected to access ports on the physical switch.

VST

Between 1 and 4094

The virtual switch performs the VLAN tagging before the packets leave the host. The host network adapters must be connected to trunk ports on the physical switch.

VGT

  • 4095 for standard switch

  • Range of and individual VLANs for distributed switch

The virtual machine performs the VLAN tagging. The virtual switch preserves the VLAN tags when it forwards the packets between the virtual machine networking stack and external switch. The host network adapters must be connected to trunk ports on the physical switch.

The vSphere Distributed Switch supports a modification of VGT. For security reasons, you can configure a distributed switch to pass only packets that belong to particular VLANs.

Note:

For VGT you must have an 802.1Q VLAN trunking driver installed on the guest operating system of the virtual machine.

Watch the video that explains the modes of VLAN tagging in virtual switches.