ESXi requires one IP address for the management network. To configure basic network settings, use the vSphere Client or the direct console.

Use the vSphere Client if you are satisfied with the IP address assigned by the DHCP server.

Use the direct console for network configuration in the following cases:
  • You are not satisfied with the IP address assigned by the DHCP server.
  • You are not allowed to use the IP address assigned by the DHCP server.
  • ESXi does not have an IP address. This situation might occur if the autoconfiguration phase did not succeed in configuring DHCP.
  • The wrong network adapter was selected during the autoconfiguration phase.

Use ESXCLI commands to configure your network settings. See esxcli network Commands.

Network Access to Your ESXi Host

The default behavior is to configure the ESXi management network using DHCP. You can override the default behavior and use static IP settings for the management network after the installation is completed.

Table 1. Network Configuration Scenarios Supported by ESXi
Scenario Approach
You want to accept the DHCP-configured IP settings. In the ESXi direct console, you can find the IP address assigned through DHCP to the ESXi management interface. You can use that IP address to connect to the host from the vSphere Client and customize settings, including changing the management IP address.

One of the following is true:

  • You do not have a DHCP server.
  • The ESXi host is not connected to a DHCP server.
  • Your connected DHCP server is not functioning properly.

During the autoconfiguration phase, the software assigns the link local IP address, which is in the subnet 169.254.x.x/16. The assigned IP address appears on the direct console.

You can override the link local IP address by configuring a static IP address using the direct console.
The ESXi host is connected to a functioning DHCP server, but you do not want to use the DHCP-configured IP address.

During the autoconfiguration phase, the software assigns a DHCP-configured IP address.

You can make the initial connection by using the DHCP-configured IP address. Then you can configure a static IP address.

If you have physical access to the ESXi host, you can override the DHCP-configured IP address by configuring a static IP address using the direct console.
Your security deployment policies do not permit unconfigured hosts to be powered on the network. Follow the setup procedure in Configure the Network Settings on a Host That Is Not Attached to the Network.

ESXi Networking Security Recommendations

Isolation of network traffic is essential to a secure ESXi environment. Different networks require a different access and level of isolation.

Your ESXi host uses several networks. Use appropriate security measures for each network, and isolate traffic for specific applications and functions. For example, ensure that VMware vSphere® vMotion® traffic does not travel over networks where virtual machines are located. Isolation prevents snooping. Having separate networks is also recommended for performance reasons.

  • vSphere infrastructure networks are used for features such as vSphere vMotion, VMware vSphere Fault Tolerance, VMware vSAN, and storage. Isolate these networks for their specific functions. It is often not necessary to route these networks outside a single physical server rack.
  • A management network isolates client traffic, command-line interface (CLI) or API traffic, and third-party software traffic from other traffic. In general, the management network is accessible only by system, network, and security administrators. To secure access to the management network, use a bastion host or a virtual private network (VPN). Strictly control access within this network.
  • Virtual machine traffic can flow over one or many networks. You can enhance the isolation of virtual machines by using virtual firewall solutions that set firewall rules at the virtual network controller. These settings travel with a virtual machine as it migrates from host to host within your vSphere environment.

Choose Network Adapters for the Management Network

Traffic between an ESXi host and any external management software is transmitted through an Ethernet network adapter on the host. You can use the direct console to choose the network adapters that are used by the management network.

Examples of external management software include the vCenter Server and SNMP client. Network adapters on the host are named vmnic N, where N is a unique number identifying the network adapter, for example, vmnic0, vmnic1, and so forth.

During the autoconfiguration phase, the ESXi host chooses vmnic0 for management traffic. You can override the default choice by manually choosing the network adapter that carries management traffic for the host. In some cases, you might want to use a Gigabit Ethernet network adapter for your management traffic. Another way to help ensure availability is to select multiple network adapters. Using multiple network adapters enables load balancing and failover capabilities.

Procedure

  1. From the direct console, select Configure Management Network and press Enter.
  2. Select Network Adapters and press Enter.
  3. Select a network adapter and press Enter.

Results

After the network is functional, you can use the vSphere Client to connect to the ESXi host through vCenter Server.

Set the VLAN ID

You can set the virtual LAN (VLAN) ID number of the ESXi host.

Procedure

  1. From the direct console, select Configure Management Network and press Enter.
  2. Select VLAN and press Enter.
  3. Enter a VLAN ID number from 1 through 4094.

Configuring IP Settings for ESXi

By default, DHCP sets the IP address, subnet mask, and default gateway.

For future reference, write down the IP address.

For DHCP to work, your network environment must have a DHCP server. If DHCP is not available, the host assigns the link local IP address, which is in the subnet 169.254.x.x/16. The assigned IP address appears on the direct console. If you do not have physical monitor access to the host, you can access the direct console using a remote management application. See Using Remote Management Applications

When you have access to the direct console, you can optionally configure a static network address. The default subnet mask is 255.255.0.0.

 Configure IP Settings from the Direct Console

If you have physical access to the host or remote access to the direct console, you can use the direct console to configure the IP address, subnet mask, and default gateway.

Procedure

  1. Select Configure Management Network and press Enter.
  2. Select IP Configuration and press Enter.
  3. Select Set static IP address and network configuration.
  4. Enter the IP address, subnet mask, and default gateway and press Enter.

Configure IP Settings from the vSphere Client

If you do not have physical access to the host, you can use the vSphere Client to configure static IP settings.

Procedure

  1. Log in to the vCenter Server from the vSphere Client.
  2. Select the host in the inventory.
  3. On the Configure tab, expand Networking.
  4. Select VMkernel adapters.
  5. Select vmk0 Management Network and click the edit icon.
  6. Select IPv4 settings.
  7. Select Use static IPv4 settings.
  8. Enter or change the static IPv4 address settings.
  9. (Optional) Set static IPv6 addresses.
    1. Select IPv6 settings.
    2. Select Static IPv6 addresses.
    3. Click the add icon.
    4. Type the IPv6 address and click OK.
  10. Click OK.

Configuring DNS for ESXi

You can select either manual or automatic DNS configuration of the ESXi host.

The default is automatic. For automatic DNS to work, your network environment must have a DHCP server and a DNS server.

In network environments where automatic DNS is not available or not desirable, you can configure static DNS information, including a host name, a primary name server, a secondary name server, and DNS suffixes.

Configure DNS Settings from the Direct Console

If you have physical access to the host or remote access to the direct console, you can use the direct console to configure DNS information.

Procedure

  1. Select Configure Management Network and press Enter.
  2. Select DNS Configuration and press Enter.
  3. Select Use the following DNS server addresses and hostname.
  4. Enter the primary server, an alternative server (optional), and the host name.

Configure DNS Suffixes

If you have physical access to the host, you can use the direct console to configure DNS information. By default, DHCP acquires the DNS suffixes.

Procedure

  1. From the direct console, select Configure Management Network.
  2. Select Custom DNS Suffixes and press Enter.
  3. Enter new DNS suffixes.

Configure the Network Settings on a Host That Is Not Attached to the Network

Some highly secure environments do not permit unconfigured hosts on the network to be powered on. You can configure the host before you attach the host to the network.

Prerequisites

Verify that no network cables are connected to the host.

Procedure

  1. Power on the host.
  2. Use the direct console user interface to configure the password for the administrator account (root).
  3. Use the direct console user interface to configure a static IP address.
  4. Connect a network cable to the host.
  5. (Optional) Use the vSphere Client to connect to a vCenter Server system.
  6. (Optional) Add the host to the vCenter Server inventory.