VLAN policies determine how VLANs function across your network environment.
A virtual local area network (VLAN) is a group of hosts with a common set of requirements, which communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if not on the same network switch.
The scope of VLAN policies can be distributed port groups and ports, and uplink port groups and ports.
Configure VLAN Tagging on a Distributed Port Group or Distributed Port
To apply VLAN tagging globally on all distributed ports, you must set the VLAN policy on a distributed port group. To integrate the virtual traffic on the port with physical VLANs in a different way from the parent distributed port group, you must use the VLAN policy on a distributed port.
Prerequisites
To override a policy on distributed port level, enable the port-level override option for this policy. See Configure Overriding Networking Policies on Port Level.
Procedure
- On the vSphere Client Home page, click Networking and navigate to the distributed switch.
- Navigate to the VLAN policy on the distributed port group or distributed port.
Option Action Distributed port group - From the Actions menu, select .
- Select VLAN and click Next.
- Select the port group and click Next.
Distributed port - On the Networks tab, click Distributed Port Groups and double-click a distributed port group.
- On the Ports tab, select a port and click the Edit distributed port settings icon.
- Select VLAN.
- Select Override next to the properties to override.
- From the VLAN type drop-down menu, select the type of VLAN traffic filtering and marking, and click Next.
Option Description None Do not use VLAN. Use this option in case of External Switch Tagging.
VLAN Tag traffic with the ID from the VLAN ID field. Type a number between 1 and 4094 for Virtual Switch Tagging.
VLAN Trunking Pass VLAN traffic with ID within the VLAN trunk range to guest operating system. You can set multiple ranges and individual VLANs by using a comma-separated list. For example: 1702-1705, 1848-1849. Use this option for Virtual Guest Tagging.
Private VLAN Associate the traffic with a private VLAN created on the distributed switch. - Review your settings and apply the configuration.
Configure VLAN Tagging on an Uplink Port Group or Uplink Port
To configure VLAN traffic processing generally for all member uplinks, you must set the VLAN policy on an uplink port. To handle VLAN traffic through the port in a different way than for the parent uplink port group, you must set the VLAN policy on an uplink .
Use the VLAN policy at the uplink port level to propagate a trunk range of VLAN IDs to the physical network adapters for traffic filtering. The physical network adapters drop the packets from the other VLANs if the adapters support filtering by VLAN. Setting a trunk range improves networking performance because physical network adapters filter traffic instead of the uplink ports in the group.
If you have a physical network adapter that does not support VLAN filtering, the VLANs still might not be blocked. In this case, configure VLAN filtering on a distributed port group or on a distributed port.
For information about VLAN filtering support, see the technical documentation from the adapter vendors.
Prerequisites
To override the VLAN policy at the port level, enable the port-level overrides. See Configure Overriding Networking Policies on Port Level.
