VLAN - HackMD

# VLAN [TOC] ## Backgroud Knowledge ### VLAN Tagging(Access/Trunk Port) - Access port - a port that can be assigned to a **single VLAN**. This type of interface is configured on switch ports that are connected to **end devices** such as workstations, printers, or access points. - Trunk port - a port that is connected to **another switch**. This type of interface can carry traffic of **multiple VLANs**, thus enabling you to extend VLANs across your entire network. - Frames are tagged by assigning a **VLAN ID** to each frame as they traverse between switches. ### Promiscuous Mode(NIC) > The controller will pass all traffic it receives to the CPU, rather than passing only the frames that it is specifically programmed to receive. > This mode is normally used for packet sniffing on a router/computer connected to a wired network or a wireless LAN. - [What Is vSphere Promiscuous Mode and How to Enable It](https://www.ubackup.com/enterprise-backup/vsphere-promiscuous-mode.html) --- ## Junos Commands for VLAN Setting (to be added) --- ## VMware VLAN Setting - [VLAN configuration on virtual switches, physical switches, and virtual machines (1003806)](https://kb.vmware.com/s/article/1003806) ### Three methods of VLAN tagging - There are three methods of VLAN tagging that can be configured on ESXi/ESX: - External Switch Tagging (EST) - Virtual Switch Tagging (VST) - Virtual Guest Tagging (VGT) #### Virtual Switch Tagging (VST) - Features - All VLAN tagging of packets is performed by the virtual switch before leaving the ESXi/ESX host. - The ESXi/ESX host network adapters must be connected to trunk ports on the physical switch. - The portgroups connected to the virtual switch must have an appropriate VLAN ID specified. :::info **Document Description** - **vSwitch** Side should build three port groups: - OOBM - VLAN ID 0 is how VMWare handles untagged traffic, it should always be marked configured as “0”. - Tunnel IP - VLAN ID 10 will look as “untagged” to the Mist Edge but will be tagged as VLAN 10 between the VMWare and the physical switch. - Upstream - VLAN ID 4095 is configured as trunk to tag all VLANs. ::: :::warning According to the document, it seems that in this case we should configure via the **VST** method. ::: #### VST How-To - [Configuring Virtual Switch VLAN Tagging (VST) mode on a vNetwork Distributed Switch (1010778)](https://kb.vmware.com/s/article/1010778) - [Sample configuration of virtual switch VLAN tagging (VST Mode) (1004074)](https://kb.vmware.com/s/article/1004074) ### Configuration ![](https://hackmd.io/_uploads/rkjQJvAN2.png =400x) #### Physical Juniper Switch ![](https://hackmd.io/_uploads/HkEhRURE2.png) ``` set interface ge-0/0/2 unit 0 family ethernet-switching port-mode trunk set interface ge-0/0/2 unit 0 family ethernet-switching vlan members [tunnelip test1 test2] set interface ge-0/0/2 unit 0 family ethernet-switching native-vlan-id 5 ``` #### vSwitch