Objective 2.2 – Configure and Maintain VLANs, PVLANs and VLAN Settings

Knowledge - Identify types of VLANs and PVLANs

• A VLAN (virtual lan) is a grouping of hosts that are able to communicate in the same broadcast domain even though they may not be physically plugged into the same network device
• VLAN Trunking is the ability to pass traffic for multiple VLANs through a singular physical network connection. IEEE 802.1Q
• Private VLANs allow you to isolate traffic between virtual machines in the same isolated VLAN. These isolated PVLANs are referred to as the primary VLAN divided into secondary VLANs. PVLANs are only configurable in ESX on vDS. There are three types of secondary PVLAN:

1. Promiscuous – VM’s are reachable by and can reach any machine in the same primary VLAN
2. Isolated – VM’s can talk to no virtual machines except those in the promiscuous PVLAN
3. Community – VM’s can talk to each other and to the VMs in the promiscuous PVLAN, but not to any other VM

Skills and Abilities - Determine use cases for and configure VLAN Trunking
Typically application hosting environments require separation of application tier by firewall.  Over simplistically,  web servers maybe in zone A (can accept from internet and pass only to zone B),  application servers in zone B (can accept from zone A and only pass to zone C),  database servers in zone C.  If you have multiple applications you may want to keep those discreet and have web zone D, app zone E,  DB zone F etc etc.  These can then be doubled as each server may have a forward and backward facing NIC.

In the world of physical servers this isn't an issue as each can be cabled to the correct switch port presenting only the VLAN required.  In a virtual world this direct connectivity is near impossible to meet all permutations,   equally as important to make a change requires a physical action of moving cable from switch A to switch B.  With use of trunking the host has connectivity to a trunk containing many VLAN and the VLAN which a VM connects to is defined at the software layer by way of a virtual switch tag assigned to each packet as it enters the trunk which is stripped each time it leaves the trunk,  the VM believes it has a direct connection to he presented VLAN but we save having cables to each.
 
Skills and Abilities - Determine use cases for and configure PVLANs
pVLANs are used where increased granularity of configuration are required within a VLAN without having your network engineer present you extra VLANs in a trunk.  These can be useful if you don't use trunking,  or your network engineer is to busy and you need to setup something quick.


Skills and Abilities - Use command line tools to troubleshoot and identify VLAN configurations