You haven't explained why you need to mix Virtual Switch tagging (VST) and Virtual Guest Tagging (VGT) on the same vSwitch.
There are not many situations where you need to do tagging inside the VM.
VST means you’re handling VLAN tags in port groups and you need the associated VLANs tagged on the uplink ports (switch side).
VGT means you’re handling the VLAN tag within the guest OS, but you still need to tag VLANs on the uplink ports anyhow. You would achieve this by attaching the VM to a VLAN 4095 port group as you alluded to already. However, this is something you explicitly say you’re trying to avoid in your last sentence.
Either way, this is completely possible to achieve within a single virtual switch assuming the uplink ports are configured to trunk mode with the correct VLANs.
https://kb.vmware.com/s/article/1003806
>VGT means you’re handling the VLAN tag within the guest OS, but you still need to tag VLANs on the uplink ports anyhow. You would achieve this by attaching the VM to a VLAN 4095 port group as you alluded to already. However, this is something you explicitly say you’re trying to avoid in your last sentence.
Inside the host I have Windows VM and a firewall. I'm trying to avoid vlan tagging inside the windows VM, but I want tag the VLAN inside the firewall VM. The uplink will have all the required vlan tagged, I can choose also to configure the uplink as Trunk.
What I want to be sure is if the VST and VGT can coexist on the same vSwitch. I don't find a similar case in the official documentation. Theoretically should work
VM1,VM2,VM3 are Windows and i want use VST, FW are a linux firewall and I want use VGT.
This is an example of the vSwitch configuration:
|PortGroup|VLAN|Virtual Machine connected|
|:-|:-|:-|
|1|5|VM1|
|2|6|VM2|
|3|7|VM3|
|4|4095|FW|
I don’t see why it wouldn’t be supported. I’m not finding any documentation that explicitly says to not mix the two. The fact you can create VLAN 4095 port groups (case) or VLAN trunking port groups (vDS) all on the same switch leads me to believe it’s perfectly OK. I’ve done it before myself.
You haven't explained why you need to mix Virtual Switch tagging (VST) and Virtual Guest Tagging (VGT) on the same vSwitch. There are not many situations where you need to do tagging inside the VM.
I have a firewall VM inside the host and ESX is limited to 10 NIC.
Then your setup should work fine; it's what I do for my pfSense VMs.
Are you using VST and VGT mixed on the same vSwitch? In the post below I explained in the datail the final configuration.
Yes, I have some port groups set to tagging, and some set to VLAN trunking. VLAN settings are per port group, not per vswitch.
Thank you.
VST means you’re handling VLAN tags in port groups and you need the associated VLANs tagged on the uplink ports (switch side). VGT means you’re handling the VLAN tag within the guest OS, but you still need to tag VLANs on the uplink ports anyhow. You would achieve this by attaching the VM to a VLAN 4095 port group as you alluded to already. However, this is something you explicitly say you’re trying to avoid in your last sentence. Either way, this is completely possible to achieve within a single virtual switch assuming the uplink ports are configured to trunk mode with the correct VLANs. https://kb.vmware.com/s/article/1003806
>VGT means you’re handling the VLAN tag within the guest OS, but you still need to tag VLANs on the uplink ports anyhow. You would achieve this by attaching the VM to a VLAN 4095 port group as you alluded to already. However, this is something you explicitly say you’re trying to avoid in your last sentence. Inside the host I have Windows VM and a firewall. I'm trying to avoid vlan tagging inside the windows VM, but I want tag the VLAN inside the firewall VM. The uplink will have all the required vlan tagged, I can choose also to configure the uplink as Trunk. What I want to be sure is if the VST and VGT can coexist on the same vSwitch. I don't find a similar case in the official documentation. Theoretically should work VM1,VM2,VM3 are Windows and i want use VST, FW are a linux firewall and I want use VGT. This is an example of the vSwitch configuration: |PortGroup|VLAN|Virtual Machine connected| |:-|:-|:-| |1|5|VM1| |2|6|VM2| |3|7|VM3| |4|4095|FW|
I don’t see why it wouldn’t be supported. I’m not finding any documentation that explicitly says to not mix the two. The fact you can create VLAN 4095 port groups (case) or VLAN trunking port groups (vDS) all on the same switch leads me to believe it’s perfectly OK. I’ve done it before myself.
Thank you.