Configuring Trunking in Virtual Environments
============================================

If you are deploying a sensor using a hypervisor and plan to monitor multiple
VLAN through a trunk port, special configuration is needed.

- Configure your physical switch port and Genian NAC as described in
  :doc:`/install/installing-genian-nac`.
- Special settings will be configured within the virtual network to allow
  Genian NAC to communicate with the physical trunk port.
- For all hypervisors, ensure the NIC assigned to Genian NAC supports VLANs and
  is placed in ``promiscuous mode``.
- The virtual sensor host must be linked to the physical switch using a virtual
  switch.

ESXi
----

Different configurations are possible depending on which switching technology
is being used in ESXi.

vSwitch
'''''''

- On the Virtual Switch, edit the port group:

 - Enable ``VGT Mode``
 - Set the VLAN ID to ``4095``.

   This will allow traffic from all VLANs to travel through the virtual
   switch, between your Physical switch port and Genian NAC.

Distributed vSwitch
'''''''''''''''''''

- Under **Home > Inventory > Networking**, **Edit Settings** for the desired
  dvPortGroup.
- Go to **Policies > VLAN**:

 - Set VLAN type to VLAN ``Trunking``
 - Set range or list of VLANs.

   This will allow traffic from all specified VLANs to travel through the
   virtual switch, between all virtual machines and physical NICs assigned
   to to the vSwitch.

Hyper-V
-------
.. warning:: Hyper-V does not support trunk configuration in the GUI,
             Powershell is required.

             Please be warned trunking configurations will **not be visible**
             in the GUI after they have been configured.

             Because Hyper V names all interfaces "Network Adapter" by default,
             we strongly advise renaming, removing + recreating, or using a
             script to select target interface by MAC address.In the example
             below, we will demonstrate deleting a single interface and
             recreating it, before configuring trunking.
             
             These changes will result in temporary disconnection, and are best
             performed with the guest system is powered down.

- In Powershell, enter the following commands with the bracketed values changed
  to match your environment:

 - List the interfaces connected to the VM:

 - ``Get-VMNetworkAdaptervlan -VMName [vmname]``

 - Delete  the existing interfaces that were output by the above command.
   Repeat as needed.

 - ``Remove-VMNetworkAdapter -VMName [vmname] -Name "[Network Adapter]"``

 - Add back interfaces using the command below. Assign unique interface names
   if adding multiple interfaces. (Single interface recomended)

 - ``Add-VMNetworkadapter -VMName [vmname] -Name "[Eth0]"``

 - Lastly configure the interface(s) to a trunk port. Be sure to not include
   the native vlan within the allowed vlan scope.

 - ``set-VMNetworkAdapterVlan -VMName [name] -VMNetworkAdapterName "[Eth0]"-Trunk -AllowedVlanIdList "[allowed
   vlans]" -NativeVlanId [native vlan]``

 - Check your interfaces

 -  - ``Get-VMNetworkAdaptervlan -VMName [vmname]``

Real world syntax examples:

 - ``Get-VMNetworkAdaptervlan -VMName GenianNAC``
 - ``Remove-VMNetworkAdapter -VMName GenianNAC -Name "Network Adapter"``
 - ``Add-VMNetworkadapter -VMName GenianNAC -Name "Eth0"``
 - ``set-VMNetworkAdapterVlan -VMName GenianNAC -VMNetworkAdapterName "Eth0"-Trunk -AllowedVlanIdList "10,20,30" -NativeVlanId 1``
 - ``Get-VMNetworkAdaptervlan -VMName GenianNAC``

Citrix Hypervisor (Xenserver)
-----------------------------

- In the host Network Tab in Xencenter:

 - Add an ``external network`` for each VLAN, and assign each entry to the NIC
   that is connected to the switch trunk port.