Configuring Trunking in Virtual Environments
If you are deploying a sensor using a hypervisor and plan to monitor multiple VLAN through a trunk port, special configuration is needed.
- Configure your physical switch port and Genian NAC as described in Installing Genian NAC.
- Special settings will be configured within the virtual network to allow Genian NAC to communicate with the physical trunk port.
- For all hypervisors, ensure the NIC assigned to Genian NAC supports VLANs and
is placed in
promiscuous mode
. - The virtual sensor host must be linked to the physical switch using a virtual switch.
ESXi
Different configurations are possible depending on which switching technology is being used in ESXi.
vSwitch
- On the Virtual Switch, edit the port group:
Enable
VGT Mode
Set the VLAN ID to
4095
.This will allow traffic from all VLANs to travel through the virtual switch, between your Physical switch port and Genian NAC.
Distributed vSwitch
- Under Home > Inventory > Networking, Edit Settings for the desired dvPortGroup.
- Go to Policies > VLAN:
Set VLAN type to VLAN
Trunking
Set range or list of VLANs.
This will allow traffic from all specified VLANs to travel through the virtual switch, between all virtual machines and physical NICs assigned to to the vSwitch.
Hyper-V
Warning
Hyper-V does not support trunk configuration in the GUI, Powershell is required.
Please be warned trunking configurations will not be visible in the GUI after they have been configured.
Because Hyper V names all interfaces "Network Adapter" by default, we strongly advise renaming, removing + recreating, or using a script to select target interface by MAC address.In the example below, we will demonstrate deleting a single interface and recreating it, before configuring trunking.
These changes will result in temporary disconnection, and are best performed with the guest system is powered down.
- In Powershell, enter the following commands with the bracketed values changed to match your environment:
- List the interfaces connected to the VM:
Get-VMNetworkAdaptervlan -VMName [vmname]
- Delete the existing interfaces that were output by the above command. Repeat as needed.
Remove-VMNetworkAdapter -VMName [vmname] -Name "[Network Adapter]"
- Add back interfaces using the command below. Assign unique interface names if adding multiple interfaces. (Single interface recomended)
Add-VMNetworkadapter -VMName [vmname] -Name "[Eth0]"
- Lastly configure the interface(s) to a trunk port. Be sure to not include the native vlan within the allowed vlan scope.
set-VMNetworkAdapterVlan -VMName [name] -VMNetworkAdapterName "[Eth0]"-Trunk -AllowedVlanIdList "[allowed vlans]" -NativeVlanId [native vlan]
- Check your interfaces
Get-VMNetworkAdaptervlan -VMName [vmname]
Real world syntax examples:
Get-VMNetworkAdaptervlan -VMName GenianNAC
Remove-VMNetworkAdapter -VMName GenianNAC -Name "Network Adapter"
Add-VMNetworkadapter -VMName GenianNAC -Name "Eth0"
set-VMNetworkAdapterVlan -VMName GenianNAC -VMNetworkAdapterName "Eth0"-Trunk -AllowedVlanIdList "10,20,30" -NativeVlanId 1
Get-VMNetworkAdaptervlan -VMName GenianNAC
Citrix Hypervisor (Xenserver)
- In the host Network Tab in Xencenter:
- Add an
external network
for each VLAN, and assign each entry to the NIC that is connected to the switch trunk port.