Configuring Trunking in Virtual Environments ============================================ If you are deploying a sensor using a hypervisor and plan to monitor multiple VLAN through a trunk port, special configuration is needed. - Configure your physical switch port and Genian NAC as described in :doc:`/install/installing-genian-nac`. - Special settings will be configured within the virtual network to allow Genian NAC to communicate with the physical trunk port. - For all hypervisors, ensure the NIC assigned to Genian NAC supports VLANs and is placed in ``promiscuous mode``. - The virtual sensor host must be linked to the physical switch using a virtual switch. ESXi ---- Different configurations are possible depending on which switching technology is being used in ESXi. vSwitch ''''''' - On the Virtual Switch, edit the port group: - Enable ``VGT Mode`` - Set the VLAN ID to ``4095``. This will allow traffic from all VLANs to travel through the virtual switch, between your Physical switch port and Genian NAC. Distributed vSwitch ''''''''''''''''''' - Under **Home > Inventory > Networking**, **Edit Settings** for the desired dvPortGroup. - Go to **Policies > VLAN**: - Set VLAN type to VLAN ``Trunking`` - Set range or list of VLANs. This will allow traffic from all specified VLANs to travel through the virtual switch, between all virtual machines and physical NICs assigned to to the vSwitch. Hyper-V ------- .. warning:: Hyper-V does not support trunk configuration in the GUI, Powershell is required. Please be warned trunking configurations will **not be visible** in the GUI after they have been configured. Because Hyper V names all interfaces "Network Adapter" by default, we strongly advise renaming, removing + recreating, or using a script to select target interface by MAC address.In the example below, we will demonstrate deleting a single interface and recreating it, before configuring trunking. These changes will result in temporary disconnection, and are best performed with the guest system is powered down. - In Powershell, enter the following commands with the bracketed values changed to match your environment: - List the interfaces connected to the VM: - ``Get-VMNetworkAdaptervlan -VMName [vmname]`` - Delete the existing interfaces that were output by the above command. Repeat as needed. - ``Remove-VMNetworkAdapter -VMName [vmname] -Name "[Network Adapter]"`` - Add back interfaces using the command below. Assign unique interface names if adding multiple interfaces. (Single interface recomended) - ``Add-VMNetworkadapter -VMName [vmname] -Name "[Eth0]"`` - Lastly configure the interface(s) to a trunk port. Be sure to not include the native vlan within the allowed vlan scope. - ``set-VMNetworkAdapterVlan -VMName [name] -VMNetworkAdapterName "[Eth0]"-Trunk -AllowedVlanIdList "[allowed vlans]" -NativeVlanId [native vlan]`` - Check your interfaces - - ``Get-VMNetworkAdaptervlan -VMName [vmname]`` Real world syntax examples: - ``Get-VMNetworkAdaptervlan -VMName GenianNAC`` - ``Remove-VMNetworkAdapter -VMName GenianNAC -Name "Network Adapter"`` - ``Add-VMNetworkadapter -VMName GenianNAC -Name "Eth0"`` - ``set-VMNetworkAdapterVlan -VMName GenianNAC -VMNetworkAdapterName "Eth0"-Trunk -AllowedVlanIdList "10,20,30" -NativeVlanId 1`` - ``Get-VMNetworkAdaptervlan -VMName GenianNAC`` Citrix Hypervisor (Xenserver) ----------------------------- - In the host Network Tab in Xencenter: - Add an ``external network`` for each VLAN, and assign each entry to the NIC that is connected to the switch trunk port.