dvSwitch scripting – Part 6 – Private VLAN

Another post in the dvSwitch series. This time I’ll tackle the creation and use of a private VLANs (PVLAN) on a dvSwitch.

For those that are not that familiar with PVLANs have a look at KB1010691, that article gives a good overview of the PVLAN concept. And there were several sessions during the last VMworld that talked about PVLANs. The most noteworthy being TA2525 VMware vSphere 4 Networking Deep Dive.

In short, PVLANs allows isolation for guests on a shared IP subnet.

To use PVLANs on a dvSwitch we need to execute a two-step process:

  1. Create the PVLANs on the dvSwitch
  2. Assign a PVLAN to a Portgroup

The start configuration is a regular dvSwitch which has three portgroups defined.

The dvSwitch has no PVLANs defined.

PVLAN creation

Annotations

Line 1-15: The Get-dvSwitch function was already discussed in Part 2 of the dvSwitch series.

Line 18: The parameters $secondayNr and $secondaryType are defined as arrays. That way the function can handle the creation of multiple secondary PVLANs in one call.

Line 37: The PVLAN typenames are case sensitive! To avoid errors, the script converts the passed typenames to lowercase. Just to make sure 😉

Line 42-43: As with any dvSwitch method, it’s important to pass the correct ConfigVersion. Otherwise you get a message saying “Cannot complete operation due to concurrent modification by another operation“.

Line 57: This sample call creates a Primary PVLAN with VLAN Id 2, a Secondary PVLAN of type Community with VLAN Id 102 and another Secondary PVLAN of type Isolated with VLAN Id 202.

Portgroup assignment

Annotations

Line 1-15: The Get-dvSwitch function was already discussed in Part 2 of the dvSwitch series.

Line 20-26: The scripts looks for the DistributedVirtualPortgroup object in order to pass the correct ConfigVersion (see line 34).

Line 49-51: The call to the dvSwPgPVLAN requires you to pass the portgroupname and Secondary PVLAN Id.

The final result, the three portgroups have now each been assigned to a PVLAN.

# Get-View -ViewType VirtualMachine -Filter @{“Name”=”MVV30010”} | %{
Get-View -ViewType VirtualMachine | %{
if($_.Config.Hardware.Device | where{$_.gettype().Name -eq “VirtualSerialPort”}){
$_.Name
}
}

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

This site uses Akismet to reduce spam. Learn how your comment data is processed.