: Enable ESXi VLAN Access Mode with SR-IOV
Focus
Focus

Enable ESXi VLAN Access Mode with SR-IOV

Table of Contents
End-of-Life (EoL)

Enable ESXi VLAN Access Mode with SR-IOV

Send and receive VLAN untagged traffic on SR-IOV interfaces on the VM-Series firewall on ESXi.
The VM-Series firewalls on ESXi can operate in VLAN access mode to support use cases where it is deployed as a virtual network function (VNF) that offers security-as-a-service in a multi-tenant cloud/data center environment. In VLAN access mode, each VNF has dedicated virtual network interfaces (VNIs) for each network and it sends and receives packets to/from SR-IOV virtual functions (VFs) without VLAN tags; you must enable this capability on the physical and virtual functions on the host hypervisor. When you, then enable VLAN access mode on the VM-Series firewall, the firewall can send and receive traffic without VLAN tags across all its dataplane interfaces. Additionally, if you configure QoS policies, the firewall can enforce QoS on the access interface and provide differentiated treatment of traffic in a multi-tenant deployment.
By default, the VM-Series firewall on ESXi operates in VLAN trunk mode.
  1. On the host system, set up the physical and virtual function to operate in VLAN access mode.
    1. Click Networking in the VMware Host Client inventory and click Port groups.
    2. In the list that you want to edit, right-click the port group and select Edit settings.Enter a new port group Name.Enter a new value for the VLAN ID.
    For best performance on the VM-Series firewall, make sure to:
    • Enable CPU pinning.
    • Disable Replay Protection, if you have configured IPSec Tunnels.
      On the firewall web interface, select NetworkIPSec Tunnels, select an IPSec tunnel, click General, select Show Advanced Options, and clear Enable Replay Protection.
  2. Access the CLI on the VM-Series firewall.
  3. Enable VLAN access mode.
    request plugins vm-series vlan-mode access-mode on
    on enables VLAN access mode; to use VLAN trunk mode, enter request plugins vm-series vlan-mode access-mode off.
  4. Reboot the firewall.
    request restart system
  5. Verify the VLAN mode configuration.
    show plugins vm-series vlan-mode