Server Products
Intel® Modular Server Systems
How to Create and Use VLANs on the Intel® Modular Server

Use VLANs to configure and control server traffic on the Compute Modules and Ethernet Switch Module (ESM).

Jump to:

  1. No VLANs configured. All traffic is open

    All servers

    Network

  2. One VLAN per Compute Module, and one VLAN per external port

    Server 1

    Network A

    Servers 2-6

    Network B

  3. Multiple VLANs on one Compute Module, and one VLAN per external port

    Server 1:
    Virtual Machine 1
    Virtual Machine 2
    Virtual Machine 3
    Virtual Machine 1

    External port 1

    Virtual Machine 2

    External port 2

    Virtual Machine 3

    External port 3

  4. Multiple VLANs on one Compute Module, and one or more VLANs on multiple trunked external ports

    Server 1:
    Virtual Machine 1
    Virtual Machine 2
    Virtual Machine 3

    External ports 1-4


No VLANs configured. All traffic is open

By default, all compute modules pass all traffic to the ESM. Traffic is forwarded based on the destination MAC address, and broadcasts are seen by all other Compute Modules.

No configuration is required on the Compute Modules, ESM, operating system (OS), or other switches.

Back to top


One VLAN per Compute Module, and one VLAN per external port

The switch can be configured so that each external port matches a single port on a compute module. Different compute modules can be on separate physical networks, and traffic can be rerouted by moving the physical cables.

  1. Create a new VLAN ID and name; for example, VLAN ID 10, named "Database", by going to:

    Advanced Configuration - Layer 2 - VLAN - Properties - Add

  2. Add the first external port (Ext.1) and the first server NIC port (Server.1.1) as untagged members of that VLAN, by going to:

    Advanced Configuration - Layer 2 - VLAN - Membership - VLAN ID 10 - Ports - Ext.1 - Edit - Untagged
    Advanced Configuration - Layer 2 - VLAN - Membership - VLAN ID 10 - Ports - Server.1.1 - Edit - Untagged

  3. Configure the default VLAN for untagged packets on those ports to be the new VLAN, by going to:

    Advanced Configuration - Layer 2 - VLAN - Interface Settings - Ext.1 - Edit - PVID - 10
    Advanced Configuration - Layer 2 - VLAN - Interface Settings - Server.1.1 - Edit - PVID - 10

Any network plugged into the external port 1 on the ESM, will only have access to the first NIC on the first server. A network plugged into any other port, will have access to all server ports except the first NIC on the first server.

To use both ports on the first server with a single external port, also add Server.1.2 to VLAN 10, and bond the NICs through the OS.

Since the ports are untagged, no special configuration is required for the OS or other switches.

Back to top


Multiple VLANs on one Compute Module, and one VLAN per external port

When using virtual machines, the traffic from each virtual machine can be kept separate from other traffic. For example, a hypervisor on a Compute Module that contains both public web servers, and private DHCP or Active Directory servers, must keep the public and private traffic separate.

To configure this, put the different virtual machines on different VLANs, and tag all traffic.

  1. Create new VLAN IDs and names, by going to:

    Advanced Configuration - Layer 2 - VLAN - Properties - Add
    VLAN ID 11 "VM1"
    VLAN ID 12 "VM2"
    VLAN ID 13 "VM3"

  2. Add the server NIC ports (Server.1.1 and Server.1.2) as tagged members of each VLAN, and assign a different external port to each VLAN, by going to:

    Advanced Configuration - Layer 2 - VLAN - Membership
    VLAN ID 11 - Ports - Ext.1 - Edit - Untagged
    Server.1.1 - Edit - Tagged
    Server.1.2 - Edit - Tagged
    VLAN ID 12 - Ports - Ext.2 - Edit - Untagged
    Server.1.1 - Edit - Tagged
    Server.1.2 - Edit - Tagged
    VLAN ID 13 - Ports - Ext.3 - Edit - Untagged
    Server.1.1 - Edit - Tagged
    Server.1.2 - Edit - Tagged

  3. Configure your hypervisor to tag outbound packets.

  4. Since the external ports are untagged, no special configuration is required for the other switches.

Back to top


Multiple VLANs on one Compute Module, and one or more VLANs on multiple trunked external ports

To increase bandwidth to other switches, create a Link Aggregation Group (LAG) on external ports

Configure the switch
Enter Advanced Configuration on the switch
Open Layer 2 - Interface - LAG Configuration
Edit LAG1

Add a Description. For this example, we will be connecting to a Cisco* switch.
It is best to leave the other settings at their defaults.

Be sure to click Apply before clicking Close.
Open Layer 2 - Interface - LAG Membership
Edit ToCisco

Add the first four external ports

Click Apply, then Close

Open Layer 2 - VLAN - Membership
Select VLAN ID 10 from the drop-down list
Select the LAGs radio button
Edit LAG 1

Set the Interface Status to Tagged

By default, each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode). If you need to assign the interface to a single untagged VLAN, open

Layer 2 - VLAN - Membership - VLAN - Interface Settings - LAG 1
Choose Edit
Set the LAG VLAN Mode to Access

If you need all VLANs tagged except one, set the LAG VLAN Mode to Trunk.

To configure your external switch, please consult your switch documentation. For some example commands, see Creating a multi-port trunk with an external switch

Back to top

This applies to:

Intel® Compute Module MFS2600KI
Intel® Compute Module MFS5000SI
Intel® Compute Module MFS5520VIR
Intel® Modular Server System MFSYS25
Intel® Modular Server System MFSYS25V2
Intel® Modular Server System MFSYS35

Solution ID: CS-031599
Last Modified: 23-Oct-2014
Date Created: 23-May-2010
Back to Top