Thanks for that, I think that's a really useful answer.

So it really is just a case of defending core/bootstrapping VLANs?

So it has no real meaning on a vEthernet profile then?

here is an example from my configs I use.

port-profile type ethernet system-uplink-03

vmware port-group

switchport mode trunk

switchport trunk native vlan 1034

switchport trunk allowed vlan 1031-1034

channel-group auto mode on mac-pinning

no shutdown

system vlan 1031-1033

description  Development system profile for critical ports and vm traffic

state enabled

1031-1034 are vmware mgmt, ip storage and vmotion in this instance vcenter was in a different environment I have I think about 12 different system uplink port profiles

here is a port-profile:

port-profile type vethernet 03-development-vmsc

capability l3control

vmware port-group

switchport mode access

switchport access vlan 1031

no shutdown

system vlan 1031

max-ports 32

description 03 Development ESXi Management

state enabled

hope this helps.

Many thanks!

FYI - Vmotion should not and does not need to be a "system vlan". 

Robert

Robert can you please explain why it should not be ?  It has worked very well for me a few times there has been a problem with a host, also I have done it as I have the permission to migrate a vm but do not have the permission to change the state of the vm (power off/on)  Also I see no harm in having it as a system vlan.

Please tell me though if there is a problem I may encounter if i continue to use it as a system vlan, currently there are four system vlans per system uplink.  Is there a max number of supported system vlans, and if so can those vlans only do certain tasks ?

Many thanks and I look forward to your reply.

Simon.

I've explained the rationale behind system vlans on dozens of posts in the correct forum for 1000v topics - [server networking]

A system VLAN has no impact on any already-created virtual interfaces.  The only benefit a system VLAN provides is to be forwarding as soon as the host boots up "before" communicating with the VSM.  In what instance would you have a host just boot up, unable to talk to your primary or secondary VSM and require a VMotion?  If you did vMotion a VM, odds are the VM's VLAN is NOT a system VLAN and wouldn't be forwarding on the destination host regardless (at least until the VEM can communicate with the VSM that is).  So would you really want to allow a VM to be able to VMotion to a host where it will have no networking connectivity? By omitting the VMotion VMK port profile from being a system VLAN the Migration Validation vCenter performs will fail and prevent you from black holing your VM's networking.

Also there's a global limitation of 16 port profiles containing system VLANs so using one up unnecessarily is not good design IMO.

Regards,

Robert

Thank you Robert I will try and find those posts.