For just over half a year I used a Standard Switch on my ESXi server. It was simple to use compared to a Distributed Switch which completely overwhelmed me with options the first time I used it.

However, recently I bumped up against the limitations that standard switches have when trying to set up Security Onion monitoring. Standard Switches are:

  • Created and managed at the host level
  • Require creation of port groups with the exact same name on each host
  • Lack port mirroring functionality (although promiscuous mode is an option)

CREATE A DISTRIBUTED SWITCH

  1. In vSphere navigate to the Networking tab and right click the Datacenter Level.
  2. Select Distributed Switch > New Distributed Switch

  1. Name the switch
  2. Select the latest switch version available (6.6.0 on ESXi 6.7)
  3. Configure number of uplinks. I have 1 so I changed the default of 4 to 1.
  4. Create a default port group. You can use the default to create a port group or create a port group later.

  1. Click Add and Manage Hosts.
  2. Select Add hosts and click next.
  3. Select New Hosts, select your ESXi host and click next.
  4. Select an uplink physical adapter, select Assign Uplink and then select next.
  5. Click next until the end.

 

CREATE A DISTRIBUTED PORT GROUP

  1. Right click the newly created Distributed Switch > Distributed Port Group > New Distributed Port Group
  2. Label the port group with an appropriate name. My peronal naming convention is “vDSx-VlanNo-VlanUse”
  3. Default settings are mostly fine. VLAN type can be changed to suit your needs.
    1. None: Untagged frames
    2. VLAN: Equivalent to an access port. If you plan to use Virtual Switch Tagging (VST), this is the option for you.
    3. VLAN Trunking: For Virtual Guest Tagging where tagged frames are passed to the guest network adapter. The only use case I can think of is for nested virtualisation such as Eve-ng, GNS3 or Nested ESXi.
    4. Private VLAN: For Port Isolation where there is a need to isolate some VMs.

And there you go, you’ve created a Distributed Switch. There is no longer a need to create each network again on another host if you have a cluster. Just add the new host to the Distributed Switch.