Configuring Management VLAN on ESXi Hosts

Current State

  • ESXi hosts are using untagged management network
  • IP addresses are already in 192.168.10.0/24 range
  • Need to decide whether to tag management traffic with VLAN 10

Advantages

  • Simpler configuration
  • Less chance of lockout
  • Easier recovery if issues occur
  • Many homelabs use this approach

Physical Switch Configuration 

Ubiquiti Switch Port Settings:
- Port Profile: All
- Native Network: Management (VLAN 10)
- Tagged Networks: 20,30,40,50,100,110

ESXi Configuration

No changes needed - management stays untagged.

Option 2: Configure VLAN 10 on Management

Advantages

  • Better security through VLAN isolation
  • Consistent with enterprise practices
  • All traffic is explicitly tagged

WARNING

⚠️ This can lock you out of ESXi management! Only proceed if you have:

  • Console access to hosts
  • Physical switch properly configured
  • Backup access method

Configuration Steps

Step 1: Configure Physical Switch First 

Ubiquiti Switch Port Settings:
- Port Profile: All
- Native Network: Default (VLAN 1)
- Tagged Networks: 10,20,30,40,50,100,110

Step 2: Configure Each ESXi Host

Method A: Using DCUI (Safest)

  1. Access host console (physical or IPMI)
  2. Press F2 to login
  3. Navigate to: Configure Management Network
  4. Select: VLAN
  5. Enter: 10
  6. Press ESC and confirm changes
  7. Test connectivity before proceeding to next host

Method B: Using SSH (Risky)

# WARNING: This will briefly disconnect you!
ssh root@esxi-nuc-01.markalston.net
esxcfg-vswitch -v 10 -p "Management Network" vSwitch0

Method C: Using vCenter (If Already Connected)

  1. Select Host in vCenter
  2. Configure → Networking → Virtual switches
  3. Edit vSwitch0 → Management Network
  4. VLAN ID: 10
  5. Save changes

Verification Steps

After configuration:

# Check VLAN configuration
esxcfg-vswitch -l

# Verify management network
esxcli network vswitch standard portgroup list

# Should show:
# Management Network    10       vSwitch0

Recovery if Locked Out

From Console

  1. Press F2 at DCUI
  2. Configure Management Network
  3. VLAN → Set to 0 (untagged)
  4. Save and exit

Reset Network from Console 

1. F2 → Troubleshooting Options
2. Restart Management Network
3. Or: Reset Network Settings

Recommendation for Your Setup

For a homelab, I recommend Option 1: Keep management untagged

Reasons:

  • You already have working connectivity
  • Simpler to troubleshoot
  • Less risk of lockout
  • VLANs for other traffic types provide sufficient isolation

If you choose Option 1, just ensure your Ubiquiti switch ports have:

  • Native VLAN: Your management network
  • Tagged VLANs: All others (20,30,40,50,100,110)

Testing Approach

If you decide to implement VLAN 10:

  1. Test on one NUC first (esxi-nuc-03)
  2. Ensure you can still access it
  3. Then proceed with others
  4. Keep Mac Pro for last (it’s hosting vCenter)

This project is for educational and home lab purposes.