Configuring VLAN for iSCSI hosts

Follow these guidelines when you plan to configure a virtual local area network (VLAN) for iSCSI-attached hosts.

VLAN tagging is supported for iSCSI traffic. VLAN provides network traffic separation at the layer 2 level for Ethernet transport.
VLAN tagging by default is disabled for any IP address of a node port. You can use the command-line interface (CLI) to optionally set a VLAN ID for port Internet Protocols (IPs).
To prevent connectivity issues when a VLAN ID is configured for the IP addresses that are used for iSCSI host attachment, appropriate VLAN settings on the Ethernet network and servers must also be properly configured.
A VLAN ID can be configured on system 1G Ethernet ports and 10G Ethernet ports.
A VLAN ID can be configured for IPv4 addresses and IPv6 addresses of Ethernet ports.
The same VLAN ID can be configured for all the Ethernet port IP addresses, or a different VLAN ID can be configured on each Ethernet port IP address.
Setting VLAN tags for iSCSI host attachment sessions that are already configured with a system that is running software before version 7.4.0 is a disruptive process.
To configure VLAN tags for existing host attachment sessions:
- Configure VLAN on host ports that are used for iSCSI connectivity.
- Configure all intervening switches with appropriate VLAN tags according to port connectivity.
- Configure system ports with appropriate VLAN tags.
If VLAN tagging needs to be done without disrupting I/Os from hosts, the host should have multiple ports. Multipath drivers on hosts must be correctly configured with multiple iSCSI sessions to each system iSCSI port. Then, when you configure VLANs, iSCSI sessions must be brought down one at a time so that I/Os can continue through alternate paths to the system. Depending on switch connectivity, this process might or might not be possible.
To ensure reliable connectivity to storage during a node failure, configure the same VLAN ID on the local and failover port on two nodes of an I/O group.
If different VLAN IDs are set for local and failover port on two nodes of an I/O group, configure both VLAN IDs on the Ethernet switch ports. This way, a failover of IP addresses from a failing node to a surviving node succeeds. This setting is required to avoid a loss of paths to storage during a node failure.
After VLANs are configured, changes to the VLAN settings disrupt iSCSI traffic to or from those Ethernet ports.
A configuration with different VLANs on different ports but with the same subnet on the ports is not supported.

Configuring VLAN tags on existing host sessions

Complete these steps to configure VLAN tags on existing host sessions:

On the hosts, configure VLAN on the host ports that are used for iSCSI connections. Consult appropriate host documentation to complete this step.
On all intervening switches, configure the switches with the VLAN tags per port connectivity. Consult appropriate switch documentation to complete this step.
Verify that the port on which you are configuring VLAN tags is used for host attachment. In the management GUI, select Settings > Network > Ethernet Ports. Ensure that Yes is displayed in the host attach column for the selected port. If No is displayed, right-click the port and select Modify iSCSI hosts and select Enabled.
Configure ports on the system with appropriate VLAN tags by completing these steps:
1. In the management GUI, select Settings > Network > Ethernet Ports.
2. Right-click the port on which to configure VLAN and select Actions > Modify VLAN.
3. On the Modify VLAN page, select to enable VLAN for either IPv4 or IPv6 connections.
4. Enter the VLAN tag and select whether to use the same VLAN tag for the failover port. If the failover port does not have the same VLAN tag, a host can lose access to the volumes. To prevent a loss of access, select to use the same VLAN tag for the failover port.
5. Click Modify.
If you are using PFC with this VLAN configuration, complete the following steps on the PFC-supported switch:
1. On the switch, set the priority tag for iSCSI.
2. On the switch, enable the PFC for iSCSI priority tag.
3. On the switch, enable Data Center Bridging Exchange (DCBx). DCBx enables switch and adapter ports to exchange parameters that describe traffic classes and PFC capabilities.
For these steps, consult your switch documentation for details.