VLAN configuration guidelines for iSCSI

Follow these guidelines when you plan to configure a virtual local area network (VLAN) for iSCSI-attached hosts.

VLAN tagging is supported for iSCSI traffic. VLAN provides network traffic separation at the layer 2 level for Ethernet transport.
VLAN tagging by default is disabled for any IP address of a node port. You can use the command-line interface (CLI) to optionally set a VLAN ID for port Internet Protocols (IPs).
To prevent connectivity issues when a VLAN ID is configured for the IP addresses that are used for iSCSI host attachment, appropriate VLAN settings on the Ethernet network and servers must also be properly configured.
A VLAN ID can be configured on system 1G Ethernet ports and 10G Ethernet ports.
A VLAN ID can be configured for IPv4 addresses and IPv6 addresses of Ethernet ports.
The same VLAN ID can be configured for all the Ethernet port IP addresses, or a different VLAN ID can be configured on each Ethernet port IP address.
Setting VLAN tags for iSCSI host attachment sessions that are already configured with a system that is running software before version 7.4.0 is a disruptive process.
To configure VLAN tags for existing host attachment sessions:
- Configure VLAN on host ports that are used for iSCSI connectivity.
- Configure all intervening switches with appropriate VLAN tags according to port connectivity.
- Configure system ports with appropriate VLAN tags.
If VLAN tagging needs to be done without disrupting I/Os from hosts, the host should have multiple ports. Multipath drivers on hosts must be correctly configured with multiple iSCSI sessions to each system iSCSI port. Then, when you configure VLANs, iSCSI sessions must be brought down one at a time so that I/Os can continue through alternate paths to the system. Depending on switch connectivity, this process might or might not be possible.
To ensure reliable connectivity to storage during a node failure, configure the same VLAN ID on the local and failover port on two nodes of an I/O group.
If different VLAN IDs are set for local and failover port on two nodes of an I/O group, configure both VLAN IDs on the Ethernet switch ports. This way, a failover of IP addresses from a failing node to a surviving node succeeds. This setting is required to avoid a loss of paths to storage during a node failure.
After VLANs are configured, changes to the VLAN settings disrupt iSCSI traffic to or from those Ethernet ports.
A configuration with different VLANs on different ports but with the same subnet on the ports is not supported.