Port groups and vSwitch in ESXi

Question

In ESXi I see vSwitch and In each vSwitch I have the provision to add port-groups. Do each port-group I add is on a separate network ?

Say I configure 2 port-groups and run DHCP server on one of them. Can I isolate the DHCP broadcast to only those machines on that port-group ? Or does the DHCP broadcast reach all port-groups on the vSwitch ?

I setup 2 Linux VMs with 2 NICs each. Each of the NIC-1 is associated to PortGroupA and NIC-2 is associated to PortGroupB. And I ran a DHCP server (dnsmasq) on one of the LinuxVM on eth0 (NIC-1,PortGroupA).

I noticed that when I bring up eth1 (NIC-2, PortGroup2) on the second Linux VM it gets an IP from the DHCP running on PortGroupA.

Is this expected or is my environment messed up ?

Answer 1

I'm no expert but I see two ways this could work:

1. Use different port groups and define different VLAN-IDs for each of them. VLAN-IDs enable you e.g. to split a switch in half to create two separate networks.

2. Use different vSwitches that are only connected to each other through a single VM (e.g. software firewall) that provides routing between the two networks. Block DHCP traffic.

Option 2 worked fine for me using free ESXi and provides most flexibility but there might be an easier solution using ESXi features only.