VyOS with ESXI 6.7

From ppwiki
Jump to navigation Jump to search


To complete this tutorial, we will need:

  • 1 node running ESXI. This tutorial is done on a node running EXSI 6.7
  • 1 VM running the VyOS
  • 4 testing VM's on separate VLAN's


Our Goal is to be able to create the network in the image below. Note that we are not going to discuss about how to use ESXI in this tutorial but we will be more focus on VyOS and how to use it to connect to the vswitches on the ESXI node.


Creating VSwitches and port groups on the EXSI server=

The Vswitch0 is already create and has two port groups already: "VM Network" and "Mangement Network" so we are not going to worry about this.

Create VSwtich

In this section, we will be creating 4 Vswithes called:

- asw-a-codfw

- asw-b-codfw

- asw-c-codfw

- asw-d-codfw

Do not assign any up-links to the Vswitches. Like a mentioned above we are not going to discuss how to create Vswithes in this tutorial. After you have created the 4 Vswitches above, the next step will be to create the port groups in the nest section.

Create Port groups

create 4 port groups like in the table below.

Port Groups
Port name vlan vswitch
private1-a-codfw 20 asw-a-codfw
private1-b-codfw 30 asw-b-codfw
private1-c-codfw 40 asw-c-codfw
private1-d-codfw 50 asw-d-codfw

VyOS installation and configuration


The installation of VyOS is simple and easy. It is done like a regular VM installation on ESXI.

  • First : create a VM with

- Name:vrouter4001 ( You can use any name)

- 1024MB of RAM

- 1 CPU

- 40GB of Disk

- 5 Network Interfaces

Network Interfaces and port groups
NIC Port Group
eth0 VM Network
eth1 private1-a-codfw
eth2 private1-b-codfw
eth3 private1-c-codfw
eth4 private1-d-codfw
  • Second: Download the iso image

The Link to download the iso is: https://downloads.vyos.io/?dir=release/legacy/1.1.8

Download the vyos-1.1.8-amd64.iso version

  • Third: attache the iso to your VM and boot the VM

After booting the VM, you will see the login prompt like in the image below


The default login username is vyos and the password is vyos too.

Once login, run the command

show interfaces

to make sure you have all the 5 interfaces. The output should look the same like in the image below


If you have all the five interfaces, proceed to the installation by running the command

install image

Follow the instructions on the screen bu just pressing enter and answering "YES" to all the question to use the default settings. Don't forget to enter a new password for login to replace the defaut password "vyos"

Once the installation completed, power off the VM, detach the iso image from the VM and power backup the VM and proceed to the configuration.


Setting IP addresses and description


set interfaces ethernet eth0 address
set interfaces ethernet eth0 description core_to_cr-gcsm


set interfaces ethernet eth1 address
set interfaces ethernet eth1 description private1-a-codfw


set interfaces ethernet eth2 address
set interfaces ethernet eth2 description private1-b-codfw


set interfaces ethernet eth3 address
set interfaces ethernet eth3 description private1-c-codfw


set interfaces ethernet eth4 address
set interfaces ethernet eth4 description private1-d-codfw


Note: if you do not "save", after a reboot all the configuration will go away.

check the configuration with "show interfaces"

vyos@vyos:~$ show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0                       u/u  core_to_cr-gcsm 
eth1                      u/u  private1-a-codfw 
eth2                      u/u  private1-b-codfw 
eth3                      u/u  private1-c-codfw 
eth4                      u/u  private1-d-codfw 
lo                            u/u  

Go back in configuration mode and change the router name from vyos to vrouter4001 ( you can call it anything)

set system host-name vrouter4001

Setting default gateway

If we do not define the default gateway, all the VM's will not be able to access the internet.

set protocols static route next-hop being the IP address of the our physical router connected to the Internet

Setting OSPF


  • On cr-gcsm

The configuration of OSFP on Cisco router is very simple just 2 commands

router ospf 1
network area 0
do wr
  • On vrouter4001

We are just going to do a minimum configuration needed for OSPF to work. Not worry about setting up lo interface or defining the router ID

set protocols ospf area 0 network
set protocols ospf area 0 network
set protocols ospf area 0 network
set protocols ospf area 0 network
set protocols ospf area 0 network

And that's all for setting the minimum configuration

vyos@vrouter4001:~$ show ip ospf neighbor 
Neighbor ID        Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL        1 Full/Backup       39.968s         eth0:       0     0     0
cr-gcsm#show ip ospf neighbor 
Neighbor ID     Pri   State           Dead Time   Address         Interface      1   FULL/DR         00:00:33     FastEthernet0/1

Setting DHCP relay


We have a DHCP server in vlan20 with IP address of For now servers in the other vlan's can not contact the DHCP server because there are on different vlan's.

For servers on the other vlan's to be able to contact the DHCP server, we will need to configure a DHCP relay on the router.

Here, we just need to configure DHCP relay on eth1,eth2,eth3 and eth4.

- Enable dhcp-relay on the 4 interfaces

set service dhcp-relay interface eth1 
set service dhcp-relay interface eth2 
set service dhcp-relay interface eth3 
set service dhcp-relay interface eth4

- Set the DHCP server IP address

 set service dhcp-relay server
 set service dhcp-relay relay-options relay-agents-packets discard 

After this is done, restart the relay-agent with

 restart dhcp relay-agent

Enable SSH on port 22 with SSH key

There are 3 steps on configuring SSH access to the vrouter: - Setup the SSH port - Setup the address to listen on - Upload your SSH-key

The command to setup the SSH port is:

set service ssh port 22

The command to setup the address to listen on is:

set service ssh listen-address <IPv4>

Since our vrouter has 4 ineterfaces, we are going to setup the listen-address on eth0 address (

set service ssh listen-address



Upload your ssh key

set system login user vyos authentication public-keys ppaul key "AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwku..."

The command above needs to be in 1 line

set system login user vyos authentication public-keys ppaul type ssh-rsa"

Note: do not copy the "ssh-rsa" at the beginning of your key or the comment at the end of your ssh key.