Trunking Isolated VLANs to ESXi + Proving They're Truly Sealed

I built two isolated networks last episode — a Dev VLAN and a Test VLAN, pure Layer 2 with no routing. But were they actually isolated, or just misconfigured? In this episode I trunk those VLANs from my Cisco 3850 to my ESXi host, drop a real VM into each, and then try to break out of the isolation — pinging across VLANs, reaching for production, and trying to hit the internet. Every one of those should fail. Let's prove it. This is a live homelab cluster — the same switch and hypervisor running my production Kubernetes. Zero downtime to production throughout. 🔧 What's covered 802.1Q trunking from a Cisco 3850 to ESXi Preserving the native VLAN to protect host management VST (Virtual Switch Tagging) port groups in vSphere Static IP config with no gateway (airtight L3 isolation) Proving isolation by contrast: what works vs what fails 🐧 Tech & Penguin — homelab, networking, Kubernetes, and hard-won lessons from breaking (and fixing) my own lab. #homelab #networking #vlan #vmware #esxi #cisco #vsphere #networksecurity #selfhosted #homelabsetup