NSX-T Virtual Interface remains as effective group member after unselecting it
Article ID: 322579
Updated On:
Products
VMware NSX
Issue/Introduction
- You have NSX-T 3.1.2 deployed.
- When unselecting the VIF (Virtual Interface) from the group and it keeps as an effective member of the group.
- The unselected VIF will continue as an effective member of the group and therefore it will get the policies/rules applied for that group.
- Steps to reproduce:
- Unselecting the VIF: NSX UI > Inventory > Groups > Click on ellipsis for the group > Edit > Members > Members tab > Unselect the VIF.
- Apply and Save the group modifications.
- When selecting the "View Members" on the group edited above, it shows the unselected VIF is still a member of the group:
- If you then edit the group again, it shows the VIF as unselected.
- You can use the following NSX-T REST API to get all the groups, then identify the group in question:
GET /api/v1/ns-groups
- Then use the following API with the group ID found above to check it:
GET /api/v1/ns-groups/<group-id>
Note: The REST API shows the VIF we attempted to remove as still part of the group.
Environment
VMware NSX-T Data Center
Cause
The issue occurs when the realization of the group was not happening correctly, the VIF was removed from policy, but not from manager.
Resolution
This issue is resolved in VMware NSX Data Center 3.1.3, available at Broadcom downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.
Workaround
You can workaround this issue by using "Segment Ports" or "Virtual Machines" categories as group members instead of VIFs.
Additional Information
Feedback
Yes
No
Powered by
