ESXi hosts in NSX environments are generating large numbers of error events in the /var/log/vmkernel.log files and vRealize Operations logs.

The recurring error messages follow this pattern:

VSwitch_MACEntryAdd:1980: [nsx@6876 comp="nsx-esx" subcomp="vswitch"]MAC: ##:##:##:##:##:## portID 0x0, vid 0, vni #####, of vswitch [TRANSPORT-ZONE-NAME] not configured due to VLAN/VNI conflict with the port

The error messages appear frequently but do not cause any obvious functional issues in the environment. These logs appear primarily in the ESXi vmkernel.log and vRealize Operations Log.

Steps to validate:

1. Check ESXi vmkernel.log files for entries containing "VLAN/VNI conflict with the port"
2. Verify if your environment uses Link Aggregation Groups (LAGs) with MAC learning enabled
3. Confirm if these messages began appearing after upgrading to NSX 4.1.2.4 or similar version

• VMware NSX 4.1.2.4
• VMware vSphere ESXi hosts
• Networks configured with Link Aggregation Groups (LAGs) in the teaming policy
• MAC learning and Unknown Unicast Flooding enabled on segments

The issue occurs in environments where Link Aggregation Groups (LAGs) are used with MAC learning enabled on NSX segments. The specific scenario is:

1. In an L3 topology, when two VMs on different VNIs on different hosts communicate through a VDR (Virtual Distributed Router) instance
2. The VDR sends an ARP request to resolve the MAC address of the destination VM
3. This ARP request is suppressed by VDL2 (ARP suppression) when it gets information from the controller
4. When this happens, VDL2 attempts to program MAC entries into the vswitch MAC table
5. Due to a code limitation, the MAC entry programming fails for the LAG port with the "VLAN/VNI conflict with the port" error message

This issue was introduced in a code change to NSX and occurs specifically when LAG ports are used together with MAC learning during ARP suppression.

The issue is fixed in NSX 4.2.3. The following workarounds can also be considered:

Workaround 1: Disable MAC learning on affected segments

Note: This might not be feasible in environments with many segments (100+) using MAC learning.

Workaround 2: Use individual standalone uplinks instead of LAGs in the teaming policy

Note: These error messages, while numerous, are typically cosmetic and do not cause functional issues in the NSX environment. They primarily affect logging and may cause log volume concerns in some environments.

If error messages persist after applying these workarounds or if you experience actual network connectivity issues, contact Broadcom Support for further assistance.

Please provide the following information when opening a support request with Broadcom for this issue:

• NSX Support Bundle with NSX Manager logs
• ESXi vmkernel.log files showing the errors
• VDS/N-VDS configuration details
• Network segment configuration, especially teaming policy settings

When using the nsxdp-cli vswitch instance list command, you can identify if your environment is using LAG ports by checking for entries with "LAG" in the Uplink column, similar to:

Client                         PortID          DVPortID                             MAC                  Uplink          VID              VNI
Management                     #########                                            ##:##:##:##:##:##    n/a             N/A              N/A
LAG                            #########                                            ##:##:##:##:##:##    n/a 
vmnic0                         ##########      ########                             ##:##:##:##:##:##                    0-4094 N/A

This command can help identify the LAG ports that may be related to the error messages.