This article describes how to enable MACVLAN in vSphere Client.

When using MACVLAN adapters within a Virtual Machine (VM) guest operating system, network traffic between VMs or to the external network may be dropped. This occurs because MACVLAN creates sub-interfaces with their own unique MAC addresses that differ from the VM's primary virtual NIC hardware address. By default, vSphere standard switches (VSS) and distributed switches (VDS) security policies prevent traffic from addresses not associated with the specific vNIC.

To enable MACVLAN traffic, you must adjust the security settings on the Port Group or vSwitch where the VMs are connected. Follow these steps:

1. Log in to the vSphere Client.
2. Navigate to the Networking tab
   
   
   
   
3. Select the relevant Port Group or vSwitch.
4. Right Click and choose Edit Settings (or go to the Actions menu and choose Edit Settings).
5. Navigate to Security and set the following policies to Enabled and/or Accept:
   
   
   • Promiscuous Mode: Reject
   • MAC Address Changes: Reject
   • Forged Transmits: Accept
   • MAC Learning Status: Enabled
     
     Example:
     
     
     
     Below is an alternative configuration that will work but with Promiscuous Mode packets will be sent to all ports and generate unnecessary traffic.
     
     
   • Promiscuous Mode: Accept
   • MAC Address Changes: Reject
   • Forged Transmits: Accept
   • MAC Learning Status: Disabled
     
     Example:
     
     
     
     
6. Ensure that the physical switch ports and the Port Group are configured for Trunk Mode or permitted for the specific VLANs used by the MACVLAN interfaces.
7. Click OK to save the changes.