The VDS becomes non-functional after applying the Ansible/SDK configuration.
search cancel

The VDS becomes non-functional after applying the Ansible/SDK configuration.

book

Article ID: 404453

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0 VMware vSphere ESX 7.x

Issue/Introduction

  • Ansible/SDK configuration was applied to the VDS.
  • The output of 'net-dvs -l' shows that the uplink port had 'Forged Transmits' set to 'Deny'.

    port X:
          com.vmware.common.port.alias = uplinkX ,        propType = CONFIG
          com.vmware.common.port.connectid = XXXX,         propType = CONFIG
          com.vmware.common.port.volatile.status = inUse linkUp portID=XXXX propType = RUNTIME
          com.vmware.common.port.portgroupid = dvportgroup-XX ,   propType = CONFIG
          com.vmware.common.port.block = false ,  propType = CONFIG
          com.vmware.common.port.dvfilter = filters (num = 0):
                  propType = CONFIG
          com.vmware.vswitch.port.teaming.policy:
                  load balancing = source virtual port id
                  link selection = link state up;
                  link behavior = notify switch; best effort on failure; shotgun on failure;
                  active =
                  standby =
                  propType = CONFIG
          com.vmware.vswitch.port.security = deny promiscuous; deny mac change; deny forged frames

Environment

VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x

Cause

By design that the uplink port on a VDS should allow forged transmits, as the MAC address of the physical NIC (vmnic) differs from the MAC address assigned to VMkernel interfaces or virtual machines. Refer document for details Forged Transmits

Resolution

Use PowerCLI to set the uplink port's 'Forged Transmits' policy to 'Allow'. Refer document for details Set-VDSecurityPolicy

Powered by Wolken Software