The article lists the steps to enable the Promiscuous Mode, MAC Address Change, Forged Transmits, and MAC Learning on a VM in NSX via CLI.

VMware NSX

Follow the below steps to enable/disable the below parameters on a VM in NSX via CLI

• Promiscuous mode
• MAC address change
• Forged Transmits
• MAC learning

Find the VM port ID by running the following command

• Login to the ESXi host putty/ssh via root user.
  
  net-stats -l | grep -i <vm-name>
  
  Example:
  
  [root@esx-##-#:~] net-stats -l | grep -i vm-5
  
  671#####            5       9 DvsPortset-0     00:50:56:##:##:##  VM-5.eth0
  
  Where VM name is VM-5 and port ID is '671#####'

To check the current setting for the VM for the concerned parameters.

• From the ESXi host putty/ssh, run the below command

nsxdp-cli vswitch l2sec get  --dvs-alias "<switch-name>" | grep -i "port id obtained above"

Example:

nsxdp-cli vswitch l2sec get  --dvs-alias "<DVS_Name>" | grep -i "671#####"

PortID: 671##### promiscuous: True   forged frames: True                        mac change: True

Where "<DVS_Name>" is the DVS switch name and '671#####' is the portid for the VM.

Note: The DVS name and the DVPORT ID i.e., UUID can be fetched from the  command "esxcfg-vswitch -l" on the ESXi host. Note down the DVS switch name and the corresponding VM's UUID.

To enable the options run the below command on the ESXi host.

nsxdp-cli vswitch l2sec set  --dvs-alias "<switch-name>" --dvport <dvport uuid> --mac-change --forge-src --promisc

Example:-

nsxdp-cli vswitch l2sec set  --dvs-alias "<switch-name>" --dvport <######-#####-####-######> --mac-change --forge-src --promisc

Where , <DVS_Name>  is the switch name and  <######-####-####-######> is the dvport uuid of the VM.

• To confirm the change, please run the command below via ESXi host.
  
  nsxdp-cli vswitch l2sec get  --dvs-alias "<switch-name>" | grep -i "port id obtained above"

Configuring promiscuous mode on a virtual switch or on specific port group