Enabling the 'Promiscuous mode, MAC address change, Forged Transmits, MAC learning' on a VM.
search cancel

Enabling the 'Promiscuous mode, MAC address change, Forged Transmits, MAC learning' on a VM.

book

Article ID: 418915

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The articles list the steps to enable the Promiscuous mode, MAC address change, Forged Transmits, MAC learning' on a VM in NSX via CLI

Environment

VMware NSX

Resolution

Follow the below steps to enable/disable Promiscuous mode, MAC address change, Forged Transmits, MAC learning' on a VM in NSX via CLI

  • Find the VM ports ID by running the following command

    net-stats -l | grep -i <vm-name>

    Example:
    [root@esx-##-#:~] net-stats -l | grep -i vm-5
    671#####            5       9 DvsPortset-0     00:50:56:##:##:##  VM-5.eth0

    Where VM name is VM-5 and port ID is '671#####'

  • To check the current setting for the VM for the 'Promiscuous mode', 'MAC address changes', 'MAC Learning status' and 'Forged transmits'

    nsxdp-cli vswitch l2sec get  --dvs-alias "<switch-name>" | grep -i "port id obtained above"

    Example:
    nsxdp-cli vswitch l2sec get  --dvs-alias "<DVS_Name>" | grep -i "671#####"
    PortID: 671##### promiscuous: True   forged frames: True                        mac change: True

    Where "<DVS_Name>" is the DVS switch name and '671#####' is the portid for the VM.

    Note: The DVS name and the DVPORT ID ie UUID get be fetched from the below command

         esxcfg-vswitch -l

        Example:
       DVS Name         Num Ports   Used Ports  Configured Ports  MTU     Uplinks
      <DVS_Name>        2060        20          64                1700    vmnic1,vmnic0,vmnic2,vmnic3

      DVPort ID                                In Use      Client
         36                                      1          vmnic0
         37                                      1          vmnic1
         38                                      1          vmnic2
        39                                       1          vmnic3
       0a##a5##-a2##-4f##-##a6-#######           1          VM-5.eth0

  • To enable the options run the below command

       nsxdp-cli vswitch l2sec set  --dvs-alias "<switch-name>" --dvport <dvport uuid> --mac-change --forge-src --promisc

      Example for the same VM:

    nsxdp-cli vswitch l2sec set  --dvs-alias "<switch-name>" --dvport 0aa7a508-a26a-4f84-9aa6-c2a364###### --mac-change --forge-src --promisc

    Where 

    <DVS_Name>  is the switch name
   '0a##a5##-a2##-4f##-##a6-#######' is the dvport uuid.

  • To confirm the change, please run the command from step 2 again

        nsxdp-cli vswitch l2sec get  --dvs-alias "<switch-name>" | grep -i "port id obtained above"

Additional Information

Configuring promiscuous mode on a virtual switch or on specific port group

Powered by Wolken Software