Configuring the VLAN trunk range in the DVUplinks portgroup is not dropping packets at the uplink level.

The DVUplinks portgroup below is configured with a VLAN trunk range of 0-50 VLANs, intended to pass the traffic only within this range. However, you may observe traffic still passing on the uplinks/VMNICs outside of the configured range.

vSphere ESXi

The VLAN filtering depends on the physical adapter; if a physical network adapter does not support VLAN filtering, the packet might not be blocked or dropped in the uplink level.

VLAN filtering is not supported in EDP (Enhanced Data Path) mode and filtering VLANs in the Distributed Virtual Switch DVUplinks port group is not recommended.

The DVUplinks VLAN configuration feature is slated for removal in upcoming versions, so we strongly recommend configuring the required VLANs on the physical switch instead.

Unblocked VLAN packets that are outside the configured range in the DVUplinks portgroup may consume ESXi host CPU processing time.