It is possible to track down a Guest VM DVPortID, from the CLI of an ESXi host that is being reported as impacted, using this command:
net-swsec --host-notifications -o getVMsExample 1:
[root@vm:~] net-swsec --host-notifications -o getVMs
Affected DVPortIDs :
74
Track down the Guest VM connected to DVPortID 74, and determine if the DHCP DoS alert is valid.
Example 2:
[root@vm:~] net-swsec --host-notifications -o getVMs
Affected DVPortIDs :
No VMs under attack.
There are currently no Guest VMs on this ESXi host being reported as under a DHCP DoS attack.
Impact/Risks:
These are warning messages only, and have no operational impact on the your environment.
Collect a list of ESXi hosts and MAC addresses that are being reported, and confirm that they are valid Guest VM MACs or valid MACs allocated to an NSX Edge Services Gateway NIC.