VMware Networking Community
Dr_Virt
Hot Shot
Hot Shot
‎09-20-2019 10:55 AM

Spoofguard blocking issue

Experiencing issues when spoofguard is enabled within NSX as it is retaining registrations which are old/retired. We often have multiple instances of VMs which are cycled on and off in order to do testing. If we disable spoofguard then it works fine.

Is there some way to get spoofguard to only pay attention to powered on VMs?

Reply
0 Kudos
1 Reply
Nick_Andreev
Expert
Expert
‎10-01-2019 06:49 PM

Hi @Dr.Virt,

If you're using the default SpoofGuard policy, it will automatically approve the first IP that the VM boots up with. It's called Trust on First Use. Then if VM changes its IP address or MAC, SpoofGuard will detect that and block the VM. That's the idea behind SpoofGuard, to prevent IP/MAC spoofing.

That said, what is the exact issue you're experiencing? If you delete a VM, SpoofGuard automatically clears it from its configuration. And if you then create a new VM, even with the same name, SpoofGuard will treat it as a new VM. So it shouldn't retain any old registrations.

---
If you found my answers helpful please consider marking them as helpful or correct.
VCIX-DCV, VCIX-NV, VCAP-CMA | vExpert '16, '17, '18
Blog: http://niktips.wordpress.com | Twitter: @nick_andreev_au
Reply
0 Kudos