Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch

kent_ridl — Fri, 07 May 2021 23:08:44 GMT

Hello! First time poster; nice to meet everyone!

I've attached a small generic diagram of my setup. A brief summary in words:

I am using Workstation Pro on my host for 3x VMs (Windows all around).
All 3x VMs are bridged and on vmnet0.
The host machine and a server are connected to a physical switch.
All machines - host, server, VMs - are IP'd in the same subnet.

I have an ACL on the switch port that the host is connected to (host port). Due to the Cisco IOS vintage, the ACL is "in" only on the host port. The switch port the server is connected to has no ACL. In short, I want to only allow pings from the VMs to the server (and vice versa) to test connectivity. I have a one-way UDP stream from the server that should get through to the VMs since that is "out" traffic on the host port; ACL shouldn't affect it. There is also VM-to-VM database communication (TCP and UDP, several ports).

The problem I am running into seems to be that the ACL is affecting the VM-to-VM communication. Is this what one should expect? The documentation diagrams that describe virtual bridged networking all show a virtual switch with multiple ports and describe connecting multiple VMs to the same virtual switch / vmnet, so I expected ordinary switch functionality in that case. I understand that the virtual switch is limited in functionality, but shouldn't it still contain all VM-to-VM communication such that the ACL would have no effect? Or do I have a fundamental misunderstanding about how the virtual switch works and VM-to-VM traffic really all travels out the host NIC, to the physical switch "in", "out" back through the physical switch, back through the host NIC, and then to the VMs?

Please let me know what your questions are... I'm sure I'm less than clear as a newbie on this forum. Thank you all in advance for the help!

Re: Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch

a_p_ — Sat, 08 May 2021 10:22:23 GMT

I rarely use "Bridged" connections, so please consider the following suggestions more as a guess.

Configure the bridged network (vmnet0) in the Virtual Network Editor with a dedicated NIC, rather then Automatic.
Modify the VMs' network settings, and try whether enabling/disabling “Replicate physical network connection state” on all VMs makes a difference.

André

Re: Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch

kent_ridl — Mon, 10 May 2021 13:07:16 GMT

Hi, André!

Each VM is already configured for a dedicated NIC, not Automatic. But we haven't tried the Replicate option yet... thank you for the suggestion.

topic Re: Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch in VMware Workstation Pro Discussions

Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch

Re: Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch

Re: Multiple bridged VMs on host - host and server on same VLAN - ACL on physical switch