VMware Networking Community
7stringwonder
Contributor
Contributor
‎07-28-2023 07:55 AM

Question about vCenter Distributed Switches/Distributed Port Groups

I would like to know if this setup will work correctly.

Current VMware setup is 3 Dell ESXi 7 U3n hosts in a cluster on vCenter 7.0.01600. 

I have a pfSense VM set up with a WAN on one distributed port group and the LAN on a different distributed port group. I have several Kali Linux VM's on the same port group as the LAN on the pfSense and DHCP set up so those machines will get an IP address. All of the machines can ping each other with no issue, and I can ping both the pfSense LAN and WAN gateways with no issue. I would like to be able to do a packet capture on the pfSense between all VM's so I have enabled Promiscuous mode, MAC address changes, and Forged transmits on the distributed port group (I read somewhere you need to do that for pfSense). What I'm finding is if the pfSense is on Host A and I ping Kali-A (on Host B) to Kali-B (on Host C) the pfSense only sniffs the host that it resides on and not all traffic across all hosts I thought it would do with promiscuous mode enabled, so it does not pick up the ICMP traffic from Kali-A to Kali-B. Is this setup correct or am I completely wrong?

Reply
0 Kudos
2 Replies
EvertAM
Enthusiast
Enthusiast
‎08-02-2023 07:25 AM

I might be mistaken but promiscuous mode will not copy traffic from other hosts at all promiscuous mode simply allows a machine to access all traffic on all NICs on a host. So the behaviour you're encountering seems normal. You probably want to look at Port Mirroring to achieve what you're looking for (https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-CFFD9157-FC17-4...)

Reply
7stringwonder
Contributor
Contributor
‎08-02-2023 08:14 AM

Yeah, I asked VMware themselves yesterday and that's basically what they said. The "boundary" for promiscuous mode is the host so you'd be able to see traffic on that host but not other hosts.

Reply