I'm looking to disable mac address changes and forged transmits on all of my ports groups. I have several virtual machines that require static mac addresses for licensing purposes (the application licesne is tied to the mac address). The applications don't acutally need to change there mac addresses to function after initial configuration of the virtual machine. I presume that I can go ahead and set mac address changes and forged transmits to reject correct? This is for an application like BMC Remedy and BMC Configuration Management (marimba).
Also, we have some Cisco stuff that when you upload the templates it appears to set static macs for the machines. It's CUPS, Unity Connection, Unified Communications Manager. Is anybody familiar enough with knowing whether mac address changes and forged transmits can be disabled at the port group level for these applications?
Hello,
If the Guest OS is NOT changing its Mac then you can make these recommended changes. If the MAC is set outside the range of VMware MAC addresses from within the VM then you cannot set the MAC address change restrictiion.
It is a simple test however, and I would start there and determine if there are any issue within a test environment.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011, 2012
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
vSphere Upgrade Saga -- Virtualization Security Round Table Podcast
I have a doubt, I have faced some issues with MAC address enabled when vm got restarted the mac addresses got changed and i had to manually change the mac address of the esx host looking in the vmx file. I still not sure is it because of the option selected. Could you please clarify my concern also. Thanks.
Hello,
When you change the MAC address within the .vmx file (which requires a reboot of the VM) you can only change it to one that is in the range supported by the VMware product. To change to one OUTSIDE this range you have to change it from within the VM.
Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011, 2012
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
vSphere Upgrade Saga -- Virtualization Security Round Table Podcast -- The Virtualization Practice