VMware Cloud Community
waghekk
Contributor
Contributor
‎08-15-2008 04:20 AM
Jump to solution

help understanding VSwitch & PortGroup Properties

Hi Experts,

Quick question, i need some help in understanding the difference between Vswitch properties and portgroup properties.

Dont know how to put it, let me try.

On the VSwitch properties under ports you have first Vswitch then all the defined portgroups like Service Console and Vmotion in our case.

When i highlight VSwitch and click edit, i can change and specify the settings such security, fail over etc etc.

Now on portgroup sometimes when i click on edit and look at the properties in there sometims there are no ticks in there to say the security policy is enabled, its all grayed out until i put in a tick.

All i need to know does this mean it is taking the defaults of the VSwitch properties in that case???

Sometimes i have ticks in there which has settings exactly like VSwitch properties, so does this this mean its similar to not having any ticks in there hence taking the VSwitch defaults.

If i were doing scripting how do i disable the ticks in portgroups or enable them if i wanted to??

Thanks hope i explained well to understand my issue.

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 05:36 AM
Jump to solution

vmware-vim-cmd hostsvc/net/portgroup_unset removes everything exept for Linkstate Failover.. soo close.

(Funny that portgroup_unset is not listed as an option)

/Rubeck

View solution in original post

Reply
0 Kudos
12 Replies
jayolsen
Expert
Expert
‎08-15-2008 04:59 AM
Jump to solution

By default, port groups use the security, traffic shaping, and NIC teaming policies defined for their virtual switch. However, you can override these policies for individual port groups.

To override policies for a port group

  1. Log in to the VMware VI Client and select the host from the inventory panel.

  2. Click the Configuration tab and click Networking.

  3. On the right side of the screen, find the vSwitch to edit and click Properties for that vSwitch.

  4. Click the Ports tab.

  5. Select the port group and click Edit.

  6. Click the Security tab.

  7. Select the check box for the labeled network policy to override.

  8. Click the Traffic Shaping tab.

  9. Select the check box to override the enabled or disabled Status.

  10. Click the NIC Teaming tab.

  11. Select the associated check box to override the load balancing or failover order policies.

  12. Click OK.

Don't recall off the top of my head how or if you can disable or enable via CLI. Probably can though.

Reply
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 05:01 AM
Jump to solution

Hi..

If not setting anything on the port group properties it will inherit vSwitch properties... (regarding NIC teaming this can be overruled)

If clearing ticks, I think the easist way is to remove the portgroup and add it back.

(vmware-vim-cmd hostsvc/net/portgroup_remove and .portgroup_add)

When setting ticks the portgroup_set has some options (vmware-vim-cmd hostsvc/net/portgroup_set)

Options:

--securepolicy-promisc=bool

Allow promiscuous mode.

--securepolicy-macchange=bool

Allow MAC address to be changed.

--securepolicy-forgedxmit=bool

Allow forged transmits.

--shapingpolicy-enabled=bool

Enabled shaper.

--shapingpolicy-average-bandwidth=int

Average bandwidth.

--shapingpolicy-peak-bandwidth=int

Peak bandwidth.

--shapingpolicy-burst-size=int

Burst size.

--nicorderpolicy-active=vmnic_list

List of active NICs.

--nicorderpolicy-standby=vmnic_list

Order in which failover should occur.

--failurecriteria-check-speed=failurecriteria-check-speed

Detecting failover using link speed check

--failurecriteria-speed=int

The speed for link speed check method

--failurecriteria-check-duplex=bool

Detecting failover using link duplex check

--failurecriteria-duplex=bool

The duplexity for link duplex check method

--failurecriteria-check-error=bool

Detecting failover using link error percentage

--failurecriteria-error=int

The error percentage for link error percentage check method

--failurecriteria-check-beacon=bool

Detecting failover using the beacon

--nicteaming-policy=nicteaming-policy

Nic-Teaming policy.

--nicteaming-reverse-policy=bool

Apply the teaming policy to inbound frames as well.

--nicteaming-notify-switch=bool

Notify switches when detects a link failure.

--nicteaming-rollingorder=bool

Whether or not to use rolling failover.

--offloadcaps-csum-offload=bool

Checksum offload

--offloadcaps-tcp-segment=bool

TCP segment offload

--offloadcaps-zerocopy-xmit=bool

Scatter gather

--portgroup-vlanid=int

VLAN identifier.

--portgroup-name=string

New portgroup identifier.

/Rubeck

Reply
weinstein5
Immortal
Immortal
‎08-15-2008 05:03 AM
Jump to solution

The vSwitch properties set the default properties for the entire switch - with the port/port groups properties by default they match the vSwitch properties is how you can over ride the vSwitch properties - the ticks is what allows you to modify those - and if you have the tick and it is still the same as the vSwitch properties it will match the vSwitch properties- Hope this helps -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Reply
0 Kudos
waghekk
Contributor
Contributor
‎08-15-2008 05:08 AM
Jump to solution

Thanks for the answers, my issue is that, when am running the commands below for some reason all the options in the port group level seem to come ticked where as if i dont run the commands its fine. What i want to do is run this commands but at the same time i dont want any of the options ticked except for the failover as i setting active/standby Nics on port group basis which will need to override the default, Its the last four commands that changes all the settings for some reason where its all ticked and i want everything unticked. Is there something i can put in there to keep in unticked.

  1. Connect portgroups to vsw-cos

esxcfg-vswitch -A VMotion vSwitch0

mv /etc/vmware/esx.conf /tmp/esx.conf.bak

sed -e 's/net\/vswitch\/child[0000]\/teamPolicy\/maxActive = \".\"/net\/vswitch\/child[0000]\/teamPolicy\/maxActive = \"2\"/g' /tmp/esx.conf.bak >> /etc/vmware/esx.conf

vmware-vim-cmd internalsvc/refresh_network

service mgmt-vmware restart

sleep 120

service mgmt-vmware restart

sleep 50

service vmware-vmkauthd restart

sleep 5

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-active vmnic0 vSwitch0 VMotion

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-active vmnic2 vSwitch0 'Service Console'

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-standby vmnic2 vSwitch0 VMotion

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-standby vmnic0 vSwitch0 'Service Console'

Reply
0 Kudos
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 05:36 AM
Jump to solution

vmware-vim-cmd hostsvc/net/portgroup_unset removes everything exept for Linkstate Failover.. soo close.

(Funny that portgroup_unset is not listed as an option)

/Rubeck

Reply
0 Kudos
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 05:37 AM
Jump to solution

vmware-vim-cmd hostsvc/net/portgroup_unset removes everything exept for Linkstate Failover.. soo close.

(Funny that portgroup_unset is not listed as an option)

/Rubeck

Reply
0 Kudos
waghekk
Contributor
Contributor
‎08-15-2008 05:49 AM
Jump to solution

Hi Rubeck

Thanks for that.

So if i were to configure that for say port group vmotion how would i set it.

vmware-vim-cmd hostsvc/net/portgroup_unset VMotion

Also are you saying i run the commands like in my previous post i.e. set all the active standby Nics i need which causes everything to be ticked and den run the command you said??

Reply
0 Kudos
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 05:53 AM
Jump to solution

vmware-vim-cmd hostsvc/net/portgroup_unset VMotion

/Rubeck

Reply
0 Kudos
waghekk
Contributor
Contributor
‎08-15-2008 05:54 AM
Jump to solution

Ahhhh close........

Just did the command vmware-vim-cmd hostsvc/net/portgroup_unset vSwitch0 VMotion which was perfect but i lost the commands below all became inactive:

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-active vmnic0 vSwitch0 VMotion

vmware-vim-cmd hostsvc/net/portgroup_set --nicorderpolicy-standby vmnic2 vSwitch0 VMotion

Reply
0 Kudos
Rubeck
Virtuoso
Virtuoso
‎08-15-2008 06:03 AM
Jump to solution

%$$&# .. hmm.. Damn it. ... I wonder what other options are hidden as the unset was pure luck

/Rubeck...

Reply
0 Kudos
waghekk
Contributor
Contributor
‎08-15-2008 06:09 AM
Jump to solution

Thanks for helping, useful command to know. Got happy there thinking all sorted now but for some reason lost all settings. So am back to square one. Not sure why when am enabling active/standby i get everything ticked. The command you suggested is wat i want plus having the standby active command to work overiding the switch failover. Smiley Sad just last thing am stuck on

Reply
0 Kudos
waghekk
Contributor
Contributor
‎08-15-2008 10:57 AM
Jump to solution

anyone... any more advise?

Reply
0 Kudos