Hello all,
I have NSX-T 3.2 installed, the ESXi cluster is enabled for Distributed Security and Overlay Networking, however the regular vDS portgroups are not discovered.
From the 3.2 Security Guide: "Starting NSX-3.2 release NSX supports vSphere Distributed Switch (VDS) 7.0 & 6.7 for security only usecase, where by user can define distributed security policies for workloads connected to Distributed Virtual Port-groups(DVPG)."
Does this mean that if the cluster configured for the overlay networking, the Distributed Security on the standard vDS portgroups is not available? The documentation wording is very confusing. Can someone please clarify?
Thanks!
You can't use both on the same VDS. Not sure where this is documented though, but saw it on an internal VMware presentation and also told by VMware.
I've had the same issue. There's a QuickStart wizard that you can use for security only use cases on a vDS (https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-E9FBE567-D136-41AF-B8D6-...). I've used that successfully. However it build all the profiles and such for me. If I want to do overlay also and build custom profiles, I can't get the vDS port groups to show up.
So nobody knows for sure if the Distributed Security on the vDS and overlay networking are mutually exclusive? Hello? VMware employees??
You can't use both on the same VDS. Not sure where this is documented though, but saw it on an internal VMware presentation and also told by VMware.
Thank you for confirming!
Not only you can't use on same vDS, the deployment mode are Security or Networking and Security, you can use only one of them, for Security only you can use vDS and PG to configure DFW rules, etc. For Net&Sec mode, you work as of today, only NSX-T segments can be used; it is documented on Reference Design Guide 3.2 v1.1.
Cheers