How can I enable promiscuous mode on an NSX-T Segment? "Mac Learning" is enabled, but the application which requires promiscuous mode doesn't work. I can set promiscuous mode with the command:
nsxdp-cli vswitch l2sec set
But this has to be done on each ESXi host in the cluster and I would like to avoid having to do that.
Thanks for your input, but this does not address the issue in my original post 🙂
Hello,
I encountered the same issue after a V2T migration.
To resolve the issue on the MAC, I created a specific MAC Discovery Profile with MAC Learning enabled and attached it on Mobility Master Segment.
Then I followed the recommendation of @AlexanderRies . I created a new service with a service entry with type = IP and Additional Properties = VRRP
I created a new rule with src/dst = Mobility Master group and the service previously created.
And it works. No more flapping.
Thanks @CyberNils to have create this topic and @AlexanderRies for your tips.
Thanks for the update and happy it works for you.
Not sure why it didn't work for my customer since they only had one DFW rule Any-Any-Allow.
It was on NSX-T 2.4 or 2.5, so could be something has changed in later versions.
I tried the rule Any-Any-Allow but it didn't work. the VRRP rule is mandatory.
You could also try to add Mobility Master VMs in exclusion list.