CyberNils
Hot Shot
Hot Shot

Promiscuous mode on an NSX-T Segment

Jump to solution

How can I enable promiscuous mode on an NSX-T Segment? "Mac Learning" is enabled, but the application which requires promiscuous mode doesn't work. I can set promiscuous mode with the command:

nsxdp-cli vswitch l2sec set

But this has to be done on each ESXi host in the cluster and I would like to avoid having to do that.



Nils Kristiansen
https://cybernils.net/
23 Replies
CyberNils
Hot Shot
Hot Shot

Thanks for your input, but this does not address the issue in my original post 🙂

 

 

 



Nils Kristiansen
https://cybernils.net/
0 Kudos
GaelA
Contributor
Contributor

Hello,

I encountered the same issue after a V2T migration.

To resolve the issue on the MAC, I created a specific MAC Discovery Profile with MAC Learning enabled and attached it on Mobility Master Segment.

Then I followed the recommendation of @AlexanderRies . I created a new service with a service entry with type = IP and Additional Properties = VRRP

I created a new rule with src/dst = Mobility Master group and the service previously created.

And it works. No more flapping.

Thanks @CyberNils to have create this topic and @AlexanderRies for your tips.

0 Kudos
CyberNils
Hot Shot
Hot Shot

Thanks for the update and happy it works for you.

Not sure why it didn't work for my customer since they only had one DFW rule Any-Any-Allow.

It was on NSX-T 2.4 or 2.5, so could be something has changed in later versions.



Nils Kristiansen
https://cybernils.net/
0 Kudos
GaelA
Contributor
Contributor

I tried the rule Any-Any-Allow but it didn't work. the VRRP rule is mandatory.

You could also try to add Mobility Master VMs in exclusion list.

0 Kudos