VMware Cloud Community
aitayi
Contributor
Contributor
‎12-19-2010 11:36 PM
Jump to solution

How to set network security of "AllowPromiscuous","MacChanges" and "ForgedTransmits"

Hi

I searched a lot about to set network security of "AllowPromiscuous","MacChanges" and "ForgedTransmits",but this still a problem to me.

Can you help me?

Thanks in advance!

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎12-20-2010 12:11 AM
Jump to solution

Have a look at the thread called Script to Configure Security on vSwitch error, in there is a script to configure those settings for a vSwitch.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
3 Replies
LucD
Leadership
Leadership
‎12-20-2010 12:11 AM
Jump to solution

Have a look at the thread called Script to Configure Security on vSwitch error, in there is a script to configure those settings for a vSwitch.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
aitayi
Contributor
Contributor
‎12-20-2010 09:42 PM
Jump to solution

Sorry ,but I still have a problem with Set security for special port group...

I know below method :

-----------------------------------------------------------------------------------------------------------------

Foreach ($vh01 in (Get-View -ViewType HostSystem)){
    Write $vh01.Name
   $NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem
    Foreach ($pg in $NetworkSystem.Networkconfig.PortGroup){
            
            $pgspec=$pg.spec
            $pgspec.policy.security.allowPromiscuous=$false
            $pgspec.policy.security.forgedTransmits=$false
            $pgspec.policy.security.macChanges=$false
            $pgspec.policy.nicteaming.policy="loadbalance_srcid"
            $pgspec.policy.nicteaming.notifySwitches=$true
            $NetworkSystem.UpdatePortgroup($pgspec.name,$pgspec)
            }
       }
-----------------------------------------------------------------------------------------------------------------
But all the port group will be set to same security, if i want set the special port group,how should i do it?
Reply
0 Kudos
LucD
Leadership
Leadership
‎12-20-2010 11:23 PM
Jump to solution

You can test for a specific portgroup and only do the change for that portgroup.

Something like this

$tgtPG = "MyPG"

foreach ($vh01 in (Get-View -ViewType HostSystem)){
    Write $vh01.Name
    $NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem
    foreach ($pg in $NetworkSystem.Networkconfig.PortGroup){

        if($pg.Spec.Name -eq $tgtPG){
            $pgspec = $pg.spec
            $pgspec.policy.security.allowPromiscuous=$false
            $pgspec.policy.security.forgedTransmits=$false
            $pgspec.policy.security.macChanges=$false
            $pgspec.policy.nicteaming.policy="loadbalance_srcid"
            $pgspec.policy.nicteaming.notifySwitches=$true
            $NetworkSystem.UpdatePortgroup($pgspec.name,$pgspec)
        }
    }
}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply