VMware Cloud Community
Dave_Mac
Contributor
Contributor
‎10-27-2010 08:53 AM
Jump to solution

Modifying existing PortGroup security policies

vSphere 4.0 U1

Can anyone point me to where I'm going wrong here, I'm trying to set specific PortGroup settings prior to configuring NLB:

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"

$vswitch = "vSwitch name"

$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem

foreach($pg in $ns.networkInfo.Portgroup){

if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){

$spec = $pg.spec}

$spec.policy.security.macChanges = $true

$spec.policy.NicTeaming.notifySwitches = $false

$ns.UpdatePortGroup($pgname,$spec)

}

The error I'm getting back is:

Property 'macChanges' cannot be found on this object

...

Property 'notifySwitches' cannot be found on this object

...

You cannot call a method on a null-valued expression

...

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎10-27-2010 09:16 AM
Jump to solution

I suspect that your portgroup didn't have a security policy yet.

That way the $pg.spec.policy.security will be $null.

You will have to allocate a HostNetworkSecurityPolicy yourself first.

Same for the NIC teaming.

Try something like this

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"
$vswitch = "vSwitch name"
$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem
foreach($pg in $ns.networkInfo.Portgroup){
if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){
  $spec = $pg.spec
  if($spec.policy.security -eq $null){
     $spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
  }
  $spec.policy.security.macChanges = $true

  if($spec.policy.NicTeaming -eq $null){
     $spec.policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
  }
  $spec.policy.NicTeaming.notifySwitches = $false

  $ns.UpdatePortGroup($pgname,$spec)
}

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
2 Replies
LucD
Leadership
Leadership
‎10-27-2010 09:16 AM
Jump to solution

I suspect that your portgroup didn't have a security policy yet.

That way the $pg.spec.policy.security will be $null.

You will have to allocate a HostNetworkSecurityPolicy yourself first.

Same for the NIC teaming.

Try something like this

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"
$vswitch = "vSwitch name"
$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem
foreach($pg in $ns.networkInfo.Portgroup){
if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){
  $spec = $pg.spec
  if($spec.policy.security -eq $null){
     $spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
  }
  $spec.policy.security.macChanges = $true

  if($spec.policy.NicTeaming -eq $null){
     $spec.policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
  }
  $spec.policy.NicTeaming.notifySwitches = $false

  $ns.UpdatePortGroup($pgname,$spec)
}

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Dave_Mac
Contributor
Contributor
‎10-28-2010 09:10 AM
Jump to solution

That was the baby Luc, cheers for your help.

Seems a natural assumption that a portgroup would inherit the policy of it's parent switch rather than requiring one to be defined. Who said IT was easy. 😄

Reply
0 Kudos