Dave_Mac
Contributor
Contributor

Modifying existing PortGroup security policies

Jump to solution

vSphere 4.0 U1

Can anyone point me to where I'm going wrong here, I'm trying to set specific PortGroup settings prior to configuring NLB:

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"

$vswitch = "vSwitch name"

$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem

foreach($pg in $ns.networkInfo.Portgroup){

if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){

$spec = $pg.spec}

$spec.policy.security.macChanges = $true

$spec.policy.NicTeaming.notifySwitches = $false

$ns.UpdatePortGroup($pgname,$spec)

}

The error I'm getting back is:

Property 'macChanges' cannot be found on this object

...

Property 'notifySwitches' cannot be found on this object

...

You cannot call a method on a null-valued expression

...

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

I suspect that your portgroup didn't have a security policy yet.

That way the $pg.spec.policy.security will be $null.

You will have to allocate a HostNetworkSecurityPolicy yourself first.

Same for the NIC teaming.

Try something like this

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"
$vswitch = "vSwitch name"
$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem
foreach($pg in $ns.networkInfo.Portgroup){
if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){
  $spec = $pg.spec
  if($spec.policy.security -eq $null){
     $spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
  }
  $spec.policy.security.macChanges = $true

  if($spec.policy.NicTeaming -eq $null){
     $spec.policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
  }
  $spec.policy.NicTeaming.notifySwitches = $false

  $ns.UpdatePortGroup($pgname,$spec)
}

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
2 Replies
LucD
Leadership
Leadership

I suspect that your portgroup didn't have a security policy yet.

That way the $pg.spec.policy.security will be $null.

You will have to allocate a HostNetworkSecurityPolicy yourself first.

Same for the NIC teaming.

Try something like this

Connect-VIServer –Server <vCenter Server IP Address> –User <username> –Password <password>

$ESXihostname = "esxihostname"
$vswitch = "vSwitch name"
$pgname = "port group name"

$ns = $ESXihostname.configManager.networkSystem
foreach($pg in $ns.networkInfo.Portgroup){
if($pg.spec.vswitchName -eq $vswitch -and $pg.spec.Name -eq $pgname){
  $spec = $pg.spec
  if($spec.policy.security -eq $null){
     $spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
  }
  $spec.policy.security.macChanges = $true

  if($spec.policy.NicTeaming -eq $null){
     $spec.policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
  }
  $spec.policy.NicTeaming.notifySwitches = $false

  $ns.UpdatePortGroup($pgname,$spec)
}

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Dave_Mac
Contributor
Contributor

That was the baby Luc, cheers for your help.

Seems a natural assumption that a portgroup would inherit the policy of it's parent switch rather than requiring one to be defined. Who said IT was easy. 😄

0 Kudos