VMware Cloud Community
WJCon
Enthusiast
Enthusiast
‎07-07-2021 08:24 AM
Jump to solution

NSX-T 3.1.2 Update Logical Switch update REQUIRE_OVERRIDE

I have a use case for a script to update Segment Profiles on a Segment - the use case is basically the Segments are spun out as Cloud Director networks, one of the vms in the vapp is a DHCP server and i need to change the Segment Security Profile to one which allows DHCP traffic

Thanks to Rudi there is a powercli script to do this (Change NSX-T Switch Profiles with PowerCLI | rudimartinsen.com)

The problem I have is when Cloud Director has the Segments created they are created with the Protection set to Require_Override in order for the script to work they need to be set to Not_Protected - see note at the bottom of Rudi's post

Is there a way through powercli to change this from Require_Override to Not_Protected

 

 

0 Kudos
23 Replies
Zsoldier
Expert
Expert
‎07-09-2021 10:37 AM
Jump to solution

I did this originally on 2.5.2, should still be the same w/ 3.1.2, but let me verify.  I could also have some logic problems as I really didn't run this code a whole lot.

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
Zsoldier
Expert
Expert
‎07-09-2021 11:31 AM
Jump to solution

I see the problem now.  Security Binding Map is not created by default, so we'll need to create one first which appears to happen in UI when you switch from one or the other.  The default is effectively 'blank' and inherits the system defaults.

I'll look into this later, but feel free to share if you figure out a way.

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
Zsoldier
Expert
Expert
‎07-09-2021 11:59 AM
Jump to solution

Fixed.  It'll create a binding map if none is found and apply the profiles you defined in your variables.

Powershell: Changing NSX-T Segment Profiles enmasse. (zsoldier.com)

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
WJCon
Enthusiast
Enthusiast
‎07-12-2021 02:08 AM
Jump to solution

Thanks so much for the help, I was really going down the wrong route before you directed me to the api method. I guess I need to start playing around with this and start getting use to it quickly seeing as we are migrating. Either-way I really appreciate the help and will definitely be keeping an eye on your blog.