For some reason this is only working on port groups on vswitch0.
Foreach ($vh01 in (Get-View -ViewType HostSystem -Filter @{"Name" = "esx1.domain.com"})){
$NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem
Foreach ($pg in $NetworkSystem.Networkconfig.PortGroup){
If($pg.spec.Name -like "VM*"){
Write $pg.spec.Name
$pg.spec.policy.security.allowPromiscuous=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec)
}
}
}
The rest get this error:
Property 'allowPromiscuous' cannot be found on this object; make sure it exists
and is settable.
At H:\Scripts\pg-security-test1.ps1:44 char:37
+ $pgspec.policy.security. <<<< allowPromiscuous=$true
+ CategoryInfo : InvalidOperation: (allowPromiscuous:String) [],
RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound
Try this.
The script check the conditions when the Security is $null and in that case it will create the object instead of using the copy from the portgroup.
foreach ($vh01 in (Get-View -ViewType HostSystem -Filter @{"Name" = "esx1.domain.com"})){ $NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem foreach ($pg in $vh01.Config.Network.Portgroup){ if($pg.spec.Name -like "VM*"){ if($pg.ComputedPolicy.NicTeaming -and
($pg.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -or
$pg.ComputedPolicy.NicTeaming.NicOrder.StandbyNic)){ Write $pg.spec.Name $pg.spec.policy.security.allowPromiscuous=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec) } else{ Write $pg.spec.Name $pg.spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
$pg.spec.policy.security.allowPromiscuous=$true
$pg.spec.policy.security.forgedtransmits=$true
$pg.spec.policy.security.MacCHanges=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec) } } } }
Note that the other 2 security properties are also set in case the object is created from scratch.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
In the error message is says "$pgspec.policy.security" instead of "$pg.spec.policy.security".
Is the dot after $pg really missing or is that a copy/paste problem ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It is just a copy/paste problem.
Property 'allowPromiscuous' cannot be found on this object; make sure it exists
and is settable.
At H:\Scripts\pg-security-test2.ps1:9 char:34
+ $pg.spec.policy.security. <<<< allowPromiscuous=$true
+ CategoryInfo : InvalidOperation: (allowPromiscuous:String) [],
RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound
I get the same error message when I run the script against a portgroup that has no NICs assigned.
With the following adaption you can avoid this situation
foreach ($vh01 in (Get-View -ViewType HostSystem -Filter @{"Name" = "esx1.domain.com"})){
$NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem
foreach ($pg in $NetworkSystem.Networkconfig.PortGroup){
if($pg.spec.policy.NicTeaming -and
($pg.spec.policy.NicTeaming.NicOrder.ActiveNic -or
$pg.spec.policy.NicTeaming.NicOrder.StandbyNic) -and
$pg.spec.Name -like "VM*"){
Write $pg.spec.Name
$pg.spec.policy.security.allowPromiscuous=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec)
}
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD but some of my vswitches/port groups don't have an associated nic. However, this isn't matching anything even the ones that do.
Apparently the properties I'm testing against are only filled in in the ComputedPolicy property.
Try this variant on the script.
foreach ($vh01 in (Get-View -ViewType HostSystem -Filter @{"Name" = "esx1.domain.com"})){ $NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem foreach ($pg in $vh01.Config.Network.Portgroup){ if($pg.ComputedPolicy.NicTeaming -and ($pg.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -or
$pg.ComputedPolicy.NicTeaming.NicOrder.StandbyNic) -and
$pg.spec.Name -like "VM*"){ Write $pg.spec.Name $pg.spec.policy.security.allowPromiscuous=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec) } } }
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That works on the ones that have nics associated with them but not the ones that don't.
That is exactly what the script is supposed to do.
If there are no NICs, the Security property in the HostPortgroupSpec object is $null and the script is not able to change the setting.
You can of course create theHostPortgroupSpec or HostNetworkSecurityPolicy object from scratch (with New-Object cmdlet).
And then call the UpdatePortgroup method with the object you created and populated.
Let me know if you need any assistance with that.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
My skills are limited and I'll look up how to do this but if you could throw me a bone it would be much appreciated.
Try this.
The script check the conditions when the Security is $null and in that case it will create the object instead of using the copy from the portgroup.
foreach ($vh01 in (Get-View -ViewType HostSystem -Filter @{"Name" = "esx1.domain.com"})){ $NetworkSystem = Get-View $vh01.ConfigManager.NetworkSystem foreach ($pg in $vh01.Config.Network.Portgroup){ if($pg.spec.Name -like "VM*"){ if($pg.ComputedPolicy.NicTeaming -and
($pg.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -or
$pg.ComputedPolicy.NicTeaming.NicOrder.StandbyNic)){ Write $pg.spec.Name $pg.spec.policy.security.allowPromiscuous=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec) } else{ Write $pg.spec.Name $pg.spec.policy.security = New-Object VMware.Vim.HostNetworkSecurityPolicy
$pg.spec.policy.security.allowPromiscuous=$true
$pg.spec.policy.security.forgedtransmits=$true
$pg.spec.policy.security.MacCHanges=$true
$NetworkSystem.UpdatePortgroup($pg.spec.name,$pg.spec) } } } }
Note that the other 2 security properties are also set in case the object is created from scratch.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That's it. Thank you!