Re: use Get-VDPortgroup cmdlet in the VDS componen...

SCharchouf · ‎11-01-2020

Hello

I'm using the below script to get VDS Port Group it's working fine but I'm getting the warring message:

WARNING: The output of the command produced distributed virtual portgroup objects. This behavior is obsolete and may change in the future. To retrieve distributed portgroups, use Get-VDPortgroup cmdlet in the VDS component. To retrieve standard portgroups, use -Standard.

I would like to understand why I'm getting this warrning and how I car relidiate using the similar way used in my script?

Get-VMHost -PipelineVariable ESX | Get-VirtualPortGroup | Select-Object @{N='VMHost';E={$esx.Name}},VirtualSwitch,Name,VlanId | Out-String | ForEach-Object { $_.Trim() } > ".\VDSportGroup.txt"

#Verify if VlanID is set to 0 or 1, if so, then Check Get-VirtualPortGroup-Config.txt

$CheckVlanID = (Get-Content .\VDSportGroup.txt | Format-Table VlanId | findstr /v " _$Null VlanId ----- _$Null") | where-object {$_ -like '*0*' -like '*1*'} | ForEach-Object{$_.split(".")[0]}

function VDSPort{

if ($Null -eq $CheckVlanID) {

Write-Log -StartTab 1 -LinesBefore 1 -Level Success -Message "All Hosts have VlanID configured with value between 2 and 4094 " -FilePath $LogFile

}

else {

Write-Host -f red "Hosts with wrong VlanID detected"

Write-Log -StartTab 1 -LinesBefore 1 -Level Success -Message "Check Get-VirtualPortGroup-Config file for host(s) $CheckVlanID" -FilePath $LogFile

}

VDSPort

LucD · ‎11-01-2020

This is just a warning, and one that has been there for quite some time.

Replace the Get-VirtualPort with Get-VDPortGroup, just like the message says.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SCharchouf · ‎11-01-2020

Thanks LucD

I replaced the Get-VirtualPort with Get-VDPortGroup and I got the below message

Get-VDPortgroup : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.

LucD · ‎11-01-2020

You can't get VDS portgroups that way.

A VDS is connected to multiple ESXi nodes.

Also, since multiple VLAN configs are possible, you have to get the VLANIds differently.

For example like this

Get-VDSwitch -PipelineVariable dvSw |

ForEach-Object -Process {

Get-VDPortgroup -VDSwitch $dvSw |

Select @{N='VMHost';E={(Get-View -Id $_.ExtensionData.Host -Property Name).Name -join '|'}},

@{N="dvSw";E={$dvSw.Name}},Name,

@{N="VLanId";E={

if($_.ExtensionData.Config.DefaultPortConfig.Vlan -is [VMware.Vim.VmwareDistributedVirtualSwitchPvlanSpec]){

$_.ExtensionData.Config.DefaultPortConfig.Vlan.PvLanId

}

elseif($_.ExtensionData.Config.DefaultPortConfig.Vlan.VLanId -is [VMware.Vim.NumericRange[]]){

[string]::Join(',',($_.ExtensionData.Config.DefaultPortConfig.Vlan.VLanId | %{

[string]$_.Start + "-" + [string]$_.End

}))

}

else{

$_.ExtensionData.Config.DefaultPortConfig.Vlan.VLanId

}

}}

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SCharchouf · ‎11-01-2020

Thanks LucD, the idea is to ensure that the port group is not configured to use whatever value is set for the native VLAN.

for that Ineed first to check and List all VDS and their Security Settings & VLANIds

LucD · ‎11-01-2020

Now that you have the VLANid info, the 2nd part of your script (the check) should be nearly the same.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SCharchouf · ‎11-01-2020

Thanks LucD it's working, just one things,

I would like to compare the data using a variable which should be different to 0 and 1 because:

Reserved VLAN IDs:

VLAN ID 0 (zero) Disables VLAN tagging on port group (EST Mode)
VLAN ID 4095 Enables trunking on port group (VGT Mode)

Not able to do it :smileyblush:

should be something like this

if($vlan -eq '0' or -eq'1') do something

LucD · ‎11-01-2020

What VLANids do you get back?
Are there ranges in there?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

SCharchouf · ‎11-01-2020

As per vmware we shouldn't assign VLANids 0 or 1 except for network configuration for isolation and segmentation of virtual machine network traffic

I'm getting VLanId like this

0

0-4094

and other with unique number like 100 512 912....

SCharchouf · ‎11-01-2020

Basically I need to follow this recommendation from vSphere in order to be compliant

Three types of VLAN tagging exist in vSphere:

External Switch Tagging (EST)
Virtual Switch Tagging (VST) - The virtual switch tags with the configured VLAN ID the traffic that is incoming to the attached virtual machines and removes the VLAN tag from the traffic that is leaving them. To set up VST mode, assign a VLAN ID between 1 and 4095.
Virtual Guest Tagging (VGT) - Virtual machines handle VLAN traffic. To activate VGT mode, set the VLAN ID to 4095. On a distributed switch, you can also allow virtual machine traffic based on its VLAN by using the VLAN Trunking option.

so in that case I should compare to 0 and 1 I'm right?

LucD · ‎11-01-2020

When the portgroup has a single VLANid, you can test for 0 or 1.

When the portgroup has a range, you will have to test with the start and the end of the range.

You could do something along these lines

If($VlanID match "-"){

$lower, $upper = $VLANid.Split('-')

if($lower -lt 2){

$newLower = 2

}

else{

$newLower = $lower

}

if($upper -ge 4095){

$newUpper = 4094

}

else{

$newUpper = $upper

}

$newVLANid = "$(newLower)-$($newUpper)"

}

else{

if($VLANid -eq 0 -or $VLANId -eq 1){

$newVLANID = ?

}

else{

$newVLANID = $VLANid

}

$newVLANID

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference