Hello! First time poster; nice to meet everyone!
I've attached a small generic diagram of my setup. A brief summary in words:
- I am using Workstation Pro on my host for 3x VMs (Windows all around).
- All 3x VMs are bridged and on vmnet0.
- The host machine and a server are connected to a physical switch.
- All machines - host, server, VMs - are IP'd in the same subnet.
I have an ACL on the switch port that the host is connected to (host port). Due to the Cisco IOS vintage, the ACL is "in" only on the host port. The switch port the server is connected to has no ACL. In short, I want to only allow pings from the VMs to the server (and vice versa) to test connectivity. I have a one-way UDP stream from the server that should get through to the VMs since that is "out" traffic on the host port; ACL shouldn't affect it. There is also VM-to-VM database communication (TCP and UDP, several ports).
The problem I am running into seems to be that the ACL is affecting the VM-to-VM communication. Is this what one should expect? The documentation diagrams that describe virtual bridged networking all show a virtual switch with multiple ports and describe connecting multiple VMs to the same virtual switch / vmnet, so I expected ordinary switch functionality in that case. I understand that the virtual switch is limited in functionality, but shouldn't it still contain all VM-to-VM communication such that the ACL would have no effect? Or do I have a fundamental misunderstanding about how the virtual switch works and VM-to-VM traffic really all travels out the host NIC, to the physical switch "in", "out" back through the physical switch, back through the host NIC, and then to the VMs?
Please let me know what your questions are... I'm sure I'm less than clear as a newbie on this forum. 🙂 Thank you all in advance for the help!
