Highlighted
Contributor
Contributor

Disabling Forged Transmit on DVUplinks causes networking drop out

Jump to solution

I have been working through the vSphere hardening guide in vROps 6.6

I have disabled forged transmits on the Standard vSwitches and the DVSwitch port groups with out any issue.

Using PowerCLI I ran

get-vdportgroup | get-vdsecuritypolicy

and found that all the DVSwitch Uplinks where set to ForgedTransmitsAllowed = $true whilst all the port groups were set to $False

This was showing as a compliance alert in vROps

So I ran the following PowerCLI to disable the DVSwitch Uplinks

get-vdportgroup | get-vdsecuritypolicy |set-vdsecuritypolicy -forgedtransmits $false

At this point every VM lost network connectivity, and continued to have intermittent connectivity until the setting was reverted.

Is this expected behaviour?

It feels like its either my lack of understanding of the setting or a bug that I have stumbled across.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Expert
Expert

If the "Forged Transmits" policy is set to accept for a non-uplink port, this is a finding.

it seems vROPS doesn't differentiate between the non-uplink and uplink ports when it comes to this settings..

so I suggest dont change it.

Inaccurate compliance results for distributed switch uplink port groups?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/

View solution in original post

0 Kudos
1 Reply
Highlighted
Expert
Expert

If the "Forged Transmits" policy is set to accept for a non-uplink port, this is a finding.

it seems vROPS doesn't differentiate between the non-uplink and uplink ports when it comes to this settings..

so I suggest dont change it.

Inaccurate compliance results for distributed switch uplink port groups?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/

View solution in original post

0 Kudos