VMware Cloud Community
Islanders
Enthusiast
Enthusiast

About standard switch and port group in vSphere 6.7

I have a VM Palo Alto firewall and installed in the ESXi host and it connect to the standard virtual switch0.

I created two network cards in the VM firewall NIC1 and NIC2.

I created two port groups name Port Group 1 and Port Group 2 in a standard vswitch0.

Then I assign the VM firewall NIC1 to port group 1 and NIC2 to port group 2.

My questions is why there were two firewall mac address show up in the port group 1 and port group 2?

Shouldn't be NIC1 mac address only show up in the port group 1 not port group 2?

see attach photo for detail.

Reply
0 Kudos
6 Replies
scott28tt
VMware Employee
VMware Employee

A screenshot of the vSwitch and the port groups would help.

What do you mean by “show up”?


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
Islanders
Enthusiast
Enthusiast

Scott,

See the attachment.

I mean my one of my VM firewall network card is assign to vNIC1 port group which highlights in red rectangular.

Why the same mac address which belong to the firewall interface it also display in port group 2?

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee

And now a screenshot of the VM settings (including all network adapters) of PAN-VM-100 please.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
Islanders
Enthusiast
Enthusiast

Scott,

The following are my VM setting for VM firewall and standard's switch's port group.

The VM firewall function well.

I just curious about why those mac address display in other port group which I didn't assign for?

Thanks for your time

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee

All 3 port groups are using the same uplink port (vmnic0) and are in the same VLAN (0).

At the moment every NIC can see every other NIC from a layer 2 perspective.

I wonder if that is confusing the info displayed in the UI.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
Islanders
Enthusiast
Enthusiast

Scott,

Definition from vmware document.

Port groups aggregate multiple ports under a common configuration and provide a stable anchor point for virtual machines connecting to labeled networks. vSphere Standard Switch Network. Each port group is identified by a network label, which is unique to the current host.


I tested with my virtual router which have three interfaces and each interface assign to each port group. And router's interface mac address display correctly from the standard virtual switch. No vlan added just unique port group.

It might be my setting in Palo Alto VM firewall issue.

Thank you so much for you time and help.

Greatly appreciated

Reply
0 Kudos