Hi Team,
We have some doubts regarding the Advanced - Override port policies configuration of the distributed port group. Our uplinks are configured with vlan type: VLAN trunking (range 0-4094). If we use separate vlan for each port group should the Override port policies : VLAN be set to allowed? If it setting is not "allowed" does it mean it will simply ignore the setting from first screen and use uplink configuration?
Second question is related with Security policies, for example Forget Transmit. If this policy differs on port group and dswitch and the Override port policies : Security is not set to allowed does it means it will use dswitch settings ?
Thanks
Hi @mpolok ,
If you override the settings at the port level, yes it will override the policies inherited from the dvSwitch and use the one's configured at port level.
Following document should clear the doubts
Applying Networking Policies on a vSwitch or dvSwitch
Configuring VLAN tagging on DV port group or DV port
Hope that helps
Sory still it is not clear. If I will set a VLAN ID in a distributed port group VLAN settings (like below) do i need to select the Override port policies: VLAN to allowed in advanced settings? or maybe that setting should be only used when I plan to have different settings on ports which belongs to a distributed port group ?!
Below i can see that VLAN ID is set to 3 on all Distributed ports of a distributed port group PRD_V0003
Hello mpolok,
it is quite simple, i would say. But i had have the same question before about "Traffic Filterin and Marking".
All settings you set up at your distributed portgroup will be set for each port in it. The options at "Override port policies" allows you to change the settings for each port at your distributed portgroup.
So if you set the option "VLAN" to allow, you grant the privilege to change the vlan-settings at each port separately.
At your Screenshot you can see the little left handed pen symbol, which allows you to change the settings of the selected port.
... or maybe that setting should be only used when I plan to have different settings on ports which belongs to a distributed port group ?!
long saying short: yes
kind regards