VMware Cloud Community
mpolok
Contributor
Contributor
‎01-04-2021 05:47 AM

Distributed Switch - Override port policies query

Hi Team,

We have some doubts regarding the Advanced - Override port policies configuration of the distributed port group. Our uplinks are configured with vlan type: VLAN trunking (range 0-4094). If we use separate vlan for each port group should the Override port policies : VLAN be set to allowed? If it setting is not "allowed" does it mean it will simply ignore the setting from first screen and use uplink configuration?

Second question is related with Security policies, for example Forget Transmit. If this policy differs on port group and dswitch and the Override port policies : Security is not set to allowed does it means it will use dswitch settings ?

2.PNG1.PNG

 

Thanks

0 Kudos
3 Replies
ashilkrishnan
VMware Employee
VMware Employee
‎01-04-2021 06:21 AM

Hi @mpolok ,

If you override the settings at the port level, yes it will override the policies inherited from the dvSwitch and use the one's configured at port level.

Following document should clear the doubts 

Applying Networking Policies on a vSwitch or dvSwitch 

Configuring VLAN tagging on DV port group or DV port 

Hope that helps

 

0 Kudos
mpolok
Contributor
Contributor
‎01-04-2021 06:46 AM

Sory still it is not clear. If I will set a VLAN ID in a distributed port group VLAN settings (like below) do i need to select the Override port policies: VLAN to allowed in advanced settings? or maybe that setting should be only used when I plan to have different settings on ports which belongs to a distributed port group ?!

2.PNG

Below i can see that VLAN ID is set to 3 on all Distributed ports of a distributed port group PRD_V0003

3.PNG

0 Kudos
QuickSave
Contributor
Contributor
‎04-29-2021 02:33 AM

Hello mpolok,

it is quite simple, i would say. But i had have the same question before about "Traffic Filterin and Marking".

All settings you set up at your distributed portgroup will be set for each port in it. The options at "Override port policies" allows you to change the settings for each port  at your distributed portgroup.

So if you set the option "VLAN" to allow, you grant the privilege to change the vlan-settings at each port separately.

At your Screenshot you can see the little left handed pen symbol, which allows you to change the settings of the selected port.

 

 

... or maybe that setting should be only used when I plan to have different settings on ports which belongs to a distributed port group ?!

 

long saying short: yes

 

kind regards