VMware vSphere

 View Only

  • 1.  Force frame to leave ESXi server

    Posted Jul 18, 2018 04:36 PM

    vSphere 6.5

    I'm implementing mac based acl's on our physical switch to prevent traffic from vm to vm in the same vlan. The acl's don't seem to work and i think i found the culprit: the vm's are connected to the same vlan & vswitch. The ESXi hosts observes this, the frames never leave the host to physical switch and the vswitch takes care of the communication.....correct? If correct, is there any way to force the frames to leave the host and go to the physical switch?

    note: I don't have any free physical nics and although we're using a paid version (Essentials license), our license doesn't allow us to use distributed vSwitches.

    Thanks in advance.



  • 2.  RE: Force frame to leave ESXi server
    Best Answer

    Posted Jul 18, 2018 05:30 PM

    Correct, VM traffic that is on the same port group on the same host is "dark" to external infrastructure. I don't think there's a way to force this to egress the host to be switched and return. You're trying to implement poor-man's NSX here, because this is what NSX is exactly designed to do and does it extremely well.



  • 3.  RE: Force frame to leave ESXi server

    Posted Jul 20, 2018 09:59 AM

    Ok thanks :smileyhappy:. Wouldn't say poor-man's NSX, just a different approach.

    Switched strategy now: seperate vlan for every VM which allows me to do ip based ACL's.