Solved: Force frame to leave ESXi server

mqzd23 · ‎07-18-2018

vSphere 6.5

I'm implementing mac based acl's on our physical switch to prevent traffic from vm to vm in the same vlan. The acl's don't seem to work and i think i found the culprit: the vm's are connected to the same vlan & vswitch. The ESXi hosts observes this, the frames never leave the host to physical switch and the vswitch takes care of the communication.....correct? If correct, is there any way to force the frames to leave the host and go to the physical switch?

note: I don't have any free physical nics and although we're using a paid version (Essentials license), our license doesn't allow us to use distributed vSwitches.

Thanks in advance.

daphnissov · ‎07-18-2018

Correct, VM traffic that is on the same port group on the same host is "dark" to external infrastructure. I don't think there's a way to force this to egress the host to be switched and return. You're trying to implement poor-man's NSX here, because this is what NSX is exactly designed to do and does it extremely well.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

daphnissov · ‎07-18-2018

Correct, VM traffic that is on the same port group on the same host is "dark" to external infrastructure. I don't think there's a way to force this to egress the host to be switched and return. You're trying to implement poor-man's NSX here, because this is what NSX is exactly designed to do and does it extremely well.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

mqzd23 · ‎07-20-2018

Ok thanks . Wouldn't say poor-man's NSX, just a different approach.

Switched strategy now: seperate vlan for every VM which allows me to do ip based ACL's.

All

Force frame to leave ESXi server