Hi
Is it possible to apply a MAC address filter to a port group?
I'm trying to configure a specific set of known MAC addresses to be allowed to connect to specific port groups.
Thanks
MAC addresses from outside of the host on which the VMs reside, or of the VMs themselves?
What's your use case?
Moderator: Moved to vSphere Network Discussions
So I would like to limit which VMs on the same esxi can connect to the port group.
For example, there might be 20 VMs but I would only like 6 VMs with static MAC addresses be able to connect to "port-group-live".
I don't know of any feature like that (at least on vSphere)Thinking out loud, I would so something like this: 1. Define a set of permissions in which only admins that know what they are doing might be able to connect VMs to other networks.2. If this "port-group-live" is so critical, you can set the number of ports or vSwitch so I would set it as 6 https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.hostclient.doc/GUID-856BBFC0-31FB-4AC1-9E1D-48DBE468E95B.html3. Later, I would set Static Binding (in which the vNIC / vSwitch port binding can only change when the VM is deleted or removed)4. Last I would set permit mac address changes/ permit forged transmits and permit promiscuous mode all to deny. Please let me know if that works.
Hello
Thanks for the suggestion, but we aren't using distributed switches - not sure limiting the number of ports can be done on a standard switch?