Luc,

Thanks yet again. It worked perfectly and now knowing that Extensiondata exists makes understanding how to retrieve things I find in the MOB a lot easier.

Thanks

Is there a way of querying Distributed Virtual Switches and their portgroups for the same information?

foreach($vSwitch in $VMHost.ExtensionData.Config.Network.Vswitch) only returns standard switches, I was able to get all switches with foreach($vSwitch in $VMHost | Get-VirtualSwitches)and was then able to query the settings of the standard switches by looking at the properties in $vSwitch.ExtensionData.Spec.Policy.Security but Distributed Virtual Switch objects don't seem to have the same property collections.

The distributed vSwitch and portgroup are configured a bit different from the old ones.

You can in fact configure these settings for each port individually.

For the dvSwitch and the dvPortgroup you can report on the default settings that are used when the port has no individual settings.

Get-VirtualSwitch -Distributed | %{
    Write-Host $_.Name
    Write-Host "`tPromiscuous mode:" $_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
    Write-Host "`tForged transmits:" $_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
    Write-Host "`tMAC Changes:" $_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
    foreach($portgroup in (Get-VirtualPortGroup -Distributed -VirtualSwitch $_)){
        Write-Host "`n`t" $portgroup.Name
        Write-Host "`t`tPromiscuous mode:" $portgroup.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
        Write-Host "`t`tForged transmits:" $portgroup.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
        Write-Host "`t`tMAC Changes:" $portgroup.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
    }
}

That worked great. Thanks very much

Hi Luc,

I am looking for a smiliar report but I want to have the host name and the report to be placed in CSV format. Is that possible?

Try something like this

&{foreach($dvSw in (Get-VirtualSwitch -Distributed)){
  Get-VirtualPortGroup -Distributed -VirtualSwitch $dvSW |
  Select @{N="dvSwitch";E={$dvSw.Name}},
  @{N="Promiscuous mode";E={$dvSw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value}},
  @{N="Forged transmits";E={$dvSw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value}},
  @{N="MAC Changes";E={$dvSw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value}},
  @{N="Portgroup";E={$_.Name}},
  @{N="Portgroup Promiscuous mode";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value}},
  @{N="Portgroup Forged transmits";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value}},
  @{N="Portgroup MAC Changes";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value}}
}} | Export-Csv C:\report.csv -NoTypeInformation -UseCulture 

Not sure what you mean by host though. A dvSwitch is defined across several hosts.

Do you want for each dvSwitch all the hosts that are connected to it ?

Sorry i have should have mentioned it before.. I am running a standard switch , so want to include the host name in the report

Try this

&{foreach($sw in (Get-VirtualSwitch -Standard)){
  Get-VirtualPortGroup -VirtualSwitch $sw |
  Select @{N="Host";E={$sw.VMHost.Name}},
  @{N="Switch";E={$sw.Name}},
  @{N="Promiscuous mode";E={$sw.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},
  @{N="Forged transmits";E={$sw.Extensiondata.Spec.Policy.Security.ForgedTransmits}},
  @{N="MAC Changes";E={$sw.Extensiondata.Spec.Policy.Security.MacChanges}},
  @{N="Portgroup";E={$_.Name}},
  @{N="Portgroup Promiscuous mode";E={$_.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},
  @{N="Portgroup Forged transmits";E={$_..Extensiondata.Spec.Policy.Security.ForgedTransmits}},
  @{N="Portgroup MAC Changes";E={$_.Extensiondata.Spec.Policy.Security.MacChanges}}
}} | Export-Csv C:\report.csv -NoTypeInformation -UseCulture 

Thanks Luc!!

Is there an easy way to set the security settings via PowerCLI?  For the sVS and dVS.

In the dvSwitch module that comes with the PowerCLI Reference book there is a function called Set-DistributedSwitchPortGroup, that does all this.

HI LUC,

        please check attached screen shot which i am getting empty values. script to get security settings of standard switch.

&{foreach($sw in (Get-VirtualSwitch -Standard)){

  Get-VirtualPortGroup -VirtualSwitch $sw |

  Select @{N="Host";E={$sw.VMHost.Name}},

  @{N="Switch";E={$sw.Name}},

  @{N="Promiscuous mode";E={$sw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value}},

  @{N="Forged transmits";E={$sw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value}},

  @{N="MAC Changes";E={$sw.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value}},

  @{N="Portgroup";E={$_.Name}},

  @{N="Portgroup Promiscuous mode";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value}},

  @{N="Portgroup Forged transmits";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value}},

  @{N="Portgroup MAC Changes";E={$_.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value}}

}} | Export-Csv C:\Users\ljonnala\Desktop\powercli\hostconfig\VSwitchSecurity.csv -NoTypeInformation -UseCulture

please help me to export the standard switch security settings to .csv.file

Since you are going for VSS, and not VDS, you will have fetch a Boolean, not a BoolPolicy

Use the script I posted earlier for "Standard" switches (hint: the property doesn't have Value at the end)

please check the attached error screen shot which getting with below script.

&{foreach($sw in (Get-VirtualSwitch -Standard)){
  Get-VirtualPortGroup -VirtualSwitch $sw |
  Select @{N="Host";E={$sw.VMHost.Name}},
  @{N="Switch";E={$sw.Name}},
  @{N="Promiscuous mode";E={$sw.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},
  @{N="Forged transmits";E={$sw.Extensiondata.Spec.Policy.Security.ForgedTransmits}},
  @{N="MAC Changes";E={$sw.Extensiondata.Spec.Policy.Security.MacChanges}},
  @{N="Portgroup";E={$_.Name}},
  @{N="Portgroup Promiscuous mode";E={$_.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},
  @{N="Portgroup Forged transmits";E={$_..Extensiondata.Spec.Policy.Security.ForgedTransmits}},
  @{N="Portgroup MAC Changes";E={$_.Extensiondata.Spec.Policy.Security.MacChanges}}
}} | Export-Csv C:\report.csv -NoTypeInformation -UseCulture

You have 2 dots in there

@{N="Portgroup Forged transmits";E={$_..Extensiondata.Spec.Policy.Security.ForgedTransmits}},

removed the .  still i am getting the empty values  shown in pic. it is esxi 5.5 version.

used below script

&{foreach($sw in (Get-VirtualSwitch -Standard)){

  Get-VirtualPortGroup -VirtualSwitch $sw |

  Select @{N="Host";E={$sw.VMHost.Name}},

  @{N="Switch";E={$sw.Name}},

  @{N="Promiscuous mode";E={$sw.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},

  @{N="Forged transmits";E={$sw.Extensiondata.Spec.Policy.Security.ForgedTransmits}},

  @{N="MAC Changes";E={$sw.Extensiondata.Spec.Policy.Security.MacChanges}},

  @{N="Portgroup";E={$_.Name}},

  @{N="Portgroup Promiscuous mode";E={$_.Extensiondata.Spec.Policy.Security.AllowPromiscuous}},

  @{N="Portgroup Forged transmits";E={$_.Extensiondata.Spec.Policy.Security.ForgedTransmits}},

  @{N="Portgroup MAC Changes";E={$_.Extensiondata.Spec.Policy.Security.MacChanges}}

}} | Export-csv C:\Users\ljonnala\Desktop\powercli\pp\vswitchsecurity.csv

this time i got switch level security settings, but port-group level getting empty.

That could mean that you have no explicit security settings for the portgroups defined.

In that case the portgroups will inherit from the vSwitch