VMware {code} Community
akmalh
Contributor
Contributor
‎01-06-2015 04:37 PM
Jump to solution

How to change security policy of a distributed port group within a distributed virtual switch?

Hi

I am trying to write a Perl script which can change Security Policy of a distributed port group within a distributed virtual switch. I can access the security policy values using the following:


$port_group_view->config->defaultPortConfig->securityPolicy->allowPromiscuous->value

$port_group_view->config->defaultPortConfig->securityPolicy->forgedTransmits->value

$port_group_view->config->defaultPortConfig->securityPolicy->macChanges->value

I am trying to use the ReconfigureDVPortgroup_Task() method of DistributedVirtualPortGroup managed object. While creating a new instance of DVPortgroupConfigSpec, within the config spec data object, defaultPortConfig property there is no property for security policy and I could not find any other property that points me to security policy which I can update. I found out that it is accessed through defaultPortConfig, which is extended by VMwareDVSPortSetting where securityPolicy is a property of VMwareDVSPortSetting.

What is the way to update it? I am also bit confused about the terminologies Extends and Extended by and how it relates to each other.

Regards

Akmal

0 Kudos
1 Solution

Accepted Solutions
stumpr
Virtuoso
Virtuoso
‎01-07-2015 08:51 AM
Jump to solution

It's in the DVPortgroupConfigSpec, but you'll need to use the extended VMwareDVSPortSetting object.

my $dvpg_spec = new DVPortgroupConfigSpec();

$dvpg_spec->{defaultPortConfig} = new VMwareDVSPortSetting();

$dvpg_spec->{defaultPortConfig}{securityPolicy} = new DVSSecurityPolicy();

$dvpg_spec->{defaultPortConfig}{securityPolicy}{allowPromiscuous} = new BoolPolicy(value => 1, inherited => 0);

$dvpg_spec->{defaultPortConfig}{securityPolicy}{forgedTransmits} = new BoolPolicy(value => 1, inherited => 0);

$dvpg_spec->{defaultPortConfig}{securityPolicy}{macChanges} = new BoolPolicy(value => 1, inherited => 0);

You can probably simplify this by getting the dvpg config spec and modifying it before using it in the ReconfigureDVPorgroup_Task() method.

Reuben Stump | http://www.virtuin.com | @ReubenStump

View solution in original post

0 Kudos
2 Replies
stumpr
Virtuoso
Virtuoso
‎01-07-2015 08:51 AM
Jump to solution

It's in the DVPortgroupConfigSpec, but you'll need to use the extended VMwareDVSPortSetting object.

my $dvpg_spec = new DVPortgroupConfigSpec();

$dvpg_spec->{defaultPortConfig} = new VMwareDVSPortSetting();

$dvpg_spec->{defaultPortConfig}{securityPolicy} = new DVSSecurityPolicy();

$dvpg_spec->{defaultPortConfig}{securityPolicy}{allowPromiscuous} = new BoolPolicy(value => 1, inherited => 0);

$dvpg_spec->{defaultPortConfig}{securityPolicy}{forgedTransmits} = new BoolPolicy(value => 1, inherited => 0);

$dvpg_spec->{defaultPortConfig}{securityPolicy}{macChanges} = new BoolPolicy(value => 1, inherited => 0);

You can probably simplify this by getting the dvpg config spec and modifying it before using it in the ReconfigureDVPorgroup_Task() method.

Reuben Stump | http://www.virtuin.com | @ReubenStump
0 Kudos
akmalh
Contributor
Contributor
‎01-07-2015 02:29 PM
Jump to solution

Thank you ... stumpr. It worked....

Regards

Akmal

0 Kudos