While using the Physical Switch you may find many security features available for networking but in case of virtual switch you also have some of features which will help in maintaining the secure virtual networking. vSphere Distributed Switch provides the same security settings which are on the Standard switch. Security settings on the virtual switch are important to maintain the secure networking of the virtual machines. vSphere Distributed Switch security setting consists of 3 security features Promiscuous Mode, Mac Address Changes, Forged Transmits.
There is not much configuration you need to do for this. you just have to set it to accept or reject to enable security on particular port group.
Promiscuous mode will help you to monitor or watch the traffic going through the particular switch or port group. You can either set it to accept or reject.
Accept : If you set it to accept then you can monitor or sniff the network traffic of other virtual machines which are available on the same switch or port group. This can be useful at the time where there is intrusion in the network traffic. This can be used when you want to capture the packets of other virtual machines using the wireshark or other network capturing tools.
Reject: This option is selected by default. When it is set to reject you will not be able to monitor the network traffic of other virtual machines.
Mac Address Changes:
Mac Address Changes works on the mac address of the virtual machines. It works on the assigned mac address to the vNIC from which network can be allowed or blocked. You can either set it to accept or reject.
Accept: If you set Mac address changes to accept then if the assigned mac address of the virtual machine is different then the new mac address then also it will allow the network to flow.
Reject: If you set Mac address changes to reject then it will check for the assigned mac address changes with the new mac address & if it finds difference in the mac address then it will drop the network packets for that vm. This option is selected by default.
It works same way as the Mac Address Changes but it works on the out going traffic where as Mac Address Changes works on the incoming traffic.
Accept: If you set this to Accept then there is no checking performed on the Mac Address changes. It will allow all the outgoing traffic to flow if it’s Mac Address is different then the assigned MAC.
Reject: If you set this to Reject then it will check for the Mac Address of the VM with the assigned Mac Address if it finds different then it will drop the Outgoing packets. This option is selected by default.
That’s it for Today Friends. I Hope you liked reading this post & If you find anything more to be added or removed feel free to write it in our comments. If you find it useful You are Feel free to share this on social media to help others & spread knowledge.
If you have any query on any thing you are free to write it in our comments section & we will make sure to provide you the better solution as soon as possible.