vSphere vNetwork

 View Only
  • 1.  IDS dvPortGroup need Promiscuous and 4095?

    Posted Oct 02, 2012 01:06 PM

    Hey all.

    I am setting up an IDS appliance on each of my hosts using distributed switches. I created a dvPortGroup just for the IDS appliance and set it to Promiscuous Mode to collect traffic on the dvSwitch. We are using VLAN Trunking so the VLAN mode is set to VST, meaning I cannot assign VLAN 4095 to any port group.

    My question is, will setting the dvPortGroup for the IDS appliance at Promiscuous Mode be enough to collect all the traffic on the switch? I always assumed you also had to set the VLAN ID for 4095 but using VST prevents this.



  • 2.  RE: IDS dvPortGroup need Promiscuous and 4095?
    Best Answer

    Posted Oct 03, 2012 01:53 AM

    The port group with promiscuous mode is still bound to the VLAN that it lives in. Per VMware: How promiscuous mode works at the virtual switch and portgroup levels

    By default, a guest operating system's virtual network adapter only receives frames that are meant for it. Placing the guest's network adapter in promiscuous mode causes it to receive all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup. This can be useful for intrusion detection monitoring or if a sniffer needs to to analyze all traffic on the network segment.

    Set the trunk range on that port group to cover all the VLANs you wish to do traffic sniffing on, which is possible even with VST.

  • 3.  RE: IDS dvPortGroup need Promiscuous and 4095?

    Posted Oct 03, 2012 01:21 PM

    That's what I ended up doing and it did work. Thanks for the quick response Chris.