VMware vSphere

Hello all.

Please correct me if I am wrong. But we have this setup; one vSwitch is connected to one vNic. This vSwitch has two PortGroups. Each portgroup only has one VM. PG1 has Promiscuous Mode set to Accept, the VM inside that portgroup has NetworkMonitor 3.3 installed. PG2 has the default settings, and the VM inside is a Windows 2003 VM (not important). We can not capture any traffic going to or from that server in PG2.

Is this supposed to work? Or am I missing something?

You need to enable pormiscuous mode in all portgroups you want to monitor. The rule set to "reject" on the PG2 drops all "normal" packets sent by and to the broadcast address.

Marcelo Soares

VMWare Certified Professional 310/410

Virtualization Tech Master

Globant Argentina

Consider awarding points for "helpful" and/or "correct" answers.

Sorry Marcelo, but your incorrect. I don't mean to be rude, and I do appreciate the attempt to help. But Promiscuous Mode set to reject or accept has no influence on broadcast or multicast packets. Just think about it, Promiscuous Mode is set to reject by default, and DHCP uses broadcast to work. Promiscuous Mode is to allow packets to be seen from other port groups on the same vSwitch to the portgroups with Promiscuous enabled.

We did try enabling all portgroup to promiscuous, and that did not help. I'm not 100% sure, but I don't think you need to do that to get traffic. I believe all we need is Promiscuous enabled for the portgroups that what to see the traffic.

Thanks,

Nick

Actually, I am experiencing about the same problem as what you have.

I tried different ways:

1. enable promiscuous mode for all portgroup,

2. enable promiscuous mode for vswitch( it will push to all the portgroup configured on it).

3. Follow another document to attach a layer 3 interface ( service console )to that vswitch

But finally one thing surprised me, I put an vlan ID to the promiscuous portgroup, then it worked.

Though it is working, I could not understand why, and looked the captured packets, I found that it only captured the packets which are related the that specific vlan.

Thanks,

To allow all tagged packet to be passed to a VM, use VLAN ID 4095.

André

Thanks a lot a.p. That works.

But as fas as I know, vlan ID 4095 actually is reserved for future use, is there any vmware doc details this ?

From the captured traffic, I can see there is a 802.1Q tag in front of each packet.

My another concern is do I have to apply promiscuous mode to all the other portgroups in the same vswitch to be able to capture the traffic of them, which is described in some other forums/knowledge bases ? I am assuming not.

Thanks again !

Hubery

ha5945 wrote:

But as fas as I know, vlan ID 4095 actually is reserved for future use

That's from the 3.x documentation

The most recent description I can find about VLAN 4095 is KB1010593-vNetwork Distributed PortGroup (dvPortGroup) configuration

Take a look at "9. VGT Policies"

VLAN Guest Tagging ...

Standard vSwitch equivalent to: VLAN ID set to 4095

André

Hi André,

Thank you very much !

Hubery