Automation

 View Only
  • 1.  Promiscuous Mode Policy Change

    Posted Nov 07, 2020 10:18 AM

    I'm using the below script to get Promiscuous Mode then I set it to desired value, I need assistance in order to create a script that can:

    1. First get Promiscuous Mode
    2. identify ESXi that have wrong configuration
    3. set configuration to desired value


    $ESXs=get-vmhost

    $ESXs | % {
    $esx=$_ ; $switchs= Get-VirtualSwitch $esx
    $switchs | % { $switch=$_ ; $sec=Get-SecurityPolicy $switch ; `
    "$esx $switch $($sec.AllowPromiscuous) $($sec.ForgedTransmits) $($sec.MacChanges)" >> $file_before}
    }

    $ESXs | Get-VirtualSwitch | Get-SecurityPolicy | Set-SecurityPolicy `
    -MacChanges $false `
    -ForgedTransmits $false `
    -AllowPromiscuous $false

    $ESXs | % {
    $esx=$_ ; $switchs= Get-VirtualSwitch $esx
    $switchs | % { $switch=$_ ; $sec=Get-SecurityPolicy $switch ; `
    "$esx $switch $($sec.AllowPromiscuous) $($sec.ForgedTransmits) $($sec.MacChanges)" >> $file_after }
    }



  • 2.  RE: Promiscuous Mode Policy Change

    Posted Nov 07, 2020 11:16 AM

    Try something like this.

    It works for VSS and VDS.

     

    $newVSSPolicy = @{
        VirtualSwitchPolicy = $null
        AllowPromiscuous = $false
        MacChanges = $false
        ForgedTransmits = $false
        Confirm = $false
      }
      $newVDSPolicy = @{
        Policy = $null
        AllowPromiscuous = $false
        MacChanges = $false
        ForgedTransmits = $false
        Confirm = $false
      }
      
      $reportBefore = @()
      $reportAfter = @()
      
      Get-VMHost -PipelineVariable esx |
      ForEach-Object -Process {
        # VSS
      
        Get-VirtualSwitch -Standard -VMHost $esx -PipelineVariable vss |
        Get-SecurityPolicy -PipelineVariable policy |
        where{$_.AllowPromicious -or $_.MacChanges -or $_.ForgedTransmits|
        ForEach-Object -Process {
            $reportBefore += New-Object -TypeName PSObject -Property @{
                VMHost = $esx.Name
                Switch = $vss.Name
                AllowPromicious = $policy.AllowPromiscuous
                MacChanges = $policy.MacChanges
                ForgedTransmits = $policy.ForgedTransmits
            }
            $newVSSPolicy.VirtualSwitchPolicy = $policy
            Set-SecurityPolicy @newVSSPolicy
            Get-SecurityPolicy -VirtualSwitch $vss |
            ForEach-Object -Process {
                $reportAfter += New-Object -TypeName PSObject -Property @{
                    VMHost = $esx.Name
                    Switch = $vss.Name
                    AllowPromicious = $_.AllowPromiscuous
                    MacChanges = $_.MacChanges
                    ForgedTransmits = $_.ForgedTransmits
                }
            }
        }
      
        # VDS
      
        Get-VDSwitch -VMHost $esx -PipelineVariable vds |
        Get-VDSecurityPolicy -PipelineVariable policy |
        where{$_.AllowPromicious -or $_.MacChanges -or $_.ForgedTransmits|
        ForEach-Object -Process {
            $reportBefore += New-Object -TypeName PSObject -Property @{
                VMHost = $esx.Name
                Switch = $vds.Name
                AllowPromicious = $policy.AllowPromiscuous
                MacChanges = $policy.MacChanges
                ForgedTransmits = $policy.ForgedTransmits
            }
            $newVDSPolicy.Policy = $policy
            Set-VDSecurityPolicy @$newVDSPolicy
            Get-VDSecurityPolicy -VDSwitch $vds |
            ForEach-Object -Process {
                $reportAfter += New-Object -TypeName PSObject -Property @{
                    VMHost = $esx.Name
                    Switch = $vds.Name
                    AllowPromicious = $_.AllowPromiscuous
                    MacChanges = $_.MacChanges
                    ForgedTransmits = $_.ForgedTransmits
                }
            }
        }
        
      }
      
      
      $reportBefore | Export-Csv -Path .\report-before.csv -NoTypeInformation -UseCulture
      $reportAfter | Export-Csv -Path .\report-after.csv -NoTypeInformation -UseCulture


  • 3.  RE: Promiscuous Mode Policy Change

    Posted Nov 07, 2020 03:54 PM

    I got the below error message:

     

    Get-SecurityPolicy : Cannot validate argument on parameter 'VirtualSwitch'. The argument is null. Provide a valid value for the argument, and then try running the
    command again.
    At X:\Test.ps1:576 char:39
    + Get-SecurityPolicy -VirtualSwitch $switch -PipelineVariable polic ...
    + ~~~~~~~
    + CategoryInfo : InvalidData: (:) [Get-SecurityPolicy], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetSecurityPolicy

    Get-SecurityPolicy : Cannot validate argument on parameter 'VirtualSwitch'. The argument is null. Provide a valid value for the argument, and then try running the
    command again.
    At X:\Test.ps1:576 char:39
    + Get-SecurityPolicy -VirtualSwitch $switch -PipelineVariable polic ...
    + ~~~~~~~
    + CategoryInfo : InvalidData: (:) [Get-SecurityPolicy], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetSecurityPolicy



  • 4.  RE: Promiscuous Mode Policy Change

    Posted Nov 07, 2020 04:11 PM

    There was some code in there that I forgot to remove.
    Code is updated



  • 5.  RE: Promiscuous Mode Policy Change

    Posted Nov 07, 2020 04:38 PM

    thanks there's no error now but both csv file are empty



  • 6.  RE: Promiscuous Mode Policy Change

    Posted Nov 07, 2020 05:50 PM

    There was another typo in the code, which I just corrected.

    If none of the switches has an incorrect setting, the CSV files will be empty.
    That is exactly what your request seems to ask for.