Nov 192008

To setup properly the portgroups in VMware vSwitching environment, we had to create two portgroups per vSwitch as depicted below:

schema for connecting two vswitch with SG IPS in ESX

Reason for this configuration is that “operative portgroups” where servers and machines are connected should not be in Promiscuous mode to avoid sniffing other machines’ traffic, while portgroups dedicated to IPS inline ports must:

    be configured in promiscuous mode to receive all traffic of the vSwitch they are connected to

    be part of VLAN ID 4095 to “pass” all VLAN IDs to Virtual Machine without any intervention

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>