To install Firewalls, Port Sniffers, IDS, etc as guest virtual machines on an ESXi host which need network adapters working in promiscuous mode, it's not enough to put the virtual adapters in promiscuous mode, but you need as well to allow promiscuous mode on the vSwitch in which those virtual adapters are connected to.
To configure a portgroup or virtual switch to allow promiscuous mode:
To configure a portgroup or virtual switch to allow promiscuous mode:
- Log in to the ESX/ESXi host or vCenter Server using vSphere Client.
- Select the ESX/ESXi host in the inventory.
- Click the Configuration tab.
- In the Hardware section , click Networking.
- Click Properties of the virtual switch for which you want to enable promiscuous mode.
- Select the virtual switch or portgroup you wish to modify and click Edit.
- Click the Security tab.
- From the dropdown for Promiscuous Mode, select Accept.
HINTS:
- Software running inside a virtual machine may be able to monitor any and all traffic moving across a vSwitch if it is allowed to enter promiscuous mode.
- The setting on the portgroup overrides the virtual switch setting.
- Placing the guest adapter in promiscuous mode causes it to detect all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup.
No comments:
Post a Comment