I am creating a new VM....Cisco ISE 3300. In the instructions, it tells me to make sure Promiscuous Mode is enabled on the vswitch. If I enable this, will it screw up any of my other VM's that are currently using this switch? I'm using vCenter 5.0 with ESXi 4.1
Thanks
No it should not - you can also create a seperate virtual machine port group and just enable promiscous mode for that port group and not set it for the entire vswitch
No it should not - you can also create a seperate virtual machine port group and just enable promiscous mode for that port group and not set it for the entire vswitch
Is it true that it doesn't effect anything if the vswitch is set to Promiscuous mode b/c Promiscuous mode also needs to be set on the adapter as well?
Making that change at the vSwitch level, allows the switch to accept promisc mode requests from the adapters themselves. The NICs on the guests have to enable it as well, in order to listen for packets.
You can mitigate this by creating another portgroup on the same VLAN, if you have VLANs configured, and enabling promisc mode on that as mentioned above.
-KjB
How do I enable it on the NICs?
That's an OS task. There's no enabling, as such, from the virtualization side, other than allowing it at the vswitch level. From there, the OS controls putting the vNIC into promisc mode.
-KjB
One last question concerning promiscuious mode. I do plan on creating a separate port group but lets say I enable it at the switch level, what if any effect will this have on my VMs that are on that vswitch? Could it create any issues?
Thanks
No issues, per se. If the os puts the nic into promisc mode, then you will be able to see more traffic, but no ill effects.
-KjB
Brandon wrote:
I do plan on creating a separate port group but lets say I enable it at the switch level, what if any effect will this have on my VMs that are on that vswitch? Could it create any issues?
If you enable Promiscous Mode at the vSwitch level then one potential issue is that every VM could (if they want) see all other VMs traffic, as the Promiscous setting more or less turns the switch port into a hub port. Depending on your enviroment this could be a security problem.