2 minute read

This is probably the first of many of these quick fire posts to track some of the quick oneliners that we end up creating to address immediate challenges.

Get a list of connected Portgroups/Segments for each Virtual Machines in a vSphere Cluster

Get-Cluster -Name <cluster name> | Get-VM `
  | %{ Write-Host -n "--> " $_ ; `
       Get-NetworkAdapter -VM $_ | ft -auto}

Oneliner Output

Get a list of the Portgroups/Segments that a Virtual Machines is connected

Get a list of all Virtual Machines processes running in the hosts in a vSphere Cluster

(Get-Cluster -Name <cluster name> | Get-VMHost `
  | %{ Write-Host -n "--> $_"; `
       (Get-esxCli -v2 -VMHost $_).vm.process.list.Invoke() }).DisplayName

Oneliner Output

Get a list of Virtual Machines processes running in all the hosts in a cluster

NSX-T Bridge - Reverse Path Forward Check Promiscuous - Get the value of ReversePathFwdCheckPromisc of all the hosts in a cluster

Get-Cluster -Name <cluster name> | Get-VMHost `
  | %{ Write-Host -n "--> $_"; `
       (Get-AdvancedSetting -Entity $_  -Name "Net.ReversePathFwdCheckPromisc" `
       | ft -AutoSize) }

Oneliner Result

Get current value of ReversePathFwdCheckPromisc in all hosts in a vSphere cluster

NSX-T Bridge - Reverse Path Forward Check Promiscuous - Set the value of ReversePathFwdCheckPromisc of all the hosts in a cluster

Get-Cluster -Name <cluster name> | Get-VMHost `
  | %{ Write-Host -n "--> $_"; `
       (Get-AdvancedSetting -Entity $_ -Name "Net.ReversePathFwdCheckPromisc" `
       | Set-AdvancedSetting -Value 1) }

Oneliner Result

Set value of ReversePathFwdCheckPromisc in all hosts in a vSphere cluster

   ReferenceNSX-T Bridge - Overlay - VLAN

NSX-T Bridge - Check Allow Promiscuous current setting on a distributed port group

The previous two oneliners change the configuration of the advanced setting ReversePathFwdCheckPromisc, however to get it working properly, it is recommended to disable and re-enable the Allow Promiscuous security policy, hence the two following oneliners - one to check the state and one to enable/disable it.

Check a single distributed portgroup security policies of a distributed switch:

Get-VDSwitch -Name <dvswitch name> `
  | Get-VDPortgroup -Name <portgroup name> `
  | Get-VDSecurityPolicy | ft -auto

Check all distributed portgroups security policies of a distributed switch:

Get-VDSwitch -Name <dvswitch name> `
  | Get-VDPortgroup `
  | Get-VDSecurityPolicy | ft -auto

Oneliner Result

Get security policies of a distributed portgroup of a distributed switch

Get security policies of all distributed portgroup of a distributed switch

NSX-T Bridge - Set Allow Promiscuous current setting on a distributed port group

The previous two oneliners change the configuration of the advanced setting ReversePathFwdCheckPromisc, however to get it working properly, it is recommended to disable and re-enable the Allow Promiscuous security policy, hence the two following oneliners - one to check the state and one to enable/disable it.

Set in a single distributed portgroup security policy of a distributed switch:

Get-VDSwitch -Name <dvswitch name> `
  | Get-VDPortgroup -Name <portgroup name> `
  | Get-VDSecurityPolicy `
  | Set-VDSecurityPolicy -AllowPromiscuous <$false or $true>

Set all distributed portgroups security policy of a distributed switch:

Get-VDSwitch -Name <dvswitch name> `
  | Get-VDPortgroup  `
  | %{ $_ | Get-VDSecurityPolicy | Set-VDSecurityPolicy -AllowPromiscuous <$true or $false>

Oneliner Result

Set security policy of a distributed portgroup of a distributed switch

Set security policy of all distributed portgroup of a distributed switch