Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Configuring promiscuous mode on a virtual switch or portgroup (1004099)

Purpose

By default, a guest operating system's virtual network adapter only receives frames that are meant for it. Placing the guest adapter in promiscuous mode causes it to detect all frames passed on the virtual switch that are allowed under the VLAN policy for the associated portgroup. This can be useful for intrusion detection monitoring or if a sniffer needs to be run to analyze all traffic on the wire.

Promiscuous mode is disabled by default, and should not be turned on unless specifically required. Software running inside a virtual machine may be able to monitor any and all traffic moving across a vSwitch if it is allowed to enter promiscuous mode.

Resolution

To configure a portgroup or virtual switch to allow promiscuous mode:

  1. Log into the ESXi/ESX host or vCenter Server using the vSphere Client.
  2. Select the ESXi/ESX host in the inventory.
  3. Click the Configuration tab.
  4. In the Hardware section, click Networking.
  5. Click Properties of the virtual switch for which you want to enable promiscuous mode.
  6. Select the virtual switch or portgroup you wish to modify and click Edit.
  7. Click the Security tab.
  8. From the Promiscuous Mode dropdown menu, click Accept.

Note: The setting on the portgroup overrides the virtual switch setting. For more information, see How promiscuous mode works at the virtual switch and portgroup levels (1002934).

You likely need to set the VLAN 4095 at the port group level, which allows the port group to see the traffic on any VLAN while leaving the VLAN tags intact.

Tags

configure-promiscuous-mode

See Also

Update History

03/17/2011 - Updated Products list 09/06/2012 - Added ESXi 5.0 to products list 10/11/2014 - Added VMware ESXi 5.5.x and VMware vCenter Server 5.5.x under Product versions.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 31 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 31 Ratings
Actions
KB: