Configuring promiscuous mode on a virtual switch or portgroup (1004099)
Promiscuous mode is disabled by default, and should not be turned on unless specifically required. Software running inside a virtual machine may be able to monitor any and all traffic moving across a vSwitch if it is allowed to enter promiscuous mode.
To configure a portgroup or virtual switch to allow promiscuous mode:
- Log into the ESXi/ESX host or vCenter Server using the vSphere Client.
- Select the ESXi/ESX host in the inventory.
- Click the Configuration tab.
- In the Hardware section, click Networking.
- Click Properties of the virtual switch for which you want to enable promiscuous mode.
- Select the virtual switch or portgroup you wish to modify and click Edit.
- Click the Security tab.
- From the Promiscuous Mode dropdown menu, click Accept.
Note: The setting on the portgroup overrides the virtual switch setting. For more information, see How promiscuous mode works at the virtual switch and portgroup levels (1002934).
You likely need to set the VLAN 4095 at the port group level, which allows the port group to see the traffic on any VLAN while leaving the VLAN tags intact.