vSwitch and Portgroup security settings
I'm looking for a way to query the security settings ("Promiscuous" Mode, forged passes and changes of MAC) the vSwitches and exchanges. MY PS skills are limited. I can get about this until now especially of patching together various scripts that I found. However at this point, I provide a vSwitch and even when I am able to get this information I don't know what to do after that.
{Foreach ($VMHost in Get-VMHost)
Foreach ($vSwitch to ($VMHost |)) Get - VirtualSwitch)) {}
$hostMoRef = get-VMHost $VMhost | % {Get-view $_.} ID}
$hostNetwork = $hostMoRef.configManager.networkSystem
$hostNetworkMoRef = get-views $hostNetwork
$hostNetworkMoRef.NetworkInfo
}
}
PowerCLI 4.1, you can use the property, Extensiondata get to the managed object.
To display the list of all your vSwitches and their exchanges, security settings, you can do something like this
foreach ($VMHost in Get-VMHost){
foreach($vSwitch in $VMHost.ExtensionData.Config.Network.Vswitch){
Write-Host $vSwitch.Name
Write-Host "`tPromiscuous mode:" $vSwitch.Spec.Policy.Security.AllowPromiscuous
Write-Host "`tForged transmits:" $vSwitch.Spec.Policy.Security.ForgedTransmits
Write-Host "`tMAC Changes:" $vSwitch.Spec.Policy.Security.MacChanges
foreach($portgroup in ($VMHost.ExtensionData.Config.Network.Portgroup | where {$_.Vswitch -eq $vSwitch.Key})){
Write-Host "`n`t" $portgroup.Spec.Name
Write-Host "`t`tPromiscuous mode:" $portgroup.Spec.Policy.Security.AllowPromiscuous
Write-Host "`t`tForged transmits:" $portgroup.Spec.Policy.Security.ForgedTransmits
Write-Host "`t`tMAC Changes:" $portgroup.Spec.Policy.Security.MacChanges
}
}
}
Note that the a security framework for a portgroup will be empty (= not) when he uses the corresponding inherited vSwitch parameter.
____________
Blog: LucD notes
Twitter: lucd22
Tags: VMware
Similar Questions
-
VLANS can be configured at the vSwitch and Portgroup level?
Dear friends,
I hope that all do you good...
Two statements are true about groups of ports and VLAN defined on a switch vNetwork Standard? (Choose two)
A. A VLAN can be configured for the entire virtual switch or on groups of individual ports
B. several groups of ports can specify the same VLAN
C. VLAN can only be configured on individual port groups
D. several VLANS can be specified in a port group
VLANS can be configured at the vSwitch and Portgroup level?
B. several groups of ports can specify the same VLAN
C. VLAN can only be configured on individual port groups
-
Adding vswitch and portgroup in a stat report information
Hi - I have a script that details stats for 24 hours. I'm trying to change so that it displays the name of vSwitch the VMNIC is attached to (IE vSwitch0 vSwitch1 etc). I tried to get the information to display, but I either get a column empty, or I get all vswitches listed in each row. Any advice? Thanks in advance
$date = get-date
$vccred = import-pscredential-path xxxxxx
to connect-VIServer-Server xxxxxx-Credential $vccred
$metrics = "net.received.average", "net.transmitted.average".
$todayMidnight = get-Date-time-Minute 0 - 0 - 0 second
$start = $todayMidnight.AddDays(-1). AddSeconds (1)
$finish = $todayMidnight
foreach ($cluster Get-cluster | name tri-objet)
{
ConvertTo-Html-body"
$cluster
" | Out-file - add $htmlNICstats
$clusterTmp = @)
write-host ">" $cluster
foreach ($esxImpl in (get-vmhost-location $cluster |)) Sort-Object name))
{
write-host ">" $esxImpl$ESXHostTMP = @)
$esx = $esxImpl | Get-View
{foreach ($vmhost to $esx)
$stats = get-Stat-entity $esximpl - Stat $metrics - start $start - finishing $finish
$stats | Group-object - property Instance. where {$_.} {Name - not ""} | %{
$row = "" | Select Date, NIC, vswitch and NOMCLUSTER, 'Max send Mbps', 'ESX Name","Max has received Mbps. "
$row.clustername = $cluster.name
$row.vswitch =
$row. "" ESX Name ' = $_. Group [0]. @entity.name
$row. Date = $start. ToShortDateString()
$row. NIC = $_. Group [0]. Instance
$row. "" MBps Max Send "=" {0: F2} "f (($_.)) Group | where {$_.} MetricId - eq "net.transmitted.average"} | Measure - Object - property - maximum value). Maximum / 1 KB)
$row. "" Max received Mbps "=""(($_.) f) Group | where {$_.} MetricId - eq "net.received.average"} | Measure - Object - property - maximum value). Maximum / 1 KB)
$ESXHostTMP += $row
$Report = $Report + $row
}
}
$ESXHostTMP | Nic Tri-objet | ConvertTo-Html-property NOMCLUSTER, vswitch, "ESX Name", Date, NIC, "Max send Mbps", "Max received Mbps | Out-file - add $htmlNICStats
}
The script looks only at the active network cards.
$pg = $vmhost.Config.Network.Portgroup |where {$_.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -contains $group.group[0].Instance} | %{$_.Spec.Name}If you want to include network standby cards as well, this line should be
$pg = $vmhost.Config.Network.Portgroup |where {$_.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -contains $group.group[0].Instance -or $_.ComputedPolicy.NicTeaming.NicOrder.standbyNic -contains $group.group[0].Instance} | %{$_.Spec.Name}Let me know if it gives the results you expect.
____________
Blog: LucD notes
Twitter: lucd22
-
How to see the VSwitch and PortGroup properties in the managed object browser
Hello
We have a laboratory infrastructure VI3, with a VC and some ESX servers running.
In the managed object browser, I'd like to see the properties of certain objects,
especially the VSwitches and exchanges.
How do I see VSwitch and exchanges from the CROWD. Here's my data:
ESX IP address: 192.188.0.228
VSwitch name: vSwitch0
The port group name: VM_PG
I know that we can see these properties of Client VI, but I really want to see values
returned for each of the attributes defined in the WSDL file and the CROWD precisely
allows me to do. This will help me to do a bit on our end of modeling.
I tried, but I couldn't really vSwitch. Grateful if someone can give inputs.
Thank you
Try this:
https://A.B.C.D/mob/?moid=ha-host&doPath=config.network
and more precisely which lists out them the portgroup and vSwitches
https://A.B.C.D/mob/?moid=ha-host&doPath=config.network
=========================================================================
William Lam
VMware vExpert 2009
Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
-
Issue of user profile after infection of files and F12 security settings change
Attempt to clean after infection with scans and fixes - then issues log. Could only connect in Safe Mode and safe w/network Mode.
Went to security and user created password, F12 which required logon with password preload. Then continued and authorized by going to the same place and pressing the ENTER key. Still load my user profile. My hard drive has been set up, divide a c drive and d years by anyone in CA transferred my old to my new computer while I was paralyzed. This person is now military overseas and is not accessible. My software CD is stored at the CA 2000 miles away, including all my programs. I would like to solve this problem since the new computer software and travel is unaffordable right now.
I'm fully recovered but climbing off hole $. Now: Does not load my profile. After erasing the password user F12, always my profile would not, is then returned and even reset all default settings security F12 and then when it does not reset all default settings in F12. Now I can load with the default profile in safe mode and mode safe mode with networking, but when I try to add a user, I'm not able to open Manage them other accounts to add a user. I don't have another computer to make a copy of the registry. Any ideas? Just, I moved to a new city for a job and no network have not yet.
Since you are able to boot into safe mode with network, download and run a full system scan with:
http://www.Microsoft.com/security/scanner/en-us/default.aspx
-
I don't see all the levels in the tabs of the privacy and security in the preferences.
Hello, there is no "security levels" in firefox - this review is probably suitable for internet explore only...
-
How to disable security settings
I book my movie tickets online and have always been able to select my seat when a plan of the cinema showing places available. Since last week I can no longer do this. The table plan no longer appears and I just get a little window saying blocked Application and 'your security settings have blocked an application not approved race.' If I click on the Details tab, I get a Java Console box with a list of stuff that doesn't make much sense to me. I want to know how to disable anything that blocks the plan places movies so that I can continue to see and book my tickets I've ever done.
Hello Philipp,
Thanks for the reply - since I posted the message that I discovered that the problem is with the latest Java update - it does not work with the way cinema will post their plans of seats. The film is trying to find another way for people to see the table plan. So as you say, it wasn't a problem in Firefox. Thank you very much.
-
I struggled to fix a problem all week and I'm at my wits end. The customer service was no help because the person that I spoke with could barely speak English and even less understanding of the problem that I explained it. Hoping someone here can get an idea, here's the question:
I use a professional Windows 7 operating system. I created a Microsoft Word's doc and used Adobe Acrobat XI Standard to create a form from it. It automatically detected fields, which includes a signature field. I had fixed all how it was and "Save as other - reader extended pdf - activate filling out forms in & save in reader.
The document is a report that will be sent to a small number of people who have to fill in, sign and return digitally and I'm assuming that most, if not all of them will open the document using the free Adobe Reader software. So I thought I'd extend it's what I had to do to make sure that they could fill, save to their computer if need be and also digitally sign. Signature field is automatically added in by acrobat for me and I do not change the properties of it at all except to add a border.
When I open the form in Reader (also XI) I can fill in all the fields, save it... but not signed. Security settings say signature is not allowed, even if I went back to the original form of pdf and the security settings to this topic say allowed for everything. I don't know how to resolve this... Please help!
I've attached a few screenshots, but can include more if necessary...
You must apply the rights of the reader to the file by file - save as other - Reader - Extended PDF - activate tools more. I'm not sure that it's available in Acrobat Standard, however.
-
Update security settings is bogus?
Sometimes I got the message "a new update of security settings is available at Adobe Systems. You want to install it now? "This happens when you download a PDF file of a web site by using a browser. Whenever I clicked No. and finished my download. The PDF file appears to open correctly in the browser window. When I open Adobe Reader (outside the browser) and look for the updates as there are not. This happened yesterday. I just tried the same url, and the security settings window did not come to the top. I'm not only paranoid, but curious to know what is happening - is there someone trying to download malware or is it just a bug?
I'm on Windows 7 Home Premium 64 bit, SeaMonkey 2.0.6 Adobe Reader 9.3.3. This has happened with various versions of SeaMonkey, Reader on an OS Vista Home Premium. I don't remember if it was always the same website or different. This time, it was ( http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills & docid = f: h5440ih.t xt.pdf ).
I have automatic updates disabled, enable enhanced security is enabled, in the Trust Manager I unchecked allow opening of non-pdf... I don't remember if I changed all other default settings.
Hi sfdadtony,
The update message that you saw in the tray was to update the player. Adobe recently released 9.4 update. For more details on the update follow this link: http://www.adobe.com/support/security/bulletins/apsb10-21.html
To analyze the reason why you faced this problem, I need more information on your side like what OS are you running on your system and which version of Reader has been installed on your system before you updated. Also can you whether or not it please if Reader has been correctly updated. (To check the version of Reader, reader run-> Go to Help-> on Adobe Reader 9)
The message of security updates that are in discussion on this thread do not ask re - boot your system. They have just update the certificate trust list that is used by the reader to validate digital signatures present in the PDF files.
Concerning
Shashi
-
Install ESX scripted - vSwitch security settings
I is currently working on a script installation and would like to know if anyone knows on top of their heads on the lines for:
vSwitch security settings
1. change of address MAC & lt; - set to reject
2. false allows the transmission & lt; - set to reject
I understand that these are not the default settings, so I would like to add additional lines to make the appropriate changes. Thank you.
Check this point and it should point you in the right direction and needed to run in % post as the vmkernel will be running
Reject the forged passes and Mac address change to vSwitch0 #.
echo rejecting forged passes and change of MAC address to vSwitch0
VMware-vim-cmd hostsvc/net/vswitch_setpolicy-securepolicy-forgedxmit = false vSwitch0
VMware-vim-cmd hostsvc/net/vswitch_setpolicy-securepolicy-macchange = false vSwitch0
Transmits reject them forged and change of address for the Service Console PortGroup Mac #.
echo rejecting forged passes and change of address for Service Console PortGroup MAC
VMware-vim-cmd hostsvc/net/portgroup_set-securepolicy-forgedxmit = flase vSwitch0 'Service Console'
VMware-vim-cmd hostsvc/net/portgroup_set-securepolicy-macchange = false 'Service Console' vSwitch0
Transmits reject them forged and change of address Mac for VMotion Portgroup #.
echo rejecting forged passes and change of MAC address for VMotion PortGroup
VMware-vim-cmd hostsvc/net/portgroup_set-securepolicy-forgedxmit = flase vSwitch0 "vMotion".
VMware-vim-cmd hostsvc/net/portgroup_set - securepolicy-macchange = false vSwitch0 "vMotion".
Steve Beaver
VMware communities user moderator
VMware vExpert 2009
====
Co-author of "VMware ESX Essentials in the data center" virtual
(ISBN:1420070274) Auerbach
Come and see my blog: http://www.thevirtualblackhole.com/
Come follow me on twitter http://www.twitter.com/sbeaver
*Virtualization is a journey, not a project. *
-
Script for vSwitch change security settings
Going to start working on this script, but if someone knows, is one year, I'd be interested. Trying to create a script that changes the vSwitch 'Change of address' security settings and "forged passes" to "Reject" to all on the host's vSwitches. I would like the script to turn to a CSV with a list of ESX servers, so that the script should authenticate directly on the ESX Server. Thank you.
Yes, you need a header row in the CSV file
Move invites him outside of the loop, something like this
$rootpassword = Read-Host -AsSecureString -Prompt "Enter the root password" Import-Csv "C:\esxnames.csv" -UseCulture | %{ Connect-Viserver $_.Name -user root -password $rootpassword $esx = Get-View -ViewType HostSystem -Filter @{"Name"=$_.Name} $NetworkSystem = Get-View $esx.ConfigManager.NetworkSystem foreach ($sw in $NetworkSystem.Networkconfig.Vswitch){ $swspec = $sw.spec $swspec.policy.security.AllowPromiscuous=$false $swspec.policy.security.ForgedTransmits=$false $swspec.policy.security.MacChanges=$false $NetworkSystem.UpdateVirtualSwitch($sw.name,$swspec) } Disconnect-VIServer -Server $_.Name -Confirm:$false} -
I use TWC (Time Warner Cable) as my server e-mail and Firefox as my browser. I went to my emails and has attempted to open an attachment and got an error message stating "security settings prevent the download file. Well, I contacted TWC, Norton and my PC settings. It seems that Firefox is the problem! If I use another browser ie: Google and go to my email account, I have no problem. I remember recently that Firefox did a download of updates and this may be the cause of the problem.
Thank you for your private message with the error text: "your current security settings do not allow this file to download."
Firefox partially integrates with Internet Explorer security settings for download purposes. You can realize your Internet Explorer settings to the 'Internet' zone by following the steps described in this answer to Microsoft forums:
Note: Traditionally, the Internet Options dialogue box was available in the Control Panel, as well as in IE. Not sure about Windows 8.1.
What is fix?
-
WHEN YOU USE THE CONSTRUCTOR OF MY SITE, I CAN'T COPY AND PASTE WROTE THE BROWSER SECURITY SETTINGS HOW TO NOT CHANGE THESE FOR ME TO COPY / PASTE?
https://support.Mozilla.com/en-us/KB/granting+JavaScript+access+to+the+Clipboard
This extension will help you implement the security policies for access to the Clipboard.
Allow the extended Clipboard support:
https://addons.Mozilla.org/en-us/Firefox/addon/852 -
Can someone give advice on apparently loose confidentiality and security settings in Safari on Mac
I'm new to Mac and see that the security and privacy etc.settings for Safari seem to be very loose. (I have I have these much tighter settings on my Windows 7 PC) I am concerned about privacyand on web security, but I don't want any more to hinder the default mac system? So I would appreciate any advice on this subject. Thank you!
Post edited by: bobhom
There are a few easy steps you can take to improve your privacy on the Web.
In the Safari menu bar, select
▹ Safari preferences... ▹ Extensions
An inventory of the extensions you have installed, as appropriate. A few Safari extensions are adware or spyware. Carefully read the privacy policies or the terms of use. Delete everything that you don't really need, or you are not sure.
An extension that you may want to install is called "Ghostery." It blocks tracking cookies a lot. Extensions "ClickToFlash" and "ClickToPlugin" prevents Flash content from loading automatically.
If you have installed hacks supported by advertising as "Glims" affecting the Safari, uninstall them as instructed by the developer. Doing so will improve the stability of Safari, as well as your privacy.
In the Safari Preferences dialog box, select the Privacy tab. You have the option to delete data, such as cookies, stored on your computer by web servers. You can delete all of these data, or only some of them remove by clicking on the Details button. The other parameters are little explicit.
On a more advanced level, you can change the DNS servers used by your computer or router, to find the addresses of all the Internet servers that you use. In general, the best choice from the point of view of privacy is to use the DNS servers of your ISP. Your Internet traffic goes through the network of your Internet service provider anyway, so in theory, there is no loss of privacy in the use of its DNS servers. Avoid third party DNS services such as "OpenDNS", which is in the business of selling your information to marketing specialists.
Consider using software like 'GlimmerBlocker' ad-blocking, which also blocks certain forms of abuse of JavaScript that can be used to track you. It is only suitable for advanced users, and it can block some web content you want to see.
This comment is not an endorsement of any third party software. Do your own research before deciding whether to use the software.
When you use a public network such as a Wi - Fi hotspot, don't forget that others connected to the same network may be able to listen to your network traffic. They will not be able to read the content of this traffic, if you connect to Web sites secured like this, but they know the addresses of the sites. It is the same for the e-mail and Messaging. Public VPN services to sell as a solution to this problem, but using these services may have a serious security and privacy implications.
-
I can't open attachments ._DOC. I tried combining write, wordpad and others without success. I refused access to iexpl because of security settings. I have no WORD from the Office of M. advice?
You must change the extension of the name of _DOC in just DOC. Then you will need a program to open the file; the free Word Viewer, as well as a compatibility pack, if needed, should do the job. How to obtain the latest Word Viewer
Maybe you are looking for
-
Receive more than a download of some large messages
-
When I start Skype, I can log in and everything, but it crashes immediately when the main window appears. I run dxdiag and it hangs on DirectShow (step 1).I tried to update my drivers, but they are up to date. Here is my dxdiag file. Can anyone help?
-
Satellite M30X and Mat * a dvd - ram uj-8205 burning problems
I have Satellite M30x and Mat * one year dvd - ram uj-8205. On the beginning everythinks worked very well, but in the last months of 2-3 that it cannot reads some CD and have problems with CD burningI restarted the laptop with the recovery cd, but st
-
Hello During the installation of Windows 7 or 8.1 using a USB stick - get the message "cannot be installed, it is a GPT partition. I have 64 bit install discs for Win 7 and Win 8.1. These two install on my desktop in duel boot. I made a Flash DRIVE o
-
Equium P200-1ED - fan made considerable noise
I've had the laptop about 17 months without any problem, but last week noted that, according to me, the fan was very loud - as if the bearings have gone or the fan has been damaged and is now cut something? A bit like a car - I know that the noise wa