which security policy is set to reject on a vSphere Standard Switch?

A security team is validating policy settings in a vSphere environment.
By default, which security policy is set to reject on a vSphere Standard Switch?

A security team is validating policy settings in a vSphere environment.
By default, which security policy is set to reject on a vSphere Standard Switch?

A.
Promiscuous mode

B.
MAC address changes

C.
Forged transmit

D.
Use explicit failover

Explanation:

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

babar.munir

babar.munir

A is correct

By default, Promiscuous Mode is set to Reject. MAC Address Changes and Forced Transmits are set to Accept.

Reply

Bart

Bart

When Does A Forged Transmit Make Sense?

A common poster child for Forged Transmits is the use of Microsoft’s Network Load Balancing (NLB) unicast mode configuration.

In this scenario, multiple virtual machines are participating in the NLB cluster and all have the same MAC address. Other cases revolve around the concept of utilizing a common MAC address to own a cluster resource when one or more nodes fail. Realistically, you won’t encounter all that many use cases that require Forged Transmits, and the default DISTRIBUTED switch security setting is to Reject any MAC impersonations (the STANDARD switch still Accepts them by default).

Reply