An administrator has deployed and powered on a new virtual machine configured to get its
networking information via DHCP. The virtual machine is connected to an NSX network and
connectivity has been verified. After reconfiguring the virtual machine with a static IP address,
network connectivity is lost.
Which statement explains what happened?
A.
SpoofGuard is disabled
B.
SpoofGuard is enabled and the operation mode is set to automatic
C.
SpoofGuard is enabled and the operation mode is set to manual
D.
SpoofGuard is enabled but not configured
B
C
B is the correct one:
automatic: System will automatically trust IP assignment to virtual NICs upon their first use, as recognized by VMware Tools. Subsequent changes require manual review and approval.
C
It needs approval
Check page 64 of NSX Admin guide. It clearly states that
Automatic mode – “This mode automatically approves all ipv4 and ipv6 address on a vNIC”
B
If we change the view to Virtual NICs IP Required Approval we can see a list of all NICs that we need to approve. If we configured the default policy with the automatically trust IP assignments on their first use then these would have been pre-approved but subsequent IP changes would require manual intervention
B
The key term is “DHCP”, per the admin doc (link below) if the policy was set to manual, the DHCP address would not even be allowed to transmit network until approved
SpoofGuard inherently allows DHCP requests regardless of enabled mode. However, if in manual inspection mode, traffic does not pass until the DHCP-assigned IP address has been approved.
https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.admin.doc/GUID-06047822-8572-4711-8401-BE16C274EFD3.html