Questions

Which vSwitch or vSwitch port group policy setting allows packets to be received by a virtual machine with different destination MAC addresses than the configured MAC address?

Which vSwitch or vSwitch port group policy setting allows packets to be received by a virtual machine with different destination MAC addresses than the configured MAC address?

A.
Promiscuous mode

B.
Traffic shaping

C.
Forged transmits

D.
MAC address changes

Discussion

10 Responses to “Which vSwitch or vSwitch port group policy setting allows packets to be received by a virtual machine with different destination MAC addresses than the configured MAC address?”

  1. Markitty says:

    Why would this not be Promiscuous Mode?

  2. Alessio says:

    http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc_50%2FGUID-74E2059A-CC5E-4B06-81B5-3881C80E46CE.html

    It appears that both A and D are correct:

    Placing a guest adapter in promiscuous mode causes it to detect all frames passed on the vSphere standard switch that are allowed under the VLAN policy for the port group that the adapter is connected to.

    Changing the MAC address from the Guest OS has the intended effect: frames to the new MAC address are received.

  3. John Doe says:

    Is A, because it question states “with different destination MAC addresses”, which is plural. MAC address change is for ONE MAC address. So it must be A.

  4. JedC says:

    A is incorrect. Promiscuous Mode allows a VM to receive packets with any VLAN tag – doesn’t address the MAC address.
    B is incorrect – traffic shaping deals with throttling traffic.
    C is incorret – Forged transmits deals with spoofed MAC addresses, but is only regarding outbound traffic.
    D is correct – MAC address changes deals with incoming traffic with a different MAC address than the one configured on the VM.

    Plurality of the MAC addresses doesn’t matter, you can spoof any number of different MAC addresses and incoming traffic with different addresses is still dealt with by the MAC address changes policy.

    • xaverio says:

      you can receive any VLAN TAG only if you set VLAN 4095 on the port group

      with Promiscuous Mode enabled on the port group you can sniff, receive, all layer2 traffic of the port group within vlan x

      if you change the MAC Address in the guest OS (MAC address changes policy “allow” by default) you can or not receive the “new traffic” regards the ARP tables of the vSwitch

      So I mean A is correct

  5. khelsun says:

    Technically both A, and D are correct,
    Promiscous mode allows VM’s to receive all traffic, even not destined for it based on MAC, and MAC address changes allow you to change the MAC in the Guest OS and receive traffic destined for that MAC even though it’s configured for a different MAC in the.vmx file.

    I think the key word in the question is “configured” so D is more correct since it allows you to change the MAC in the Guest OS from the MAC configured for the VM in the .vmx file.

  6. raghaven.. says:

    mac address changes is correct bcoz in question they mentioned “allow packets to be recieved”..but in case of promiscus mode reject,the packets can recieve but those packets are in no effect..

  7. Amim says:

    MAC address changes deals with OUTGOING traffic with a different MAC address than the one configured on the VM.
    If it is set to ACCEPT, then the packet will LEAVE the VM even if the MAC is different from the one in the .vmx file, not ACCEPT it…

    D. Is for deceiving us ,it is too obvious answer since it has the word MAC in it, so our human brain immediately percepts this as related to the correct answer….a known trick in exams..

    A. Is the correct answer, since it deals with listening/receiving packets which are not destined for you (Your MAC address)

  8. G4v1n says:

    Are you sure on the that MAC Address changes deals with outgoing traffic?

    Here in the vSphere5 doc center regarding MAC address chnages it says the following

    http://pubs.vmware.com/vsphere-50/index.jsp#com.vmware.vsphere.security.doc_50/GUID-942BD3AA-731B-4A05-8196-66F2B4BF1ACB.html?resultof=%2522%256d%2561%2563%2522%2520%2522%2561%2564%2564%2572%2565%2573%2573%2522%2520

    The setting for the MAC Address Changes option affects traffic that a virtual machine receives.

    When the option is set to Accept, ESXi accepts requests to change the effective MAC address to other than the initial MAC address.

    When the option is set to Reject, ESXi does not honor requests to change the effective MAC address to anything other than the initial MAC address, which protects the host against MAC impersonation. The port that the virtual adapter used to send the request is disabled and the virtual adapter does not receive any more frames until it changes the effective MAC address to match the initial MAC address. The guest operating system does not detect that the MAC address change was not honored.

Leave a Reply