#VMWARE MAC ADDRESS CHANGING PORTS MAC#
However, if it finds a non-matching MAC address, the frame is dropped. As long as the source MAC field is the same as the Effective MAC address, the frame is allowed by the port. The policy will check to see if the source MAC address field has been tampered with. If the policy is set to “Reject,” the port will interrogate all the traffic that is generated by the VM. The vSwitch port will just happily let those frames move along to their destination. If set to “Accept,” the VM can put in any MAC address it wishes into the “source address” field of a Layer 2 frame. Very similar to the MAC Address Changes policy, the Forged Transmits policy is concerned with MAC Address Changes, but only as it concerns transmitting traffic.
![vmware mac address changing ports vmware mac address changing ports](http://wanos.co/docs/wp-content/uploads/2016/09/portgrouppromiscuousmode.png)
To sum it up, the MAC Address Changes policy is focused entirely on whether or not a VM (or even a VMkernel port) is allowed to change the MAC address it uses for receiving traffic. The port will no longer receive traffic until you either change the security policy or make sure that the Effective MAC address is the same value as the Initial MAC address. When set to “Reject,” the vSwitch will disable the port if it sees that the guest OS is trying to change the Effective MAC address to something other than the Initial MAC address. Typically, we don’t want this to happen as a malicious user could try to impersonate another VM by using the same MAC address, but there are use cases, such as with Microsoft Network Load Balancing (NLB) where it makes sense. When set to “Accept,” the vSwitch allows the Initial MAC address to differ from the Effective MAC address, meaning the guest OS has been allowed to change the MAC address for itself. So, now that you’re a MAC address expert, let’s go back in and discuss how the vSwitch polices MAC Address Changes.
#VMWARE MAC ADDRESS CHANGING PORTS PC#
Typically, the guest OS just uses the Initial MAC address, much like your PC will by default use the BIA or your NIC.
![vmware mac address changing ports vmware mac address changing ports](https://www.vladan.fr/wp-content/uploads/images/Manually-change-MAC-address.jpg)
The idea of MAC Address Changes tends to confuse a lot of people, so we’ll go deep into this one. It can still only see traffic for the VLAN(s) that it belongs to. Promiscuous mode does not allow a VM to see traffic on VLANs that aren’t specified by the port group.