How to limit (restrict) access to VMware DVS port group?

By | September 21, 2016

This is a short post about small issue that I faced in our lab. I created two DVS port group named: LAB and Storage, however the second one is used just for NFS storage. Unfortunately DVS requires a port group for VMkernel (it is not necessary in VSS) so the port group is visible for VMs - it means that this port group could be selected by my colleagues for their VMs - it was not a good idea 😉 how-to-limit-restrict-access-to-vmware-dvs-port-group-2I couldn't find any solution to hide this port group and I did not want to fight with permissions. I needed to use LACP between ESXi and switches so I had to keep VMkernel in DVS port group. However, as workaround I changed port group binding and number of ports available in the port group.

By default, DVS port group settings are:

  • Port binding - static binding.
  • Number of ports - 8
  • Port allocation - flexible

I changed above settings to:

  • Port binding - static binding.
  • Number of ports - 5
  • Port allocation - fixed

how-to-limit-restrict-access-to-vmware-dvs-port-group

Above new configuration made me sure that only VMkernels (5 hosts) connected to this port group already allocated all available ports and it is not possible to turn on any VM with this port group selected later.

If you know how to hide specific DVS port group, please leave a comment 🙂