You perform the procedure on all vCenter Servers in the management domain to configure host password length, native VLAN, reserved VLAN, and VGT.

Procedure

  1. Log in to the management domain vCenter Server by using a PowerCLI console.​

    Setting

    Value

    Command

    Connect-VIServer -Server management-domain-vcenter-server-fqdn​​ -Protocol https

    User name​

    administrator@vsphere.local​

  2. NIST80053-VI-VC-CFG-01201 Configure all port groups to a value different from the value of the native VLAN.
    Get-VDPortgroup "portgroup name" | Set-VDVlanConfiguration -VlanId "New VLAN#"
  3. NIST80053-VI-VC-CFG-01202 Configure all port groups to VLAN values not reserved by upstream physical switches
    Get-VDPortgroup "portgroup name" | Set-VDVlanConfiguration -VlanId "New VLAN#" 
  4. NIST80053-VI-VC-CFG-01227 Do not configure VLAN trunking in vCenter Server unless Virtual Guest Tagging (VGT) is required and authorized.
    1. (Optional) If you use VLAN ranges, enter VLAN ranges with a comma separated value to configure trunking.
      Get-VDPortgroup "Portgroup Name" | Set-VDVlanConfiguration -VlanTrunkRange "<VLAN Range(s) comma separated>" 
    2. (Optional) If you use a single VLAN, enter a single VLAN ID to configure trunking.
      Get-VDPortgroup "Portgroup Name" | Set-VDVlanConfiguration -VlanId "<New VLAN#>"