Configure Edge-Based Bridging

When you configure Edge-based bridging, after creating an Edge bridge profile for an Edge cluster, some additional configurations are required for an Edge node running in a VM.

Note that bridging a segment twice on the same Edge node is not supported. However, you can bridge two VLANs to the same segment on two different Edge nodes.

Depending on your environment, choose one of the following options.

Note: If you are bridging a segment to VLAN 0 and you are using a distributed router on this segment, VLAN 0 traffic might not be routed by the gateway when using MAC learning. In this scenario you should avoid option 3 (and even option 2a if the edge VM is attached to the portgroup of a VDS prepared for NSX for vSphere).

Option 1: Edge VM is on a VSS portgroup

This option is for when the Edge VM is connected to a VSS (vSphere Standard Switch). You must enable promiscuous mode and forged transmit.

Set promiscuous mode on the portgroup.
Allow forged transmit on the portgroup.
Run the following command to enable reverse filter on the ESXi host where the Edge VM is running:
```
esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
```
Then disable and enable promiscuous mode on the portgroup with the following steps:
- Edit the portgroup's settings.
- Disable promiscuous mode and save the settings.
- Edit the portgroup's settings again.
- Enable promiscuous mode and save the settings.
Do not have other port groups in promiscuous mode on the same host sharing the same set of VLANs.
The active and standby Edge VMs should be on different hosts. If they are on the same host the throughput might be reduced because VLAN traffic needs to be forwarded to both VMs in promiscuous mode.

Option 2a: Edge VM is on a VDS 6.6.0 (or later) portgroup

This option is for when the Edge VM is connected to a VDS (vSphere Distributed Switch). You must be running ESXi 6.7 or later, and VDS 6.6.0 or later.

Enable MAC learning with the option “allow unicast flooding” on the portgroup using the VIM API DVSMacLearningPolicy and setting allowUnicastFlooding to true.

Option 2b: Edge VM is on a VDS 6.5.0 (or later) portgroup

This option is for when the Edge VM is connected to a VDS (vSphere Distributed Switch). You enable promiscuous mode and forged transmit.

Set promiscuous mode on the portgroup.
Allow forged transmit on the portgroup.
Run the following command to enable reverse filter on the ESXi host where the Edge VM is running:
```
esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
```
Then disable and enable promiscuous mode on the portgroup with the following steps:
- Edit the portgroup's settings.
- Disable promiscuous mode and save the settings.
- Edit the portgroup's settings again.
- Enable promiscuous mode and save the settings.
Do not have other port groups in promiscuous mode on the same host sharing the same set of VLANs.
The active and standby Edge VMs should be on different hosts. If they are on the same host the throughput might be reduced because VLAN traffic needs to be forwarded to both VMs in promiscuous mode.

Option 3: Edge VM is connected to an NSX-T segment

If the Edge is deployed on a host with NSX-T installed, it can connect to a VLAN segment and use MAC Learning which is the preferred configuration option.

Create a new MAC Discovery segment profile by navigating to Networking > Segments > Segment Profiles.
- Click Add Segment Profile > MAC Discovery > .
- Enable MAC Learning. This will also enable Unknown Unicast Flooding. Keep the flooding option enabled for bridging to work in all scenarios.
Edit the segment used by the Edge by navigating to Networking > Segments.
- Click the menu icon (3 dots) and select Edit to edit the segment.
- In the Segment Profiles section, set the MAC Discovery profile to the one created above.

What to do next

Associate a segment with the bridge profile. See Create a Layer 2 Bridge-Backed Segment.