When SpoofGuard is configured, if the IP address of a virtual machine changes, traffic from the virtual machine may be blocked until the corresponding configured port/switch address bindings are updated with the new IP address.
Enable SpoofGuard for the port group(s) containing the guests. When enabled for each network adapter, SpoofGuard inspects packets for the prescribed MAC and its corresponding IP address.
Prerequisites
Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.
Procedure
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- Select Spoof Guard.
- Enter a name and optionally a description.
- To enable port level SpoofGuard, set Port Bindings to Enabled.
- Click Add.
Results
A new switching profile has been created with a SpoofGuard Profile.
What to do next
Associate the SpoofGuard profile with a logical switch or logical port. See Associate a Custom Profile with a Logical Switch in Manager Mode or Associate a Custom Profile with a Logical Port in Manager Mode.