Address bindings specify the IP and MAC address of a logical port and are used to specify the port whitelist in SpoofGuard.

With port address bindings you'll specify the IP and MAC address, and VLAN if applicable, of the logical port. When SpoofGuard is enabled, it ensures that the specified address bindings are enforced in the data path. In addition to SpoofGuard, port address bindings are used for DFW rule translations.

Prerequisites

Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure User Interface Settings.

Procedure

  1. In NSX Manager, select to Networking > Logical Switches > Ports.
  2. Click the logical port to which you want apply address binding.
    The logical port summary appears.
  3. In the Overview tab, expand Address Bindings > Manual Bindings .
  4. Click Add.
    The Add Address Binding dialogue box appears.
  5. Specify the IP (IPv4 address, IPv6 address, or IPv6 subnet) and MAC address of the logical port to which you want to apply address binding. For example, for IPv6, 2001::/64 is an IPv6 subnet, 2001::1 is a host IP, whereas 2001::1/64 is an invalid input. You can also specify a VLAN ID.
  6. Click Add.

What to do next

Use the port address bindings when you Configure a SpoofGuard Switching Profile in Manager Mode.