When you configure edge-based bridging, after creating an edge brige profile for an edge cluster, some additonal configurations are required.

Note that bridging a logical switch twice on the same Edge node is not supported. However, you can bridge two VLANs to the same logical switch on two different Edge nodes.

There are three configuration options.

Option 1: Configure Promiscuous Mode

  • Set promiscuous mode on the portgroup.
  • Allow forged transmit on the portgroup.
  • Run the following command to enable reverse filter on the ESXi host where the Edge VM is running:
    esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
    Then disable and enable promiscuous mode on the portgroup with the following steps:
    • Edit the portgroup's settings.
    • Disable promiscuous mode and save the settings.
    • Edit the portgroup's settings again.
    • Enable promiscuous mode and save the settings.
  • Do not have other port groups in promiscuous mode on the same host sharing the same set of VLANs.
  • The active and standby Edge VMs should be on different hosts. If they are on the same host the throughput might be reduced because VLAN traffic needs to be forwarded to both VMs in promiscuous mode.

Option 2: Configure MAC Learning

If the Edge is deployed on a host with NSX-T installed, it can connect to a VLAN logical switch or segment. The logical switch must have a MAC Management profile with MAC Learning enabled. Similarly, the segment must have a MAC Discovery profile with MAC Learning enabled.

Option 3: Configure a Sink Port

  1. Retrieve the port number for the trunk vNIC that you want to configure as a sink port.
    1. Log in to the vSphere Web Client, and navigate to Home > Networking.
    2. Click the distributed port group to which the NSX Edge trunk interface is connected, and click Ports to view the ports and connected VMs. Note the port number associated with the trunk interface. Use this port number when fetching and updating opaque data.
  2. Retrieve the dvsUuid value for the vSphere Distributed Switch.
    1. Log in to the vCenter Mob UI at https://<vc-ip>/mob .
    2. Click content.
    3. Click the link associated with the rootFolder (for example: group-d1 (Datacenters)).
    4. Click the link associated with the childEntity (for example: datacenter-1).
    5. Click the link associated with the networkFolder (for example: group-n6).
    6. Click the DVS name link for the vSphere distributed switch associated with the NSX Edges (for example: dvs-1 (Mgmt_VDS)).
    7. Copy the value of the uuid string. Use this value for dvsUuid when fetching and updating opaque data.
  3. Verify if opaque data exists for the specified port.
    1. Go to https://<vc-ip>/mob/?moid=DVSManager&vmodl=1.
    2. Click fetchOpaqueDataEx.
    3. In the selectionSet value box paste the following XML input: 
      <selectionSet xsi:type="DVPortSelection">
    <dvsUuid>c2 1d 11 50 6a 7c 77 68-e6 ba ce 6a 1d 96 2a 15</dvsUuid> <!-- example dvsUuid -->   
    <portKey>393</portKey>  <!-- example port number -->
</selectionSet>

      Use the port number and dvsUuid value that you retrieved for the NSX Edge trunk interface.

    4. Set isRuntime to false.
    5. Click Invoke Method. If the result shows values for vim.dvs.OpaqueData.ConfigInfo, then there is already opaque data set, use the edit operation when you set the sink port. If the value for vim.dvs.OpaqueData.ConfigInfo is empty, use the add operation when you set the sink port.
  4. Configure the sink port in the vCenter managed object browser (MOB).
    1. Go to https://<vc-ip>/mob/?moid=DVSManager&vmodl=1.
    2. Click updateOpaqueDataEx.
    3. In the selectionSet value box paste the following XML input. For example,
      <selectionSet xsi:type="DVPortSelection">
    <dvsUuid>c2 1d 11 50 6a 7c 77 68-e6 ba ce 6a 1d 96 2a 15</dvsUuid> <!-- example dvsUuid -->   
    <portKey>393</portKey>  <!-- example port number -->
</selectionSet>

      Use the dvsUuid value that you retrieved from the vCenter MOB.

    4. On the opaqueDataSpec value box paste one of the following XML inputs.

      Use this input to enable a SINK port if opaque data is not set (operation is set to add): 

      <opaqueDataSpec>
    <operation>add</operation> 
    <opaqueData>
        <key>com.vmware.etherswitch.port.extraEthFRP</key>
        <opaqueData xsi:type="vmodl.Binary">AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</opaqueData>
    </opaqueData>
</opaqueDataSpec>
      Use this input to enable a SINK port if opaque data is already set ( operation is set to edit): 
      <opaqueDataSpec>
    <operation>edit</operation> 
    <opaqueData>
        <key>com.vmware.etherswitch.port.extraEthFRP</key>
        <opaqueData xsi:type="vmodl.Binary">AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</opaqueData>
    </opaqueData>
</opaqueDataSpec>

      Use this input to disable a SINK port: 

      <opaqueDataSpec>
    <operation>edit</operation>
        <opaqueData>
            <key>com.vmware.etherswitch.port.extraEthFRP</key>
            <opaqueData xsi:type="vmodl.Binary">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</opaqueData>
    </opaqueData>
</opaqueDataSpec>
    5. Set isRuntime to false.
    6. Click Invoke Method.

What to do next

Associate a logical switch with the bridge profile. See Create a Layer 2 Bridge-Backed Logical Switch in Manager Mode.