You can define membership criteria to add members dynamically in an NSX group based on one or more criteria.

A criterion can have one or more conditions. The conditions can use the same member type or a mix of different member types. However, some restrictions apply to adding multiple conditions with mixed member types in a membership criterion. See the Restrictions for Criteria with Mixed Member Types section later in this topic.

By default, NSX-T uses the logical AND operator after each condition in a membership criterion. Other logical operators are not supported to join the conditions in a membership criterion.

To join criteria, OR and AND operators are available. By default, NSX-T selects the OR operator to join two criteria. AND operator is supported between two criteria only when:
  • Both criteria use the same member type.
  • Both criteria use a single condition.
The following restrictions apply to adding multiple conditions:
  • A maximum of five conditions with the same member type is supported in a single membership criterion. For example, in a criterion, you can add a maximum of five conditions with the Virtual Machine member type.
  • A maximum of 15 conditions with mixed member types are supported in a single membership criterion. For example, in a criterion, you can add a maximum of 15 conditions with a mix of NSX Segment and Segment Port member types.
  • A maximum of 35 conditions with mixed member types are supported in a group.
A group can have a maximum of five membership criteria. However, the total number of criteria that you can add in a group is determined by the number of conditions in each criterion. See the following examples.
Example 1
A group with three membership criteria and a total of 35 conditions:
  • Criterion 1 has 15 conditions with mixed member types.
  • Criterion 2 has 15 conditions with mixed member types.
  • Criterion 3 has 5 conditions with the same member type.
Example 2
A group with four membership criteria and a total of 35 conditions:
  • Criterion 1 has 15 conditions with mixed member types.
  • Criterion 2 has 14 conditions with mixed member types.
  • Criterion 3 has four conditions with the same member type.
  • Criterion 4 has two conditions with the same member type.
Example 3
A group with five membership criteria and a total of 22 conditions:
  • Criterion 1 has 10 conditions with mixed member types.
  • Criterion 2 has three conditions with the same member type.
  • Criterion 3 has four conditions with the same member type.
  • Criterion 4 has three conditions with the same member type.
  • Criterion 5 has two conditions with mixed member types.
Because this group has reached the limit of five criteria, you cannot add another membership criterion. However, you can add more conditions, if required, in any of the five criteria until you don't exceed the following upper limits mentioned earlier:
  • A maximum of five conditions with the same member type in a single criterion.
  • A maximum of 15 conditions with mixed member types in a single criterion.
  • A total of 35 conditions in the group.

Restrictions for Criteria with Mixed Member Types

Member Type Criterion With Mixed Member Types Tag Operator Scope Operator
Virtual Machine

Not Supported

  • Equals - one tag can be selected.
  • Contains
  • Starts with
  • Ends with
  • Equals
NSX Segment

Supported

Conditions based on NSX Segment can be mixed with conditions based on Segment Port

  • Equals - one tag can be selected.
  • Not Equals - one tag can be selected.
  • Equals
  • Not Equals - if selected, the tag operator is removed.
Segment Port

Supported

Conditions based on Segment Port can be mixed with conditions based on NSX Segment

  • Equals - one tag can be selected.
  • Not Equals - one tag can be selected.
  • Not In - a maximum of five tags can be selected.
  • Equals
  • Not Equals - if selected, the tag operator is removed.
Distributed Port Groups

Supported

Conditions based on Distributed Port Group can be mixed with conditions based on Distributed Port

  • Equals - one tag can be selected.
  • Not Equals - one tag can be selected.
  • Equals
  • Not Equals - if selected, the tag operator is removed.
Distributed Ports

Supported

Conditions based on Distributed Port can be mixed with conditions based on Distributed Port Group

  • Equals - one tag can be selected.
  • Not Equals - one tag can be selected.
  • Not In - a maximum of five tags can be selected.
  • Equals
  • Not Equals - if selected, the tag operator is removed.
IP Set - This member type will be deprecated in the future. It is currently available to achieve backward compatibility with preexisting NSGroups or Groups based on IP Set tag-based criterion. We recommend you to use Group as the member type and add tag-based IP Addresses Only groups in a membership criterion.

Not Supported

  • Equals - one tag can be selected.
  • Equals
Group - Use this member type to add tag-based IP Addresses Only groups in a membership criterion.

Not Supported

Equals - one tag can be selected. Equals