When SpoofGuard is configured, if the IP address of a virtual machine changes, traffic from the virtual machine may be blocked until the corresponding configured port/switch address bindings are updated with the new IP address.

Enable SpoofGuard for the port group(s) containing the guests. When enabled for each network adapter, SpoofGuard inspects packets for the prescribed MAC and its corresponding IP address.


Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure the User Interface Settings.


  1. With admin privileges, log in to NSX Manager.
  2. Select Networking > Logical Switches > Switching Profiles > Add.
  3. Select Spoof Guard.
  4. Enter a name and optionally a description.
  5. To enable port level SpoofGuard, set Port Bindings to Enabled.
  6. Click Add.


A new switching profile has been created with a SpoofGuard Profile.

What to do next

Associate the SpoofGuard profile with a logical switch or logical port. See Associate a Custom Profile with a Logical Switch in Manager Mode or Associate a Custom Profile with a Logical Port in Manager Mode.