The MAC management switching profile supports two functionalities: MAC learning and MAC address change.

MAC learning provides network connectivity to deployments where multiple MAC addresses are configured behind one vNIC, for example, in a nested hypervisor deployment where an ESXi VM runs on an ESXi host and multiple VMs run inside the ESXi VM. Without MAC learning, when the ESXi VM's vNIC connects to a switch port, its MAC address is static. VMs running inside the ESXi VM do not have network connectivity because their packets have different source MAC addresses. With MAC learning, the vSwitch inspects the source MAC address of every packet coming from the vNIC, learns the MAC address and allows the packet to go through. If a MAC address that is learned is not used for a certain period of time, it is removed. This aging property is not configurable.

MAC learning also supports unknown unicast flooding. Normally, when a packet that is received by a port has an unknown destination MAC address, the packet is dropped. With unknown unicast flooding enabled, the port floods unknown unicast traffic to every port on the switch that has MAC learning and unicast flooding enabled. This property is enabled by default, but only if MAC learning is enabled.

The MAC management switching profile also supports the ability of a VM to change its MAC address. A VM connected to a port with the MAC address change property enabled can run an administrative command to change the MAC address of its vNIC and still send and receive traffic on that vNIC. This feature is supported on ESXi only and not on KVM. This property is disabled by default.

If you enable MAC learning or MAC address change, to improve security, configure SpoofGuard as well.

For more information about creating a MAC management switching profile and associating the profile with a switch or port, see the NSX-T API Guide.


In this release, the MAC management switching profile feature is only available through the NSX API. It is not available from the NSX Manager UI.