When SpoofGuard is configured, if the IP address of a virtual machine changes, traffic from the virtual machine may be blocked until the corresponding configured port/switch address bindings are updated with the new IP address.

About this task

Enable SpoofGuard for the port group(s) containing the guests. When enabled for each network adapter, SpoofGuard inspects packets for the prescribed MAC and its corresponding IP address.


Before configuring SpoofGuard, add address bindings or switch bindings on each logical switch. Address binding allows you to bind an IP address and MAC address to a port or switch. Configure Port Address BindingsConfigure Switch Address Bindings


  1. In NSX Manager, navigate to Switching > Switching Profiles.
  2. Click Add.

    The New Switching Profile window appears.

  3. Name the profile and select SpoofGuard as the type. You can also add a profile description.
  4. To enable port level SpoofGuard, choose port bindings, and to enable switch level SpoofGuard select switch bindings.

    Address bindings are the allowed whitelist for port and switch SpoofGuard.

  5. Click Save.


A new switching profile has been created with a SpoofGuard Profile.

What to do next

Associate the SpoofGuard profile with a logical switch.Associate a Custom Profile with a Logical Switch