When SpoofGuard is configured, if the IP address of a virtual machine changes, traffic from the virtual machine may be blocked until the corresponding configured port/switch address bindings are updated with the new IP address.

About this task

Enable SpoofGuard for the port group(s) containing the guests. When enabled for each network adapter, SpoofGuard inspects packets for the prescribed MAC and its corresponding IP address.

Prerequisites

Before configuring SpoofGuard, add address bindings or switch bindings on each logical switch. Address binding allows you to bind an IP address and MAC address to a port or switch. Configure Port Address BindingsConfigure Switch Address Bindings

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Click Switching in the navigation panel.
  3. Click the Switching Profiles tab.
  4. Click Add and select Spoof Guard.

    The New Switching Profile window appears.

  5. Name the profile. You can also add a profile description.
  6. To enable port level SpoofGuard, choose port bindings, and to enable switch level SpoofGuard select switch bindings.

    Address bindings are the allowed whitelist for port and switch SpoofGuard.

  7. Click Save.

Results

A new switching profile has been created with a SpoofGuard Profile.

What to do next

Associate the SpoofGuard profile with a logical switch or logical port. See Associate a Custom Profile with a Logical Switch or Associate a Custom Profile with a Logical Port.