You can create a MAC address group consisting of a range of MAC addresses and then add this group as the source or destination in a Distributed Firewall rule. Such a rule can help protect physical machines from virtual machines or vice versa.
- Log in to the vSphere Web Client.
- Click Networking & Security and then under Networking & Security Inventory click NSX Managers.
- Click an NSX Manager in the Name column and then click the Manage tab.
You must select the primary NSX Manager if you need to manage universal MAC address groups.
- Click the Grouping Objects tab and then click MAC Sets.
- Click the Add () icon.
- Type a name for the address group.
- (Optional) : Type a description for the address group.
- Type the MAC addresses to be included in the group.
- (Optional) : Select Enable inheritance to allow visibility at underlying scopes.
- (Optional) : Select Mark this object for Universal Synchronization to create a universal MAC address group.
- Click OK.