• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

vFrank

Essense of virtualization

  • LinkedIn
  • RSS
  • Twitter

vcenter

How To Enable Traffic Filtering on Distributed Switch in vSphere 5.5

September 24, 2013 by FrankBrix 2 Comments

A cool new feature on a Distributed Switch in vSphere 5.5  is the ability filter and tag traffic on a Port Group level. This capability is also referred to as access control lists (ACLs), and it is used to provide port-level security. You can create rules of the following qualifiers:

  • MAC Source Address and Destination Address qualifiers
  • System traffic qualifiers – vSphere vMotion, vSphere management, vSphere FT, etc.
  • IP qualifiers – Protocol type, IP SA, IP DA, and port number

When a Package has been classified you can choose to either filter or tag the packets. It is very simple to implement this feature.

Step 1: Create a new vSphere 5.5 Distributed Switch or upgrade an existing. Your ESXi hosts need to be running 5.5 to be able to participate in a 5.5 dvSwitch.

Step 2: Create a port group or go to an existing.

Step 3: Right click the port group and “edit settings” – then go to “Traffic filtering and marking” 

trafficfiterdrop

 

Step 4: Enable the feature. Then create what ever rule you feel like. In my environment I created a rule to drop ICMP packages with a destination of 192.168.2.10 (my DNS server).

trafficfilterdrop2

 

 

After enabling the rule my virtual machine immediately stopped getting ICMP replies.

trafficfilterdrop3

Filed Under: vSphere Tagged With: dvswitch, filter, network, traffic, vcenter, vswitch

vCenter: Cannot complete login due to an incorrect user name or password

September 20, 2013 by FrankBrix 5 Comments

After upgrading to vSphere 5.1 or installing from scratch you may be in a situation where you cannot authenticate with your vCenter Server when using a domain user.

When you try to log in from the vSphere client you get the following error: Cannot complete login due to an incorrect user name or password 

When you try to log in from the the vSphere Web Client you get the following error: Provided credentials are not valid

SSO1   

SSO2

 

Prior to vSphere 5.1 and the Single Sign On Server SSO you were able to login directly with your domain user without supplying the domain name. 

There are two solutions to the problem.

Solution 1:

When logging in with your domain account add the domain to the user name. You can do this by either writing: DOMAIN\USERNAME or [email protected] the result will be the same. 

Perhaps you don’t feel this is the right solution for you. You may only have one domain so why should you always write the domain in the log in box. If this is the case see solution 2.

Solution 2:

What you are able to do with SSO and vSphere 5.1 is to add your DOMAIN to the default domain list. you can only accomplish this from the vSphere Web Client. What you need to do is log in to with the user name [email protected] and the password defined for this user during installation. Then you go to “Home” – “Administration” – “Single sign-on and discovery” – Configuration. In the identity source window you select your domain and press the “add to default domains” button. If your domain is not present, then you need to add it. You can also add multiple other domains. After adding the domain to the list you then make sure that it is on top of the list in the “Default domains” window. And at the end you press the “Save” button.

 SSO3

By doing this you should now be able to log in without supplying your domain name in the vSphere Client or vSphere Web Client.

Filed Under: SSO, vSphere Tagged With: cannot, domain, error, SSO, vcenter, vsphere

Primary Sidebar

Blogroll

  • Hazenet
  • Michael Ryom
  • Perfect Cloud
  • vTerkel

Copyright © 2023 · News Pro on Genesis Framework · WordPress · Log in