PoshCode Logo PowerShell Code Repository

Update-vSwitchSecurity (modification of post by view diff)
embed code: <script type="text/javascript" src="http://PoshCode.org/embed/743"></script>download | new post

Change the security setting of a vSwitch. Requires V2, and the VI toolkit for windows

  1. #requires -version 2.0
  2. # Author: Glenn Sizemore 12/19/2009
  3. # Source: http://get-admin.com/blog/?p=239
  4. #
  5. # v1.0  : It works
  6. Cmdlet Update-vSwitchSecurity -SupportsShouldProcess {
  7.         param (
  8.         [Parameter(position=0,Mandatory=$TRUE,HelpMessage="Name of the vSwitch to modify")]
  9.         [string]
  10.         $vSwitch,
  11.  
  12.         [Parameter(position=1,Mandatory=$TRUE,ValueFromPipeline=$TRUE,HelpMessage="One or more hosts for which we want to modify the vSwitch Security")]
  13.         [VMware.VimAutomation.Client20.VMHostImpl[]]
  14.         $VMhost,
  15.  
  16.         [switch]
  17.         $AllowPromiscuous,
  18.  
  19.         [switch]
  20.         $MacChanges,
  21.  
  22.         [switch]
  23.         $ForgedTransmits
  24.         )
  25.         #.Synopsis
  26.         #   Modify the security settings of a vSwitch
  27.         #.Description
  28.         #   Modify the security settings of a vSwitch
  29.         #.Parameter vSwitch
  30.         #   Name of the vSwitch to modify
  31.         #
  32.         #       Type            : String
  33.         #   Mandatory   : TRUE
  34.         #       ParamaterSet:
  35.         #       PipeLine        : FALSE
  36.         #.Parameter VMHost
  37.         #   One or more hosts for which we want to modify the vSwitch Security
  38.         #
  39.         #       Type            : VMHostImpl[]
  40.         #   Mandatory   : TRUE
  41.         #       ParamaterSet:
  42.         #       PipeLine        : ByValue
  43.         #.Parameter AllowPromiscuous
  44.         #   If provided then AllowPromiscuous will be enabled thus allowing all traffic
  45.         #       is seen on the port.  The default action is to disable AllowPromiscuous.
  46.         #
  47.         #       Type            : String
  48.         #   Mandatory   : TRUE
  49.         #       ParamaterSet:
  50.         #       PipeLine        : FALSE
  51.         #.Parameter ForgedTransmits
  52.         #   If provided then ForgedTransmits will be enabled thus allowing the virtual
  53.         #       network adapter to send network traffic with a different MAC address than
  54.         #       that of the virtual network adapter.
  55.         #       The default action is to disable ForgedTransmits
  56.         #
  57.         #       Type            : Switch
  58.         #   Mandatory   : FALSE
  59.         #       ParamaterSet:
  60.         #       PipeLine        : FALSE
  61.         #.Parameter MacChanges
  62.         #   If provided then MacChanges will be enabled thus allowing Media Access Control
  63.         #       (MAC) address to be changed. The default action is to disable MacChanges
  64.         #
  65.         #       Type            : Switch
  66.         #   Mandatory   : FALSE
  67.         #       ParamaterSet:
  68.         #       PipeLine        : FALSE
  69.         #.Example
  70.         #       # Set Promiscuous Mode, MAC Addess Changes, and Forged Transmits to reject.
  71.         #   Update-vSwitchSecurity -VMHost (get-vmhost ESX1) -vSwitch 'vSwitch0'
  72.         #.Example
  73.         #       # Enable Promiscuous Mode on vSwitch1 on all ESX hosts in cluster SQL
  74.         #
  75.         #       Get-Cluster SQL | Get-VMHost | Update-vSwitchSecurity vswitch1 -AllowPromiscuous
  76.         #
  77.         #       # If your not sure your running against the correct host/switch use -whatif/confirm
  78.         #       Get-Cluster SQL | Get-VMHost | Update-vSwitchSecurity vswitch1 -AllowPromiscuous -whatif
  79.         #
  80.         #       # Will output:
  81.         #
  82.         #       What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE,
  83.         #       MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX1".
  84.         #       What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE,
  85.         #       MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX2".
  86.         #       What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE,
  87.         #       MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX3".
  88.         #
  89.         #   # Be aware that the vSwitch param will perform a wildcard search for the vswitch name!     
  90.         foreach ($H in $vmhost) {
  91.                 $hostid = Get-VMHost $H | get-view
  92.                 $networkSystem = get-view $hostid.ConfigManager.NetworkSystem
  93.                 $networkSystem.NetworkConfig.Vswitch| ?{$_.name -match $vSwitch} | % {
  94.                         $switchSpec = $_.spec
  95.                         $vSwitchName = $_.name
  96.                         if ($AllowPromiscuous) {
  97.                                 $switchSpec.Policy.Security.AllowPromiscuous = $TRUE
  98.                                 $msg = "Updating $($vSwitchName) Security settings: AllowPromiscuous=True"
  99.                         } else {
  100.                                 $switchSpec.Policy.Security.AllowPromiscuous = $FALSE
  101.                                 $msg = "Updating $($vSwitchName) Security settings: AllowPromiscuous=False"
  102.                         }
  103.                         if ($MacChanges) {
  104.                                 $switchSpec.Policy.Security.MacChanges = $TRUE
  105.                                 $msg += ", MacChanges=True"
  106.                         } else {
  107.                                 $switchSpec.Policy.Security.MacChanges = $FALSE
  108.                                 $msg += ", MacChanges=False"
  109.                         }
  110.                         if ($ForgedTransmits) {
  111.                                 $switchSpec.Policy.Security.ForgedTransmits = $TRUE
  112.                                 $msg += ", ForgedTransmits=True"
  113.                         } else {
  114.                                 $switchSpec.Policy.Security.ForgedTransmits = $FALSE
  115.                                 $msg += ", ForgedTransmits=False"
  116.                         }
  117.                         if (($pscmdlet.ShouldProcess($H.Name, $msg))) {
  118.                                 $hostNetworkSystemView = get-view $hostid.configManager.networkSystem
  119.                                 $hostNetworkSystemView.UpdateVirtualSwitch($vSwitchName, $switchSpec)
  120.                         }
  121.                 }
  122.         }
  123. }

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:


Remember me