Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
0
Helpful
3
Replies

promiscuous mode for virtual switch when deploying aci simulator

JefferySung53210
Level 1
Level 1

‎08-16-2021 10:20 PM

Why is promiscuous mode needed for virtual switch when deploying aci simulator? Can I do away with it?

Labels:
0 Helpful
3 Replies 3

Robert Burns
Cisco Employee
Cisco Employee

‎08-17-2021 05:07 AM

Not if you want it to work   Because the Simulator is running on an mininet instance, the MACs are nested and therefore will not be able to receive traffic intended for the APICs virtual MAC.  It's the same reason when you run a nested VM instances of a hypervisor like ESX, you also need promisc. mode enabled.

Robert

0 Helpful

JefferySung53210
Level 1
Level 1
In response to Robert Burns

‎08-17-2021 07:54 PM

Hi Robert,
Thanks for your prompt reply. My main concern here is security with promicious mode enabled, is there a way to create in a isolated VMware environment?

0 Helpful

Robert Burns
Cisco Employee
Cisco Employee
In response to JefferySung53210

‎08-18-2021 07:44 AM

One option is to connect the APIC Sim to a dedicated vSwitch without any physical uplinks.  Then add a VM/Jumpbox with one Interface in the same vSwitch/Port Group as the Sim, and a second interface attached to your external/routed network vSwitch/portgroup.  This would limit the exposure of the Sim to only the jumpbox which could be running a FW to prevent external access.  

Robert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License