I was having  Issues with some Hosts/VMs being able to communicate outside the Host. They could all hit each other on the Host they were on, but not all could communicate outside the host. They All worked fine with the Crappy SG300 Switch, though not at all on the C3850 unit. The C3850 is running:  03.06.05E

If I moved the Order of the NICs in the vSwitch, I could get some to work and others would then fail that were working. 

My initial config for the ports was:

interface GigabitEthernet1/0/3
 switchport trunk allowed vlan 20,200
 switchport mode trunk
 switchport port-security violation  restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 macro description cisco-desktop
 no vtp
 spanning-tree portfast
 spanning-tree bpduguard enable

That partly came from the Cisco Network Assistant app.  I should of known to use use the CLI only. )-:

I ended up with:

interface range GigabitEthernet1/0/1-6
 switchport trunk allowed vlan 20,200
 switchport mode trunk
 no vtp
 spanning-tree portfast trunk

The switchport port-security statements that the CNA put in were limiting the MAC Addresses on the ports so only some MACs would get through. 

Though reading though many of the VMWare KBs, they all seem to be old, referencing older Cisco IOS Commands.    

My Question is do I need more or less than I have for the Uplink ports to the Hosts? Are there any default Commands that apply to all ports that I should watch out for?

Thank you,