You can control how inbound and outbound frames are handled by editing Layer 2 Security policies.


Browse to a host in the vSphere Web Client navigator.


Click the Manage tab, and select Networking > Virtual Switches.


Select a standard switch from the list.

A schematic of the standard switch infrastructure appears.


In the schematic of the standard switch infrastructure, click the name of the standard port group to edit.


Click Edit settings.


In the Security section, select the check boxes next to the security policies to override.

Use the drop-down menus to edit the security exceptions.



Promiscuous mode

Reject: No effect on which frames are received by the adapter.

Accept: Causes a guest adapter to detect all frames passed on the standard switch that are allowed under the VLAN policy for the port group to which the adapter is connected.

MAC address changes

Reject: Changes if the guest OS changes the MAC address of the adapter to anything other than what is in the .vmx configuration file. All inbound frames are dropped. If the guest OS changes the MAC address back to match the MAC address in the .vmx configuration file, inbound frames are sent again.

Accept: If the MAC address from the guest OS changes, frames to the new MAC address are received.

Forged transmits

Reject: Outbound frames with a source MAC address that is different from the one set on the adapter are dropped.

Accept: No filtering is performed, and all outbound frames are passed.


Click OK.