InlineSegmentSecurityProfile1
Properties
Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7
Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default.
Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default.
Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default.
Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default.
Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default.
A flag to block all traffic except IP/(G)ARP/BPDU.
Enable or disable Router Advertisement Guard.
Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is disabled by default
Enable or disable Rate Limits
JSON Example
{
"bpdu_filter_allow": [
"string"
],
"bpdu_filter_enable": false,
"dhcp_client_block_enabled": false,
"dhcp_client_block_v6_enabled": false,
"dhcp_server_block_enabled": false,
"dhcp_server_block_v6_enabled": false,
"non_ip_traffic_block_enabled": false,
"ra_guard_enabled": false,
"rate_limits": {
"rx_broadcast": 0,
"rx_multicast": 0,
"tx_broadcast": 0,
"tx_multicast": 0
},
"rate_limits_enabled": false
}
Vendor Extensions
x-vmw-nsx-module: PolicySegmentSecurity
