Configure Multiple Security Settings on Unassigned ESXi Hosts by Using PowerCLI
You perform this procedure on all unassigned ESXi hosts in the SDDC inventory to configure non-native VLAN ID, Virtual Guest Tagging (VGT), and unreserved VLAN ID on all the port groups on the standard switch.
These controls apply only to unassigned hosts in VMware Cloud Foundation. An unassigned host is a host that is commissioned but not assigned to a workload domain. Once the host is added to a VMware Cloud Foundation workload domain, the standard switch on the host is removed and the host is added to a distributed switch.
The following configurations address ESXi standard switches only. Distributed switches are addressed in the Securing vCenter Server section (see Securing vCenter Server). If your environment does not have ESXi hosts with standard switches, you can skip this procedure.
- Log in to the unassigned ESXi host you want to reconfigure by using a PowerCLI console and provide the credentials.Connect-VIServer -Serverhost-fqdn -Protocol https
- VMW-ESXI-01104Do not configure the port groups on standard switches to VLAN 4095 unless Virtual Guest Tagging (VGT) is required.Get-VirtualPortGroup -Name "portgroup name" | Set-VirtualPortGroup -VLanId "New VLAN#"