Is it possible to inspect all vSwich traffic

  • 1
  • Question
  • Updated 6 years ago
  • Answered
I am using ESX and I am wondering if its possible to inspect all vSwich traffic using a single LANGuardian. We have multiple VLANs configured
Photo of Network Admin

Network Admin

  • 32 Posts
  • 1 Reply Like

Posted 6 years ago

  • 1
Photo of Darragh Delaney

Darragh Delaney, Employee

  • 58 Posts
  • 5 Reply Likes
Yes, this is possible by following these steps

1. Create a new port group and set the VLAN to 4095
2. Edit the security settings of this port group and make sure promiscuous mode is enabled
3. Move the LANGuardian sensor NIC to this port group.

This should give you visibility across all VLANs as VMware ESX allows you to inspect traffic for multiple VLANs on a single network interface through the use of VLAN 4095.

VLAN 4095 is used as a “wildcard” so that any VLAN traffic seen by the switch will be sent to a promiscuous interface. VMware calls this virtual guest tagging (VGT).