Press "Enter" to skip to content

VCAP5-DCA Objective 2.1 : Implement and Manage Complex Virtual Networks

  • Configure SNMP

SNMP (Simple Network management Protocol) is available and supported by basically all devices in the IT world most people would reffer to it as SNMP trap which is an alert sent by an SNMP agent to a management system, this would include information about a hardware failure a service failre etc etc.

An SNMP agent is installed as part of vCenter Server and can be used to send traps as part of alarm actions.

In vCenter go to administration -> vCenter Server Settings


    • Receiver URL: This is the DNS name or IP of the Management System like SCOM
    • Port Number: This is the port number that the Management system is listening on for SNMP traps
    • Community String: This is basically user id and password, public is not recommended to use but this would be setup on the management system

ESXi Host:
ESXi has got an SNMP agent built in but is disabled by default, when using vCenter I dont see why you would need to activate it but its there.

This shows the current SNMP configuration:

~ # esxcli system snmp get
Enable: false
Hwsrc: indications
Loglevel: info
Port: 161
~ #

Following command enables SNMP

~ # esxcli system snmp set --enable yes

Follwoing command sets the target to send SNMP traps too

~ # esxcli system snmp set --targets=

Run the get command again an see the changes

~ # esxcli system snmp get
   Enable: true
   Engineid: 00000063000000a1c0a80066
   Hwsrc: indications
   Loglevel: info
   Port: 161
   Targets: test-community
~ #

Here is a list of SET commands that can be used

~ # esxcli system snmp set --help
Usage: esxcli system snmp set [cmd options]

  set                   This command allows the user to set up ESX SNMP agent.

Cmd options:
                        Set default authentication protocol. Values: none, MD5, SHA1
                        Set up to ten communities each no more than 64 characters.
                        Format is: community1[,community2,...] (this overwrites
                        previous settings)
  -e|--enable           Start or stop SNMP service. Values: [yes|no, true|false, 0|1]
  -E|--engineid=   Set SNMPv3 engine id. Must be at least 5 to 32 hexadecimal
                        characters. 0x is stripped if found as well as colons (:)
  -y|--hwsrc=      Where to source hardware events from IPMI sensors or CIM
                        Indications. One of: indications|sensors
  -l|--loglevel=   System Agent syslog logging level: debug|info|warning|error
  -n|--notraps=    Comma separated list of trap oids for traps not to be sent by
                        agent. Use value 'reset' to clear setting
  -p|--port=      Set UDP port to poll snmp agent on. The default is udp/161
  -x|--privacy=    Set default privacy protocol. Values: none, AES128
                        Set up to five inform user ids. Format is: user/auth-proto
                        /-|auth-hash/priv-proto/-|priv-hash/engine-id[,...] Where user
                        is 32 chars max. auth-proto is none|MD5|SHA1, priv-proto is
                        none|AES. '-' indicates no hash. engine-id is hex string
                        '0x0-9a-f' up to 32 chars max.
  -r|--reset            Return agent configuration to factory defaults
  -C|--syscontact= System contact string as presented in sysContact.0. Up to 255
                        System location string as presented in sysLocation.0. Up to
                        255 characters.
  -t|--targets=    Set up to three targets to send SNMPv1 traps to. Format is:
                        ip-or-hostname[@port]/community[,...] The default port is
                        udp/162. (this overwrites previous settings)
  -u|--users=      Set up to five local users. Format is: user/-|auth-hash
                        /-|priv-hash/model[,...] Where user is 32 chars max. '-'
                        indicates no hash. Model is one of (none|auth|priv).
  -i|--v3targets=  Set up to three SNMPv3 notification targets. Format is: ip-or-
~ #
  • Determine use cases for and applying VMware DirectPath I/O

Been covered in Objective 1.1

  • Migrate a vSS network to a Hybrid or Full vDS solution

I myself run a hybrid system on the environments I manage, I keep the management and vMotion networks on local standard switches. The reason for this is that I have been bitten with vCenter loss or network loss and having management on a DVS was effected bad, I know things are better these days but I still run it in Hybrid.

Below is a standard switch with 2 NICs and some VMs, this is my test environment and usually run full DVS in test which kind of contradicts what I said previously. But I created this standard switch for this post.

Standard Switch
Standard Switch

Now go to you Networking View right click the cluster and add DvS. Name the Switch and select the amount of uplinks.


If you have spare NICs on the hosts you can add them now but I usually will add later

dvs-setup - b

Right Click on the Distributed Switch and select Add Host. To migrate with no network outage you need to make sure that both the Standard Switch and the Distributed Switch have network connection to the same networks. If you have multiple NICs in your Standard  Switch like we have here( Refer to the first image) we will move one nic over from every host that will be using the Distributed Switch, this will generally be the whole cluster.

Below we will just add a single host for demonstration purposes, but as you can see you can do all the hosts. We will select vmnic1 current assigned to the Standard Switch.

dvs-add host

Now as you can see below the Standard Switch only has 1 vmnic.

standardswitch - single nic

And the Distributed Switch has 1 vmnic

dvs - single nic

Now that there is network connection to both switches we need to migrate the virtual machines, right click on the the Distributed Switch and select migrate virtual machine networking.

migrate networking

Select the source and destination networks, Distributed Switches will have the switch name in brackets.

migrate networking - b

It will now show you what virtual machine are on the source network and you can move the whole machine or a vNIC if it had multiple network cards, Select all the virtuals.

migrate networking - c

Over view will now be displayed on what will be happening.

migrate networking - d

Once the network migration has finished you will now see there is no virtuals on the Distributed Switch

nothing on standard

All the virtuals are now on the Distributed Switch, This is where you can remove the old Standard Switch and attached the spare nic to the Distributed Switch for redundancy.

You can migrate vmkernel port groups to by using the manage virtual adapters link on the distributed switch and follow the prompts.

machines on dvs

  • Configure vSS and vDS settings using command line tools

The main vSphere CLI command that would be used in this instance would be “esxcli network vswitch”  and “esxcfg-vswitch” This allows to add modify virtual switch settings.

Below are the options for standard switch using esxcli command

~ # esxcli network vswitch standard
Usage: esxcli network vswitch standard {cmd} [cmd options]
Available Namespaces:
 policy Commands to manipulate network policy settings governing the given virtual switch.
 portgroup Commands to list and manipulate Port Groups on an ESX host.
 uplink Commands to add and remove uplink on given virtual switch.
Available Commands:
 add Add a new virtual switch to the ESXi networking system.
 list List the virtual switches current on the ESXi host.
 remove Remove a virtual switch from the ESXi networking system.
 set This command sets the MTU size and CDP status of a given virtual switch.

Below are the options for Distributed Switches using esxcli command

~ # esxcli network vswitch dvs vmware
Usage: esxcli network vswitch dvs vmware {cmd} [cmd options]
Available Namespaces:
 lacp A set of commands for LACP related operations
 vxlan A set of commands for VXLAN related operations
Available Commands:
 list List the VMware vSphere Distributed Switch currently configured on the ESXi host.

Below are the command available using esxcfg-vswitch command

~ # esxcfg-vswitch
esxcfg-vswitch [options] [vswitch[:ports]]
 -a|--add Add a new virtual switch.
 -d|--delete Delete the virtual switch.
 -l|--list List all the virtual switches.
 -L|--link=pnic Set pnic as an uplink for the vswitch.
 -U|--unlink=pnic Remove pnic from the uplinks for the vswitch.
 -R|--restore-uplinks Restore uplinks for all vswitches from config file.
 -M|--add-pg-uplink=uplink Add an uplink to the list of uplinks for a portgroup
 -N|--del-pg-uplink=uplink Delete an uplink from the list of uplinks for a portgroup
 -P|--add-dvp-uplink=uplink Add an uplink to a DVPort on a DVSwitch.
 Must specify DVPort Id.
 -Q|--del-dvp-uplink=uplink Delete an uplink from a DVPort on a DVSwitch.
 Must specify DVPort Id.
 -V|--dvp=dvport Specify a DVPort Id for the operation.
 -p|--pg=portgroup Specify a portgroup for operation
 Use ALL to set VLAN IDs on all portgroups
 -v|--vlan=id Set vlan id for portgroup specified by -p
 0 would disable the vlan
 -c|--check Check to see if a virtual switch exists.
 Program outputs a 1 if it exists, 0 otherwise.
 -A|--add-pg=name Add a new portgroup to the virtual switch.
 -D|--del-pg=name Delete the portgroup from the virtual switch.
 -C|--check-pg=name Check to see if a portgroup exists. Program
 outputs a 1 if it exists, 0 otherwise.
 -B|--set-cdp Set the CDP status for a given virtual switch.
 To set pass one of "down", "listen", "advertise", "both".
 -b|--get-cdp Print the current CDP setting for this switch.
 -X|--set-maxactive Set the max active uplinks for this switch.
 -x|--get-maxactive Print the max active uplinks for this switch.
 -m|--mtu=MTU Set MTU for the vswitch/DVSwitch. This affects all the nics attached on the vswitch.
 -r|--restore Restore all virtual switches from the configuration file
 -h|--help Show this message.

Listing the Standard Switches and Distributes switched use the following command

esxcfg-vswitch -l


Let do a small change here as you can see above the standard switch has a single nice “vmnic3” assigned to it, and the distributed switch we created in the earlier stems “dvSwitch” has a single “vmnic1” what we will do is remove the vmnic3 from the standard switch and add it to the distributed switch.

To remove vmnic3 from the standard switch use the following

~ # esxcfg-vswitch --unlink=vmnic3 vSwitch0
~ #

esxcfg-vswitch -b

Now we add the vmnic into the distributed switch ( the 129 value is the port ID if you notice in the picture above there is 128 and 129 128 is in use 129 is free we need to select a free port to assign the vmnic to)

~ # esxcfg-vswitch -P vmnic3 -V 129 dvSwitch
~ #

esxcfg-vswitch -c

  • Analyze command line output to identify vSS and vDS configuration details

The above section explains this esxcfg-vswitch -l command will give you the current config details

  • Configure NetFlow
  • Determine appropriate discovery protocol
    • CDP
    • LLDP


  1. Loui
    Loui January 11, 2013

    Cheers for the post very help full

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti SPAM BOT Question * Time limit is exhausted. Please reload CAPTCHA.