When people use standard vSwitches in vSphere it is always a problem, at least for me how
to configure switch security policies like promiscuous mode, or mac address changes just
for a few ports where these required. Using the standard vSwitch I always created a new
portgroup just for the few VMs which require special policies, but this is not the best
way, and really not a perfect solution.
If people change to use distributed vSwitches, and yes, if people has money for such
license this prblem could be solved much easier.
By default with a distributed vSwitch the same settings are defined at the portgroup
level, and the settings are inherited by all the ports. But this can be overridden if
required. To do so at first the override of the security settings at port level must be
enabled in the portgroup advanced settings tab.
After this, the inherited port settings can be changed.
Now, we have a port with custom port security policy. 🙂