PoshCode Archive  Artifact [ad6af66e46]

Artifact ad6af66e464dd6193eae32af8f5c295c4604f840a87bbc002e9d179fc495624a:

  • File Update-vSwitchSecurity.ps1 — part of check-in [ed5f1005fc] at 2018-06-10 14:23:34 on branch trunk — Change the security setting of a vSwitch. Requires V2, and the VI toolkit for windows (user: Glenn Sizemore 12 size: 4729)

# encoding: ascii
# api: powershell
# title: Update-vSwitchSecurity
# description: Change the security setting of a vSwitch.  Requires V2, and the VI toolkit for windows
# version: 1.0
# type: script
# author: Glenn Sizemore 12
# license: CC0
# x-poshcode-id: 743
# x-archived: 2014-05-11T02:35:48
# x-published: 2009-12-19T12:53:00
#
#
#requires -version 2.0 
# Author: Glenn Sizemore 12/19/2009
# Source: http://get-admin.com/blog/?p=239
#
# v1.0 	: It works
Cmdlet Update-vSwitchSecurity -SupportsShouldProcess {
	param (
	[Parameter(position=0,Mandatory=$TRUE,HelpMessage="Name of the vSwitch to modify")]
	[string]
	$vSwitch,

	[Parameter(position=1,Mandatory=$TRUE,ValueFromPipeline=$TRUE,HelpMessage="One or more hosts for which we want to modify the vSwitch Security")]
	[VMware.VimAutomation.Client20.VMHostImpl[]]
	$VMhost,

	[switch]
	$AllowPromiscuous,

	[switch]
	$MacChanges,

	[switch]
	$ForgedTransmits
	)
	#.Synopsis
	#   Modify the security settings of a vSwitch
	#.Description
	#   Modify the security settings of a vSwitch
	#.Parameter vSwitch
	#   Name of the vSwitch to modify
	#
	#	Type		: String
	#   Mandatory	: TRUE
	#	ParamaterSet: 
	#	PipeLine	: FALSE
	#.Parameter VMHost
	#   One or more hosts for which we want to modify the vSwitch Security
	#
	#	Type		: VMHostImpl[]
	#   Mandatory	: TRUE
	#	ParamaterSet: 
	#	PipeLine	: ByValue
	#.Parameter AllowPromiscuous
	#   If provided then AllowPromiscuous will be enabled thus allowing all traffic 
	#	is seen on the port.  The default action is to disable AllowPromiscuous.
	#
	#	Type		: String
	#   Mandatory	: TRUE
	#	ParamaterSet: 
	#	PipeLine	: FALSE
	#.Parameter ForgedTransmits
	#   If provided then ForgedTransmits will be enabled thus allowing the virtual
	#	network adapter to send network traffic with a different MAC address than 
	# 	that of the virtual network adapter. 
	#	The default action is to disable ForgedTransmits
	#
	#	Type		: Switch
	#   Mandatory	: FALSE
	#	ParamaterSet: 
	#	PipeLine	: FALSE
	#.Parameter MacChanges
	#   If provided then MacChanges will be enabled thus allowing Media Access Control
	#	(MAC) address to be changed. The default action is to disable MacChanges
	#
	#	Type		: Switch
	#   Mandatory	: FALSE
	#	ParamaterSet: 
	#	PipeLine	: FALSE
	#.Example
	#	# Set Promiscuous Mode, MAC Addess Changes, and Forged Transmits to reject.
	#   Update-vSwitchSecurity -VMHost (get-vmhost ESX1) -vSwitch 'vSwitch0'
	#.Example
	#	# Enable Promiscuous Mode on vSwitch1 on all ESX hosts in cluster SQL
	#
	#	Get-Cluster SQL | Get-VMHost | Update-vSwitchSecurity vswitch1 -AllowPromiscuous
	#
	#	# If your not sure your running against the correct host/switch use -whatif/confirm
	#	Get-Cluster SQL | Get-VMHost | Update-vSwitchSecurity vswitch1 -AllowPromiscuous -whatif
	#
	#	# Will output:
	#
	#	What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE, 
	# 	MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX1".
	#	What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE,
	# 	MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX2".
	#	What if: Performing operation "Updating vSwitch1 Security settings: AllowPromiscuous=TRUE,
	# 	MacChanges=FALSE, ForgedTransmits=FALSE" on Target "ESX3".
	#
	#   # Be aware that the vSwitch param will perform a wildcard search for the vswitch name!  	
	foreach ($H in $vmhost) {
		$hostid = Get-VMHost $H | get-view
		$networkSystem = get-view $hostid.ConfigManager.NetworkSystem
		$networkSystem.NetworkConfig.Vswitch| ?{$_.name -match $vSwitch} | % {
			$switchSpec = $_.spec
			$vSwitchName = $_.name
			if ($AllowPromiscuous) {
				$switchSpec.Policy.Security.AllowPromiscuous = $TRUE
				$msg = "Updating $($vSwitchName) Security settings: AllowPromiscuous=True"
			} else {
				$switchSpec.Policy.Security.AllowPromiscuous = $FALSE
				$msg = "Updating $($vSwitchName) Security settings: AllowPromiscuous=False"
			}
			if ($MacChanges) {
				$switchSpec.Policy.Security.MacChanges = $TRUE
				$msg += ", MacChanges=True"
			} else {
				$switchSpec.Policy.Security.MacChanges = $FALSE
				$msg += ", MacChanges=False"
			}
			if ($ForgedTransmits) {
				$switchSpec.Policy.Security.ForgedTransmits = $TRUE
				$msg += ", ForgedTransmits=True"
			} else {
				$switchSpec.Policy.Security.ForgedTransmits = $FALSE
				$msg += ", ForgedTransmits=False"
			}
			if (($pscmdlet.ShouldProcess($H.Name, $msg))) {
				$hostNetworkSystemView = get-view $hostid.configManager.networkSystem
				$hostNetworkSystemView.UpdateVirtualSwitch($vSwitchName, $switchSpec)
			}
		}
	}
}