Port blocked due to L2 security violation

After a customer migration from his vCenter to our cloud, a couple of his VMs didn’t connect to the organization network.

Troubleshooting deeper, I realized that the related ports were “Blocked due to L2 security violation”


To understand what this meant, I googled the error and found this interesting post from Patrick Terlisten https://www.vcloudnine.de/trouble-due-to-changed-vds-default-security-policy/ dated September 2015.

In few words, if MAC address is different than VMWare usual or, like in my case, it isn’t shown at all, due to the default security policy settings introduced with vCenter 5.5, the packets drop.

Solution is to modify these policies. And it’s possible even just for that port, changing the parameter “override” for just that portgroup. So, first of all, let’s modify the “override settings” for security policy in the portgroup so that I’ll be able to change this value for the port:


and now override the single port:


Refresh, et voilà:






Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s