User ACL/TAG - VMware Networks


#1

Hi folks, we are doing some tests with VMware and User ACLs.

Currently we can usage TAGs to restrict users to access some components in VMware Infrastructure (folders, vms, datastore), but I did not found how to TAG VLAN networks (Port Groups created in vSwitch).

Could someone have any idea howto do it ?

Best regards

Carlos


#2

As far as I know VLANs (portgroups) cannot be tagged, only switches.


#3

Hi @xian , thanks for your information.
Well, is there any other way to restrict the VLANs ?

Best regards
Carlos


#4

VLANs can definitely be tagged, though maybe not from the UI. See the following:

$evm = MiqAeMethodService::MiqAeService.new(MiqAeEngine::MiqAeWorkspaceRuntime.new)
lans = $evm.vmdb(:lan).all.select { |lan| lan.name.downcase.exclude? 'dmz' }
lans.each do |lan|
  lan.tag_unassign('network_purpose')
  lan.tag_unassign('environment')
  id = get_vlanid(lan.name)
  next if id.nil? || id.zero?

  vlan_tags.each do |role, env_hash|
    env_hash.each do |env, vlans|
      if vlans.include?(id)
        lan.tag_assign("network_purpose/#{role}")
        lan.tag_assign("environment/#{env}")
      end
    end
  end
end

#5

Hi @01100010011001010110

Thank you !!! I will try do some tests… Is it planned to be supported by Gui interface!?

best regards
Carlos