User ACL/TAG - VMware Networks

Hi folks, we are doing some tests with VMware and User ACLs.

Currently we can usage TAGs to restrict users to access some components in VMware Infrastructure (folders, vms, datastore), but I did not found how to TAG VLAN networks (Port Groups created in vSwitch).

Could someone have any idea howto do it ?

Best regards

Carlos

1 Like

As far as I know VLANs (portgroups) cannot be tagged, only switches.

Hi @xian , thanks for your information.
Well, is there any other way to restrict the VLANs ?

Best regards
Carlos

VLANs can definitely be tagged, though maybe not from the UI. See the following:

$evm = MiqAeMethodService::MiqAeService.new(MiqAeEngine::MiqAeWorkspaceRuntime.new)
lans = $evm.vmdb(:lan).all.select { |lan| lan.name.downcase.exclude? 'dmz' }
lans.each do |lan|
  lan.tag_unassign('network_purpose')
  lan.tag_unassign('environment')
  id = get_vlanid(lan.name)
  next if id.nil? || id.zero?

  vlan_tags.each do |role, env_hash|
    env_hash.each do |env, vlans|
      if vlans.include?(id)
        lan.tag_assign("network_purpose/#{role}")
        lan.tag_assign("environment/#{env}")
      end
    end
  end
end
1 Like

Hi @01100010011001010110

Thank you !!! I will try do some tests… Is it planned to be supported by Gui interface!?

best regards
Carlos

Where do I put this code?