Even though vSwitches and dvSwitches are considered to be "dumb switches"—with the exception of the Nexus 1000V—you can configure them with security policies to enhance or ensure Layer 2 security. For vNetwork Standard Switches, you can apply security policies at the vSwitch or at the port group level. For vNetwork Distributed Switches, you apply security policies only at the dvPort group level. The security settings include the following three options:
MAC Address Changes
Applying a security policy to a vSwitch is effective, by default, for all connection types within the switch. However, if a port group on that vSwitch is configured with a competing security policy, it ...