Putting the vSwitch or Port Group into promiscuous mode allows the VMM or VMC to hear and receive all frames destined to the Port Group or vSwitch, including frames that would otherwise be blocked by L2 security policy applied to the vSwitch, or other types of frames that would traditionally be dropped by the vSwitch by default.
When forged transmits are set to allow, the vSwitch or Port Group will allow the VM to send out frames using a different MAC address than the one assigned to the VM by the hypervisor. Important in this respect is to features like:
• VLANs (dot1q trunking)
• Use of multiple interfaces (If more than gig0/0/1 is used in the data path)
• VRRP (Generated MAC of (00:00:5E:00:01:VRID)
• Multicast (MAC depends on multicast traffic type)
By Enabling MAC Changes this setting allows the VM to change their unicast and allows the device to see other unicast frames. Generally, if
promiscuous mode and forged transmits are enabled this should be set to ‘enable’ as well to allow the VMM or VMC to send or respond to packets sent to it.