How to Fix :Possible DHCP DOS attack seen on the esx host


In NSX-v 6.4.0, you see these symptoms:

  • You see the error: “NSX Alert :Possible DHCP DOS attack on host. (ScreenShot Attached)
    NSX Alert DHCP DOS Attack


This issue occurs because a new DHCP DoS related security feature was introduced in NSX-v 6.4.0, that may report false positives.

This is a known issue affecting VMware NSX for vSphere 6.4.x. Currently, there is no resolution.


To work around this issue, disable these warning messages. You can disable these warning messages NSX Manager Central Command Line Interface.

  1. Login to The NSX Manager SSh Console via Admin . Check the Status for the Event Notification
Read The Rest ......

Distributed firewalls on the NSX Manager central CLI

You can get most information about distributed firewalls on the NSX Manager central CLI.


The path to drill down to the desired information is as follows:

  1. Show all clusters: show cluster all

  2. Then show hosts in a specific cluster: show cluster clusterID

  3. Then show all VMs on a host: show host hostID

  4. Then show information for a VM, which includes filter names and vNIC IDs: show vm vmID

    Here is the Example for the same.

nsxmgr> show cluster all
No.  Cluster Name                Cluster Id               Datacenter Name     Firewall Status
1    Compute Cluster A           domain-c33               Datacenter Site A   Enabled
2    Management & 
Read The Rest ......

How to Fix : VXLAN VMKNic Out Of Sync

NSX Manager detects the entities modified or deleted directly on the vCenter Server for NSX managed object like VXLAN VMKNic, from vCenter Server. System events are raised whenever a delete of an entity happens outside of NSX. When the VMKNic is deleted on the host, but the VMKNic information is still available in NSX, then NSX Manager indicates the deleted VMKNic with an Error icon.

  1. In the vSphere Web Client, navigate to Networking & Security > Installation > Logical Network Preparation.
  2. On the VXLAN Transport tab, expand the Cluster and Hosts.

  3. Click the Error icon
Read The Rest ......

Basic NSX Troubleshooting Commands

Here are some Basic TroubleShooting Commands available which can be useful and should be handy.logo

Checking the NSX Installation on ESXi Host—Host Networking Commands


Host Networking Commands


List physical NICs/vmnic

esxcli network nic list

Check the NIC type, driver type, link status, MTU

Physical NIC details

esxcli network nic get -n vmnic#

Check the driver and firmware versions along with other details

List vmk NICs with IP addresses/MAC/MTU, and so on

esxcli network ip interface ipv4 get

To ensure VTEPs are correctly instantiated

Details of each vmk NIC, including vDS information

esxcli network ip interface list

To ensure

Read The Rest ......

What are the NSX Components


cloud management platform (CMP) is not a component of NSX, but NSX provides integration into virtually any CMP via the REST API and out-of-the-box integration with VMware CMPs.

Read The Rest ......

What is Consumption Platform

The consumption of NSX can be driven directly through the NSX Manager user interface, which is available in the vSphere Web Client. Typically end users tie network virtualization to their cloud management platform for deploying applications. NSX provides rich integration into virtually any CMP through REST APIs. Out-of-the-box integration is also available through VMware vCloud Automation Center, vCloud Director, and OpenStack with the Neutron plug-in for NSX.

What is Management Plane

The NSX management plane is built by the NSX Manager, the centralized network management component of NSX. It provides the single point of configuration and REST API entry-points.

The NSX Manager is installed as a virtual appliance on any ESX™ host in your vCenter Server environment. NSX Manager and vCenter have a one-to-one relationship. For every instance of NSX Manager, there is one vCenter Server. This is true even in a cross-vCenter NSX environment.

In a cross-vCenter NSX environment, there is both a primary NSX Manager and one or more secondary NSX Managers. The primary NSX Manager allows you to … Read The Rest ......

What is Control Plane

The NSX control plane runs in the NSX Controller cluster. NSX Controller is an advanced distributed state management system that provides control plane functions for NSX logical switching and routing functions. It is the central control point for all logical switches within a network and maintains information about all hosts, logical switches (VXLANs), and distributed logical routers.

The controller cluster is responsible for managing the distributed switching and routing modules in the hypervisors. The controller does not have any dataplane traffic passing through it. Controller nodes are deployed in a cluster of three members to enable high-availability and scale. Any … Read The Rest ......

What is Data Plane

The NSX data plane consists of the NSX vSwitch, which is based on the vSphere Distributed Switch (VDS) with additional components to enable services. NSX kernel modules, userspace agents, configuration files, and install scripts are packaged in VIBs and run within the hypervisor kernel to provide services such as distributed routing and logical firewall and to enable VXLAN bridging capabilities.

The NSX vSwitch (vDS-based) abstracts the physical network and provides access-level switching in the hypervisor. It is central to network virtualization because it enables logical networks that are independent of physical constructs, such as VLANs. Some of the benefits of … Read The Rest ......