Closed Sk83r closed 3 years ago
dcoghlan
commented
3 years ago You can use Get-NsxSecurityGroupEffectiveIpAddress
or you can use Get-NsxSecurityGroupEffectiveMember which runs the following 4 cmdlets and returns all member types
Get-NsxSecurityGroupEffectiveVirtualMachine
Get-NsxSecurityGroupEffectiveIpAddress
Get-NsxSecurityGroupEffectiveMacAddress
Get-NsxSecurityGroupEffectiveVnic
Sk83r
commented
3 years ago Hi
Thanks for replying, here's an example
SG-TEST contains : | David-laptop , virtualMachine | Jay-laptop , virtualMachine | lab-VM , IPSet | SG-NESTED-TEST, securitygroup
Im interested in David-laptop and Jay-laptop IPs. nothing else Get-NsxSecurityGroupEffectiveIpAddress gives me all IP addresses, more than 10 IPs. dont want that. Get-NsxSecurityGroupEffectiveVirtualMachine gives me VM names but not the 2 IP addresses themselves.
Thanks
dcoghlan
commented
3 years ago You'll need to loop through the output of Get-NsxSecurityGroupEffectiveVirtualMachine and enumerate the IP addresses from the virtual machines. You can achieve this in multiple methods (either through vCenter or just with NSX Manager). Some example scripts which leverage various methods just using NSX Manager are below:
Example 1: shows how you can leverage the API to find the IP addresses of a VM object by using the securitygroup translation API
Example 2: shows how you can leverage the spoofguard database in NSX Manager to discover all the IP addresses of all vnics assigned to a VM
Sk83r
commented
3 years ago Thanks for this one @dcoghlan very nice
Hi guys,
Wondering if there's any interesting way to retrieve all virtual machines IP that attached to security group.
EffectiveIPaddress switch retrieves all IPs from SG and I need just the ones related to VMs attached to it.
Thanks