«

»

ESXi host advanced configuration using PowerCLI – parameter Net.BlockGuestBPDU

I was recently asked by one customer to verify the existing Bridge Protocol Data Unit (BPDU) Filter configuration for their 75+ ESXi hosts and if needed (not activated) change the default configuration from the value “0” to the value “1” to activate the feature.

This blog post will focus on the PowerCLI configuration and not explaining what BPDU is and how it works. For BPDU explanation, see  e.g. VMware KB 2047822.

The below figure shows the default ESXi host advanced configuration option for BPDU.Screen Shot 2013-05-06 at 09.38.51

There was a few customer requirements i needed to respect before starting making any changes:

  • Verify, per ESXi host, if the configuration needs to be changed. The customer had already activate BPDU for a few ESXi hosts.
  • Change the BPDU configuration. Do not set the value to “1” for the ESXi hosts already using the value “1”. This is based on the customer change management requirements.
  • Create one configuration report including all ESXi hosts no matter if the BPDU configuration had to be changed or not.
  • Save the configuration report to a file.
  • Send an e-mail with the configuration report attached.

Use the below script to verify if the BPDU configuration needs to be changed, make the change if required, save the configuration report to a file and send an e-mail with the configuration report attached.

Change the red marked text in the script to your required values.

# ESXi Host BPDU configuration
# Version 1.0 Magnus Andersson
#————————————————
# Start of script parameters section
$date = get-date -uformat %Y-%m-%d
#
$outfile=”c:software$date-ESXi-config-change.txt
#
$vcenter = “vc-demo01
$vcenteruser = “hometestuser
$vcenterpw = “notsecret
#
$sendTo = “magnus@home.test
$sendFrom = “vc-demo01@home.test
$smtpserver = “smtp.home.test
#
# End of script parameter section
#——————————————
#
# Connect to vcenter Server
connect-viserver $vcenter -User $vcenteruser -Password $vcenterpw
#
# Verify if configuration changes are needed and if so, change the configuration to the value 1
$vmHosts = get-vmhost
$vmHosts | % {
  if (($_ | Get-VMHostAdvancedConfiguration -name net.blockguestbpdu)[“Net.BlockGuestBPDU”] -eq 0) {
    Write-Output “Net.BlockGuestBPDU value for $_ is 0 and will be changed. New Configuration for $_ is:” | out-file $outfile -append
set-vmhostadvancedconfiguration -vmhost $_ -name Net.BlockGuestBPDU -value 1 | out-file $outfile -append
} else {
    Write-Output “Net.BlockGuestBPDU value for $_ is correct and does not need to be changed” | out-file $outfile -append
  }
}
#
# Send e-mail report
send-mailmessage -to $sendTo -from $sendFrom -Subject “ESXi host Net.BlockGuestBPDU traffic configuration report” -smtpserver $smtpserver -Attachments $outfile  

This is the e-mail report, with open attachment, you’ll receive when the script is finished.

Screen Shot 2013-05-06 at 11.03.22

If you don’t want (or if the customer doesn’t require) to save the script output to a file you can include the same information in the e-mail as plain text using the below script.

Change the red marked text in the script to your required values.

# ESXi Host BPDU configuration
# Version 1.0 Magnus Andersson

#————————————————

# Start of script parameters section
#
$vcenter = “vc-demo01
$vcenteruser = “hometestuser
$vcenterpw = “notsecret
#
$sendTo = “magnus@home.test
$sendFrom = “vc-demo01@home.test
$smtpserver = “smtp.home.test
#
# End of script parameter section
#——————————————
#
# Connect to vcenter Server
connect-viserver $vcenter -User $vcenteruser -Password $vcenterpw
#
# Verify if configuration changes are needed and if so, change the configuration to the value 1
$Body = @()
Get-VMHost | Foreach {
  if (($_ | Get-VMHostAdvancedConfiguration -name net.blockguestbpdu)[“Net.BlockGuestBPDU”] -eq 0) {
$Body = $Body + “Net.BlockGuestBPDU value for $($_) is 0 and will be changed. New Configuration for $_ is” | out-string
$newBody = (set-vmhostadvancedconfiguration -vmhost $_ -name Net.BlockGuestBPDU -value 1)
$Body += $newBody | out-string
  } else {
$Body = $Body + “Net.BlockGuestBPDU value for $($_) is correct and does not need to be changed” | out-string
  }
}
#
# Send e-mail report
send-mailmessage -to $sendTo -from $sendFrom -Subject “ESXi host Net.BlockGuestBPDU traffic configuration report” -smtpserver $smtpserver -Body $Body
This is the plain text e-mail report, without attachment, you’ll receive when the script is finished.
Screen Shot 2013-05-06 at 15.26.24
Thanks to @ARenouf and @nkange for script input.

3 pings

  1. Configure and report the ESXi host TSM-SSH service using PowerCLI | vcdx56

    […] service violates both the customer’s design and regulations. I have previously written a blog post how to verify the ESXi host BPDU setting, change it if needed and send an e-mail report so i […]

Comments have been disabled.