makspogonii - Fotolia

How do you reconfigure access to a VMkernel port?

Use ESXi firewall configuration settings and VMkernel ports to control the levels of access that different services, such as Secure Shell, have to your management network.

With vSphere, you can reconfigure VMkernel port settings and limit access from services such as Secure Shell exclusively to your management network.

Every VMkernel TCP/IP stack with an IP address uses that address to listen for services. If you want to use a service such as Secure Shell (SSH) only on your management network, additional configuration is necessary. It's impossible to bind a service to a certain TCP/IP stack, but you can configure the firewall to only allow access to one or a range of addresses.

It's likely you've never had to access the ESXi firewall configuration in your system. The default configuration only allows for the use of those ports that are necessary for the enabled services. When you enable a service, the accompanying VMkernel ports open for you. For example, if you enable the Network Time Protocol service, it opens outgoing UDP port 123.

You can manually open and close each VMkernel port if you want. You can also follow these directions to access and add additional configuration settings for certain VMkernel ports.

Adjust these settings in vSphere Client in the configure tab of your ESXi host. In Figure A, you can see an example of this configuration.

vSphere Client configuration settings
Figure A. Configure settings in vSphere Client.

In this example, the checkbox for Allow connections from any IP address is disabled for the SSH server and one address is in the IP list. With this configuration, the only connections allowed are from that single address to the SSH server. You can add multiple addresses in a list separated by commas.

You can also add a subnet range, such as 172.31.0.0/16. The format is the network address, which is 172.31.0.0 in this example, followed by the prefix length, which is 16 bits. This allows access to only those computers with an address in that subnet.

Dig Deeper on VMware networking

Virtual Desktop
Data Center
Cloud Computing
Close