I've googled for some time and haven't come across my answer yet.
I have enabled Forged Transmitsand Mac Address Changes on ESXi 5.1
I have an application such as scapy that I'm using to receive and generate traffic. Here are the sequence of events that I see happening:
1) Client wants to ping an IP address for my application.
2) Client generates an ARP request for the given IP.
3) The Guest gets this ARP request and responds with a fake MAC address (not the one on the guest adapter).
4) The client receives the ARP reply (I'm guessing because Forged Transmits are permitted).
5) Client tries to communicate with the MAC address it receives but the traffic never reaches the guest. I'm guessing because the vSwitch doesn't know about the MAC.
My question: I'm guessing that "Mac Address Changes" have to update the vSwitch via an API or something? The switch isn't snooping on the traffic like a normal switch and updating a CAM table? Is there a way to make this work?
My request might seem stupid, but there are applications that do this in real life that I would like to use in my lab. Not to mention for some penetration testing this would be nice.
Anyway, this is a good learning opportunity to better understand ESXi if nothing else.
Thanks,
Jeff