Creating the port groups with PowerCLI

Posted on by VirTaylor

Now that NECCDC is over, I can share some details on how the environment was setup. More specifically how the virtual networking was setup. We had just about 35 vlans in total and all of them needed to be leveraged in the virtual environment for Red/White team jump boxes.

I could have manually created 70 port groups across both of the virtual hosts or migrated to distributed switches to only create 35 port groups but where is the fun with that when we can script it?

Copying, pasting and increment the same line of code 35 times seemed lame. I leveraged what is know in programming as an array. An array is an ordered list of structured data that allows you to take similar items (vlans in this case) and leverage all of them throughout your code.

With PowerCLI its extremely straight forward to create a port group. After connecting to vCenter with your authorized credentials, you can run the following and substitute the name of your vSwitch, desired name of your port group and vlan id.

Get-VirtualSwitch -Name "VSWITCHHERE" | New-VirtualPortGroup -Name "NAMEHERE" -VlanID "VLANIDHERE"

So lets take a look at the final script that was used to build the virtual networking in NECCDC 2019.

#vCenter Server
$vCenter = "vcenter.black.beavernado.com"

#User Credentials
$Credential = Get-Credential "$env:USERDOMAIN\$env:USERNAME"

#vSwitch to Modify
$vSwitch = "vSwitch0"

#Connection to vCenter
Connect-VIServer -Server $vCenter -Credential $Credential

#Array of VLANS for Each Blue segment
$BLUEWANVLAN = 101,102,103,104,105,106,107,108,109,110
$BLUELANVLAN = 201,202,203,204,205,206,207,208,209,210
$BLUEDMZVLAN = 301,302,303,304,305,306,307,308,309,310

#Array of VLANS for Competition Staff
$ADMINVLAN = 200,253,254

#Creation of Blue WAN Port Groups
ForEach ($wanvlan in $BLUEWANVLAN)
{
    Get-VirtualSwitch -Name $vSwitch | New-VirtualPortGroup -Name "BLUE WAN $wanvlan" -VlanID $wanvlan
}

#Creation of Blue LAN Port Groups
ForEach ($lanvlan in $BLUELANVLAN)
{
    Get-VirtualSwitch -Name $vSwitch | New-VirtualPortGroup -name "BLUE LAN $lanvlan" -VlanID $lanvlan
}

#Creation of Blue DMZ Port Groups
ForEach ($dmzvlan in $BLUEDMZVLAN)
{
    Get-VirtualSwitch -Name $vSwitch | New-VirtualPortGroup -name "BLUE DMZ $dmzvlan" -VlanID $dmzvlan
}

#Creation of Admin Port Groups
ForEach ($vlan in $ADMINVLAN)
{
    Get-VirtualSwitch -Name $vSwitch | New-VirtualPortGroup -name "ADMIN $vlan" -VlanID $vlan
}

Here is what it does!

1: Prompts user to enter password for the logged-in user. 

2: Connects to vCenter using the defined server, logged-in username and password that you provide to the prompt.

3: Creates Port Groups for all WAN VLANS defined in the BLUEWAN array.

4: Creates Port Groups for all LAN VLANS defined in the BLUELAN array.

5: Creates Port Groups for all DMZ VLANS defined in the BLUEDMZ array.

6: Creates Port Groups for all Admin VLANS defined in the ADMIN array.

I like to think this was a little more elegant than copying and pasting the same command 35 times.

Published by VirTaylor

Taylor is currently a networking and virtualization engineer who currently holds his VCAP-DCD, VCP-DCV, VCP-DTM, VCP-DW, VCP-NV and CCS-Enterprise.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s