| This control addresses ESXi standard switches. Distributed switches are addressed in the vCenter STIG. If there is no standard switch on the ESXi host, this is not applicable. |
From the vSphere Client, go to Hosts and Clusters.
Select the ESXi Host >> Configure >> Networking >> Virtual Switches.
For each standard switch, review the "VLAN ID" on each port group and verify it is not set to "4095".
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VirtualPortGroup | Select Name, VLanID
If any port group is configured with VLAN 4095 and is not documented as a needed exception, this is a finding.