Information
Certain physical switches reserve certain VLAN IDs for internal purposes and often disallow traffic configured to these values. For example, Cisco Catalyst switches typically reserve VLANs 1001-1024 and 4094, while Nexus switches typically reserve 3968-4047 and 4094. Check with the documentation for your specific switch. Using a reserved VLAN might result in a denial of service on the network.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere Web Client go to Networking >> Select a distributed switch >> Select a distributed port group >> Configure >> Settings >> Policies. Click 'Edit' and under the VLAN section and change the VLAN ID to an unreserved VLAN ID and click 'OK'.
or
From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-VDPortgroup 'portgroup name' | Set-VDVlanConfiguration -VlanId 'New VLAN#'