Actually what is being described here is a way to monitor traffic on the virtual switch from a VM, *not* pushing the traffic out to and external switch. You connect your IDS VM to the vswitch using a portgroup with promiscuous mode, and then it can see all the traffic on the vswitch (or just on one VLAN if you prefer). Using a separate portgroup for the IDS VM is done in order to prevent the other VMs from being able to sniff each others traffic (which was Chris's original complaint).