A.4.7 Before a VM Instance has been Booted: Port Security

To disable port security for a port before it is associated with a VM instance, create the port and specify the time that port security should be disabled. The command to create a new port with port security disabled is as follows:

# neutron port-create –-name <Port Name> –-port-security-enabled=false --fixed-ip subnet-id=$(neutron subnet-show –f value –F id <Subnet name>),ip_address=<Target IP address> $(neutron net-show –f value –F id <Network name>)

where:

• <Port Name>

  This is effectively a string alias for the port that is useful when trying to locate the ID for the port but the –-name <Port Name> portion of the command. This is optional.

• <Subnet name>

  The name of the subnet to which the port should be added.

• <Target IP address>

  The unique IP address to be associated with the port.

• <Network Name>

  The name of the network with which the port should be associated.

For example: To indicate to Neutron that a new port should have port security disabled and an IP address of 10.133.97.133 on the ext-subnet subnet then run following command:

# neutron port-create –name foo –-port-security-enabled=false --fixed-ip subnet-id=$(neutron subnet-show –f value –F id ext-subnet),ip_address=10.133.97.133 $(neutron net-show –f value –F id ext-net)

Once the port or ports with port security disabled have been created, run the following command when you boot the VM instance:

# nova boot --flavor m1.xlarge --image testVMimage --nic port-id=$(neutron port-show –f value –F id <Port Name>) testvm3

where the flavor, image, and VM instance name values must be replaced by values appropriate for your VM. If the port to be associated with the VM instance is not named, then obtain the port’s ID using the neutron port-list command and replace the $(neutron port-show –f value –F id <Port Name>) sequence in the command with the port’s ID value.