Browse Source

Support disabling inactive links for Juniper

Adds the necessary code to the Juniper Junos device driver to support
disabling inactive links. This feature is enabled by setting the
per-device config flag 'ngs_disable_inactive_ports'.

Change-Id: I636613d0c910d10601422ad094f835c17a606e37
Story: 2003391
Task: 24933
Mark Goddard 7 months ago
parent
commit
39ae5732dd

+ 22
- 0
doc/source/configuration.rst View File

@@ -27,6 +27,9 @@ Switch configuration format::
27 27
     or ngs_mac_address. So, you can use the switch MAC address to identify
28 28
     switches if local_link_connection/switch_info is not set.
29 29
 
30
+Examples
31
+--------
32
+
30 33
 Here is an example of
31 34
 ``/etc/neutron/plugins/ml2/ml2_conf_genericswitch.ini``
32 35
 for the Cisco 300 series device::
@@ -192,3 +195,22 @@ timeout of 60 seconds before failing. This timeout can be configured as follows
192 195
     [ngs_coordination]
193 196
     ...
194 197
     acquire_timeout = <timeout in seconds>
198
+
199
+Disabling Inactive Ports
200
+========================
201
+
202
+By default, switch interfaces remain administratively enabled when not in use,
203
+and the access VLAN association is removed. On most devices, this will cause
204
+the interface to be a member of the default VLAN, usually VLAN 1. This could
205
+be a security issue, with unallocated ports having access to a shared network.
206
+
207
+To resolve this issue, it is possible to configure interfaces as
208
+administratively down when not in use. This is done on a per-device basis,
209
+using the ``ngs_disable_inactive_ports`` flag::
210
+
211
+    [genericswitch:device-hostname]
212
+    ngs_disable_inactive_ports = <optional boolean>
213
+
214
+This is currently supported by the following devices:
215
+
216
+* Juniper Junos OS

+ 8
- 0
networking_generic_switch/devices/netmiko_devices/juniper.py View File

@@ -54,6 +54,14 @@ class Juniper(netmiko_devices.NetmikoSwitch):
54 54
         'vlan members',
55 55
     )
56 56
 
57
+    ENABLE_PORT = (
58
+        'delete interface {port} disable',
59
+    )
60
+
61
+    DISABLE_PORT = (
62
+        'set interface {port} disable',
63
+    )
64
+
57 65
     ADD_NETWORK_TO_TRUNK = (
58 66
         'set interface {port} unit 0 family ethernet-switching '
59 67
         'vlan members {segmentation_id}',

+ 24
- 0
networking_generic_switch/tests/unit/netmiko/test_juniper.py View File

@@ -80,6 +80,19 @@ class TestNetmikoJuniper(test_netmiko_base.NetmikoSwitchTestBase):
80 80
              'set interface 3333 unit 0 family ethernet-switching '
81 81
              'vlan members 33'])
82 82
 
83
+    @mock.patch('networking_generic_switch.devices.netmiko_devices.'
84
+                'NetmikoSwitch.send_commands_to_device')
85
+    def test_plug_port_to_network_disable_inactive(self, m_sctd):
86
+        switch = self._make_switch_device(
87
+            {'ngs_disable_inactive_ports': 'true'})
88
+        switch.plug_port_to_network(3333, 33)
89
+        m_sctd.assert_called_with(
90
+            ['delete interface 3333 disable',
91
+             'delete interface 3333 unit 0 family ethernet-switching '
92
+             'vlan members',
93
+             'set interface 3333 unit 0 family ethernet-switching '
94
+             'vlan members 33'])
95
+
83 96
     @mock.patch('networking_generic_switch.devices.netmiko_devices.'
84 97
                 'NetmikoSwitch.send_commands_to_device')
85 98
     def test_delete_port(self, mock_exec):
@@ -88,6 +101,17 @@ class TestNetmikoJuniper(test_netmiko_base.NetmikoSwitchTestBase):
88 101
             ['delete interface 3333 unit 0 family ethernet-switching '
89 102
              'vlan members'])
90 103
 
104
+    @mock.patch('networking_generic_switch.devices.netmiko_devices.'
105
+                'NetmikoSwitch.send_commands_to_device')
106
+    def test_delete_port_disable_inactive(self, m_sctd):
107
+        switch = self._make_switch_device(
108
+            {'ngs_disable_inactive_ports': 'true'})
109
+        switch.delete_port(3333, 33)
110
+        m_sctd.assert_called_with(
111
+            ['delete interface 3333 unit 0 family ethernet-switching '
112
+             'vlan members',
113
+             'set interface 3333 disable'])
114
+
91 115
     def test_send_config_set(self):
92 116
         connect_mock = mock.MagicMock(netmiko.base_connection.BaseConnection)
93 117
         connect_mock.send_config_set.return_value = 'fake output'

Loading…
Cancel
Save