Browse Source

Merge "Support disabling inactive links for Juniper"

Zuul 6 months ago
parent
commit
f1f32526fe

+ 22
- 0
doc/source/configuration.rst View File

@@ -27,6 +27,9 @@ Switch configuration format::
27 27
     or ngs_mac_address. So, you can use the switch MAC address to identify
28 28
     switches if local_link_connection/switch_info is not set.
29 29
 
30
+Examples
31
+--------
32
+
30 33
 Here is an example of
31 34
 ``/etc/neutron/plugins/ml2/ml2_conf_genericswitch.ini``
32 35
 for the Cisco 300 series device::
@@ -192,3 +195,22 @@ timeout of 60 seconds before failing. This timeout can be configured as follows
192 195
     [ngs_coordination]
193 196
     ...
194 197
     acquire_timeout = <timeout in seconds>
198
+
199
+Disabling Inactive Ports
200
+========================
201
+
202
+By default, switch interfaces remain administratively enabled when not in use,
203
+and the access VLAN association is removed. On most devices, this will cause
204
+the interface to be a member of the default VLAN, usually VLAN 1. This could
205
+be a security issue, with unallocated ports having access to a shared network.
206
+
207
+To resolve this issue, it is possible to configure interfaces as
208
+administratively down when not in use. This is done on a per-device basis,
209
+using the ``ngs_disable_inactive_ports`` flag::
210
+
211
+    [genericswitch:device-hostname]
212
+    ngs_disable_inactive_ports = <optional boolean>
213
+
214
+This is currently supported by the following devices:
215
+
216
+* Juniper Junos OS

+ 8
- 0
networking_generic_switch/devices/netmiko_devices/juniper.py View File

@@ -54,6 +54,14 @@ class Juniper(netmiko_devices.NetmikoSwitch):
54 54
         'vlan members',
55 55
     )
56 56
 
57
+    ENABLE_PORT = (
58
+        'delete interface {port} disable',
59
+    )
60
+
61
+    DISABLE_PORT = (
62
+        'set interface {port} disable',
63
+    )
64
+
57 65
     ADD_NETWORK_TO_TRUNK = (
58 66
         'set interface {port} unit 0 family ethernet-switching '
59 67
         'vlan members {segmentation_id}',

+ 24
- 0
networking_generic_switch/tests/unit/netmiko/test_juniper.py View File

@@ -80,6 +80,19 @@ class TestNetmikoJuniper(test_netmiko_base.NetmikoSwitchTestBase):
80 80
              'set interface 3333 unit 0 family ethernet-switching '
81 81
              'vlan members 33'])
82 82
 
83
+    @mock.patch('networking_generic_switch.devices.netmiko_devices.'
84
+                'NetmikoSwitch.send_commands_to_device')
85
+    def test_plug_port_to_network_disable_inactive(self, m_sctd):
86
+        switch = self._make_switch_device(
87
+            {'ngs_disable_inactive_ports': 'true'})
88
+        switch.plug_port_to_network(3333, 33)
89
+        m_sctd.assert_called_with(
90
+            ['delete interface 3333 disable',
91
+             'delete interface 3333 unit 0 family ethernet-switching '
92
+             'vlan members',
93
+             'set interface 3333 unit 0 family ethernet-switching '
94
+             'vlan members 33'])
95
+
83 96
     @mock.patch('networking_generic_switch.devices.netmiko_devices.'
84 97
                 'NetmikoSwitch.send_commands_to_device')
85 98
     def test_delete_port(self, mock_exec):
@@ -88,6 +101,17 @@ class TestNetmikoJuniper(test_netmiko_base.NetmikoSwitchTestBase):
88 101
             ['delete interface 3333 unit 0 family ethernet-switching '
89 102
              'vlan members'])
90 103
 
104
+    @mock.patch('networking_generic_switch.devices.netmiko_devices.'
105
+                'NetmikoSwitch.send_commands_to_device')
106
+    def test_delete_port_disable_inactive(self, m_sctd):
107
+        switch = self._make_switch_device(
108
+            {'ngs_disable_inactive_ports': 'true'})
109
+        switch.delete_port(3333, 33)
110
+        m_sctd.assert_called_with(
111
+            ['delete interface 3333 unit 0 family ethernet-switching '
112
+             'vlan members',
113
+             'set interface 3333 disable'])
114
+
91 115
     def test_send_config_set(self):
92 116
         connect_mock = mock.MagicMock(netmiko.base_connection.BaseConnection)
93 117
         connect_mock.send_config_set.return_value = 'fake output'

Loading…
Cancel
Save