summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-10-01 13:15:08 +0000
committerGerrit Code Review <review@openstack.org>2018-10-01 13:15:08 +0000
commitf1f32526feb6cd4f5fe70239c16791df763233d6 (patch)
treea931c24bcfc8969630d03b7192095b27c8584711
parent9cc228470ccceeb20e8ecce0b5dbd4a5e13e3cac (diff)
parent39ae5732dde4c7312ece54e8bbabc466d8a5e280 (diff)
Merge "Support disabling inactive links for Juniper"
-rw-r--r--doc/source/configuration.rst22
-rw-r--r--networking_generic_switch/devices/netmiko_devices/juniper.py8
-rw-r--r--networking_generic_switch/tests/unit/netmiko/test_juniper.py24
3 files changed, 54 insertions, 0 deletions
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 19cee5f..9710ee2 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -27,6 +27,9 @@ Switch configuration format::
27 or ngs_mac_address. So, you can use the switch MAC address to identify 27 or ngs_mac_address. So, you can use the switch MAC address to identify
28 switches if local_link_connection/switch_info is not set. 28 switches if local_link_connection/switch_info is not set.
29 29
30Examples
31--------
32
30Here is an example of 33Here is an example of
31``/etc/neutron/plugins/ml2/ml2_conf_genericswitch.ini`` 34``/etc/neutron/plugins/ml2/ml2_conf_genericswitch.ini``
32for the Cisco 300 series device:: 35for the Cisco 300 series device::
@@ -192,3 +195,22 @@ timeout of 60 seconds before failing. This timeout can be configured as follows
192 [ngs_coordination] 195 [ngs_coordination]
193 ... 196 ...
194 acquire_timeout = <timeout in seconds> 197 acquire_timeout = <timeout in seconds>
198
199Disabling Inactive Ports
200========================
201
202By default, switch interfaces remain administratively enabled when not in use,
203and the access VLAN association is removed. On most devices, this will cause
204the interface to be a member of the default VLAN, usually VLAN 1. This could
205be a security issue, with unallocated ports having access to a shared network.
206
207To resolve this issue, it is possible to configure interfaces as
208administratively down when not in use. This is done on a per-device basis,
209using the ``ngs_disable_inactive_ports`` flag::
210
211 [genericswitch:device-hostname]
212 ngs_disable_inactive_ports = <optional boolean>
213
214This is currently supported by the following devices:
215
216* Juniper Junos OS
diff --git a/networking_generic_switch/devices/netmiko_devices/juniper.py b/networking_generic_switch/devices/netmiko_devices/juniper.py
index 9445552..afa18fd 100644
--- a/networking_generic_switch/devices/netmiko_devices/juniper.py
+++ b/networking_generic_switch/devices/netmiko_devices/juniper.py
@@ -54,6 +54,14 @@ class Juniper(netmiko_devices.NetmikoSwitch):
54 'vlan members', 54 'vlan members',
55 ) 55 )
56 56
57 ENABLE_PORT = (
58 'delete interface {port} disable',
59 )
60
61 DISABLE_PORT = (
62 'set interface {port} disable',
63 )
64
57 ADD_NETWORK_TO_TRUNK = ( 65 ADD_NETWORK_TO_TRUNK = (
58 'set interface {port} unit 0 family ethernet-switching ' 66 'set interface {port} unit 0 family ethernet-switching '
59 'vlan members {segmentation_id}', 67 'vlan members {segmentation_id}',
diff --git a/networking_generic_switch/tests/unit/netmiko/test_juniper.py b/networking_generic_switch/tests/unit/netmiko/test_juniper.py
index b532513..27d1aab 100644
--- a/networking_generic_switch/tests/unit/netmiko/test_juniper.py
+++ b/networking_generic_switch/tests/unit/netmiko/test_juniper.py
@@ -82,12 +82,36 @@ class TestNetmikoJuniper(test_netmiko_base.NetmikoSwitchTestBase):
82 82
83 @mock.patch('networking_generic_switch.devices.netmiko_devices.' 83 @mock.patch('networking_generic_switch.devices.netmiko_devices.'
84 'NetmikoSwitch.send_commands_to_device') 84 'NetmikoSwitch.send_commands_to_device')
85 def test_plug_port_to_network_disable_inactive(self, m_sctd):
86 switch = self._make_switch_device(
87 {'ngs_disable_inactive_ports': 'true'})
88 switch.plug_port_to_network(3333, 33)
89 m_sctd.assert_called_with(
90 ['delete interface 3333 disable',
91 'delete interface 3333 unit 0 family ethernet-switching '
92 'vlan members',
93 'set interface 3333 unit 0 family ethernet-switching '
94 'vlan members 33'])
95
96 @mock.patch('networking_generic_switch.devices.netmiko_devices.'
97 'NetmikoSwitch.send_commands_to_device')
85 def test_delete_port(self, mock_exec): 98 def test_delete_port(self, mock_exec):
86 self.switch.delete_port(3333, 33) 99 self.switch.delete_port(3333, 33)
87 mock_exec.assert_called_with( 100 mock_exec.assert_called_with(
88 ['delete interface 3333 unit 0 family ethernet-switching ' 101 ['delete interface 3333 unit 0 family ethernet-switching '
89 'vlan members']) 102 'vlan members'])
90 103
104 @mock.patch('networking_generic_switch.devices.netmiko_devices.'
105 'NetmikoSwitch.send_commands_to_device')
106 def test_delete_port_disable_inactive(self, m_sctd):
107 switch = self._make_switch_device(
108 {'ngs_disable_inactive_ports': 'true'})
109 switch.delete_port(3333, 33)
110 m_sctd.assert_called_with(
111 ['delete interface 3333 unit 0 family ethernet-switching '
112 'vlan members',
113 'set interface 3333 disable'])
114
91 def test_send_config_set(self): 115 def test_send_config_set(self):
92 connect_mock = mock.MagicMock(netmiko.base_connection.BaseConnection) 116 connect_mock = mock.MagicMock(netmiko.base_connection.BaseConnection)
93 connect_mock.send_config_set.return_value = 'fake output' 117 connect_mock.send_config_set.return_value = 'fake output'