diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py index 9a59a0de19..cc69ee763e 100644 --- a/vmware_nsx/plugins/nsx_v3/plugin.py +++ b/vmware_nsx/plugins/nsx_v3/plugin.py @@ -114,6 +114,7 @@ NSX_V3_DHCP_PROFILE_NAME = 'neutron_port_dhcp_profile' NSX_V3_MAC_LEARNING_PROFILE_NAME = 'neutron_port_mac_learning_profile' NSX_V3_FW_DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups' NSX_V3_EXCLUDED_PORT_NSGROUP_NAME = 'neutron_excluded_port_nsgroup' +NSX_V3_NON_VIF_PROFILE = 'nsx-default-switch-security-non-vif-profile' # NOTE(asarfaty): the order of inheritance here is important. in order for the @@ -284,6 +285,10 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, "profile: %(name)s. Reason: %(reason)s"), {'name': NSX_V3_MAC_LEARNING_PROFILE_NAME, 'reason': e}) + self._no_switch_security = profiles.build_switch_profile_ids( + self._switching_profiles, + self._switching_profiles.find_by_display_name( + NSX_V3_NON_VIF_PROFILE)[0])[0] def _translate_configured_names_to_uuids(self): # default VLAN transport zone name / uuid @@ -1628,6 +1633,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, (validators.is_attr_set(port_data.get(mac_ext.MAC_LEARNING)) and port_data.get(mac_ext.MAC_LEARNING) is True))): profiles.append(self._mac_learning_profile) + profiles.append(self._no_switch_security) name = self._get_port_name(context, port_data) @@ -2331,6 +2337,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin, (mac_learning_profile_set or updated_port.get(mac_ext.MAC_LEARNING) is True)): switch_profile_ids.append(self._mac_learning_profile) + switch_profile_ids.append(self._no_switch_security) try: self._port_client.update(