Configure allowed addresses
Configure allowed addresses
Port traffic with a security group can only be sent from a single IP address-MAC address pair, which is assigned at the adding a port to a subnet. If you want to send port traffic from addresses that are used on the server but are not listed on its ports, you must add authorized addresses to the port settings. If additional addresses are not needed, you can to remove them from the port.
Add Allowed Addresses
OpenStack CLI
-
Add resolved addresses:
openstack port set \
--allowed-address ip-address=<ip_address>[,mac-address=<mac_address>] \
<port>Specify:
<ip_address>— IP address or subnet;- optional:
,mac-address=<mac_address>- MAC address corresponding to the IP address. Parameter<mac_address>— MAC address value. If you do not specify a MAC address, the port's primary MAC address will be used; <port>— Port ID, can be viewed with the commandopenstack port list.
Delete authorized addresses
You can remove one IP address — MAC address pair or remove all authorized addresses.
Remove one IP address — MAC address pair
OpenStack CLI
-
Delete the MAC address/IP address pair:
openstack port unset \
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>] \
<port>Specify:
<ip_address>— The IP address to be deleted;,mac-address=<mac_address>- if the MAC address is to be removed with the IP address. Parameter<mac_address>— MAC address value;<port>— Port ID, can be viewed with the commandopenstack port list.
Delete all authorized port addresses
OpenStack CLI
-
Remove all allowed addresses on the port:
openstack port set \
--no-allowed-address \
<port>Specify
<port>— ID or port name, can be viewed with the commandopenstack port list.