Configure the allowed IP/MAC addresses on the port
Port traffic with a security group can only be sent from a single IP/MAC address pair that is assigned at the adding a port to a subnet. If traffic on a port is to be sent from addresses that are not listed on that port, you must add authorized addresses to the port settings.
If additional addresses are not needed, you can to remove them from the port.
Add Allowed IP/MAC Addresses
A maximum of 10 additional IP/MAC address pairs can be added per port.
Add Allowed Addresses per Port on a Private Subnet
Control panel
OpenStack CLI
-
В control panels from the top menu, press Products and select Cloud servers.
-
Go to the section Network → tab Private networks.
-
Open the network page → tab Ports.
-
In the port card, in the security groups field, click .
-
If you want to allow all IP addresses, click Allow all IP addresses for VPN. Traffic from the subnet will be allowed
0.0.0.0/0
with the default MAC address of the port. -
If you want to allow traffic from specific addresses:
6.1. Press Add an IP/MAC pair.
6.2 Enter the IP address or subnet in CIDR format.
6.3 Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.
6.4 To add another address pair, repeat steps 6.1 through 6.3.
-
Click Save.
-
Add resolved addresses:
openstack port set \
--allowed-address ip-address=<ip_address>[,mac-address=<mac_address>] \
<port>Specify:
<ip_address>
— IP address or subnet;- optional:
,mac-address=<mac_address>
- MAC address corresponding to the IP address. Parameter<mac_address>
— MAC address value. If you do not specify a MAC address, the port's primary MAC address will be used; <port>
— Port ID, can be viewed with the commandopenstack port list
.
Add Allowed Addresses per Port on a Public Subnet
Control panel
OpenStack CLI
-
В control panels from the top menu, press Products and select Cloud servers.
-
Go to the section Network → tab Public subnets.
-
Open the subnet card → tab Ports.
-
On the port line, in the field Security groups click .
-
If you want to allow all IP and MAC addresses, click Allow all IP addresses for VPN. Traffic from the subnet will be allowed
0.0.0.0/0
with the default MAC address of the port. -
If you want to allow traffic from specific addresses:
6.1. Press Add an IP/MAC pair.
6.2 Enter the IP address or subnet in CIDR format.
6.3 Optional: Enter a MAC address that matches the IP address, or leave the MAC address of the default port.
6.4 To add another address pair, repeat steps 6.1 through 6.3.
-
Click Save.
-
Add resolved addresses:
openstack port set \
--allowed-address ip-address=<ip_address>[,mac-address=<mac_address>] \
<port>Specify:
<ip_address>
— IP address or subnet;- optional:
,mac-address=<mac_address>
- MAC address corresponding to the IP address. Parameter<mac_address>
— MAC address value. If you do not specify a MAC address, the port's primary MAC address will be used; <port>
— Port ID, can be viewed with the commandopenstack port list
.
Delete Allowed IP/MAC Addresses
Remove allowed addresses from a port on a private subnet
Control panel
OpenStack CLI
-
В control panels from the top menu, press Products and select Cloud servers.
-
Go to the section Network → tab Private networks.
-
Open the network page → tab Ports.
-
In the port card, in the security groups field, click .
-
On the address pair line, click .
-
Click Save.
-
If you want to remove one IP address — MAC address pair:
openstack port unset \
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>] \
<port>Specify:
<ip_address>
— The IP address to be deleted;,mac-address=<mac_address>
- if the MAC address is to be removed with the IP address. Parameter<mac_address>
— MAC address value;<port>
— Port ID, can be viewed with the commandopenstack port list
.
-
If you want to remove all allowed addresses from a port:
openstack port set \
--no-allowed-address \
<port>
Remove authorized addresses from a port on a public subnet
Control panel
OpenStack CLI
-
В control panels from the top menu, press Products and select Cloud servers.
-
Go to the section Network → tab Public subnets.
-
Open the subnet card → tab Ports.
-
On the port line, in the field Security groups click .
-
On the address pair line, click .
-
Click Save.
-
If you want to remove one IP address — MAC address pair:
openstack port unset \
--allowed-address ip-address=<ip-address>[,mac-address=<mac-address>] \
<port>Specify:
<ip_address>
— The IP address to be deleted;,mac-address=<mac_address>
- if the MAC address is to be removed with the IP address. Parameter<mac_address>
— MAC address value;<port>
— Port ID, can be viewed with the commandopenstack port list
.
-
If you want to remove all allowed addresses from a port:
openstack port set \
--no-allowed-address \
<port>