An NSX 2.2 network deployment with N-VDS enhanced does not support port security. So when a port or network is created with a backend transport zone that includes N-VDS enhanced, port security is disabled by default.

To update an existing network with N-VDS enhanced, you must disable port security before pushing the configuration to your VMware Integrated OpenStack deployment.


  1. Implement the custom.yml file.
    sudo mkdir -p /opt/vmware/vio/custom
    sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
  2. Open the /opt/vmware/vio/custom/custom.yml file in a text editor.

    To configure N-VDS enhanced with port-security disabled, add the following lines.

    nsxv3_disable_port_security_for_ens: True
    nsxv3_ens_support: True
  3. Push the new configuration to your VMware Integrated OpenStack deployment.
    viocli deployment configure --limit controller
  4. As a VMware Integrated OpenStack user, create a network that consumes N-VDS enhanced.
    1. Create the Neutron network and port for the overlay.
      neutron net-create net1 --availability-zone-hint <NVDS_Availability_Zone>
      neutron port-create net1 

      For a Nova boot instance, use no-security-group.

    2. Create the Neutron network for the VLAN.
      neutron net-create net1 --provider: network_type vlan --availability-zone-hint <NVDS_Availability_Zone>