On 18 July 2013 00:45, Aaron Rosen <arosen at nicira.com> wrote: > Hi Ian, > > For shared networks if the network is set to port_security_enabled=True then > the tenant will not be able to remove port_security_enabled from their port > if they are not the owner of the network. I believe this is the correct > behavior we want. In addition, only admin's are able to create shared > networks by default. Can you point me to the documentation for port_security_enabled? > I've created the following blueprint > https://blueprints.launchpad.net/neutron/+spec/allowed-address-pairs and > doc: > https://docs.google.com/document/d/1hyB3dIkRF623JlUsvtQFo9fCKLsy0gN8Jf6SWnqbWWA/edit?usp=sharing > which will provide us a way to do this. It would be awesome if you could > check it out and let me know what you think. I'd still like the simpler and more general purpose 'disable spoofing' option as well. That doesn't allow MAC spoofing and it doesn't work for what I'm up to. -- Ian.