Even without the port security extension in place, Neutron implements the default behavior of the extension by implementing DHCP, MAC address, and IP address spoofing rules on every port. The port security extension allows users with the admin role to disable port security on individual ports or network-wide. Port security can be disabled on all ports connected to a particular network by setting the --disable-port-security argument during network creation:

When a port is created and attached to the network, its port_security_enabled attribute will be set to False automatically:

It is important to know that when port security is disabled on a port, the API will not allow the port to be associated with any security groups. The lack of security group rules means all traffic is allowed in and out of a port. Disabling port security means any filtering must be implemented within the guest operating system.