diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index 8a66b5e105..f9823b3b00 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -2381,6 +2381,12 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
             if not updated_excluded:
                 tags_update.append({'scope': security.PORT_SG_SCOPE,
                                     'tag': NSX_V3_DEFAULT_SECTION})
+            else:
+                # Ensure that the 'exclude' tag is set
+                if self.nsxlib.feature_supported(
+                    nsxlib_consts.FEATURE_EXCLUDE_PORT_BY_TAG):
+                    tags_update.append({'scope': security.PORT_SG_SCOPE,
+                                        'tag': nsxlib_consts.EXCLUDE_PORT})
         else:
             self._update_lport_with_security_groups(
                 context, lport_id,