Dynamic Port Vlan Membership; Vmps Database Configuration File - Cisco Catalyst 2950 Software Manual

Chapter 8 Configuring VLANs

Dynamic Port VLAN Membership

A dynamic (nontrunking) port on the switch can belong to only one VLAN. When the link comes up, the
switch does not forward traffic to or from this port until the VMPS provides the VLAN assignment. The
VMPS receives the source MAC address from the first packet of a new host connected to the dynamic
port and attempts to match the MAC address to a VLAN in the VMPS database.
If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not
previously configured, it uses the domain name from the first VTP packet it receives on its trunk port
from the VMPS. If the client switch was previously configured, it includes its domain name in the query
packet to the VMPS to obtain its VLAN number. The VMPS verifies that the domain name in the packet
matches its own domain name before accepting the request and responds to the client with the assigned
VLAN number for the client.
If there is no match, the VMPS either denies the request or shuts down the port (depending on the VMPS
secure mode setting). For more information on possible VMPS responses, see the
Works" section on page
Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN;
however, the VMPS shuts down a dynamic port if more than 20 hosts are active on the port.
If the link goes down on a dynamic port, the port returns to an isolated state and does not belong to a
VLAN. Any hosts that come online through the port are checked again with the VMPS before the port
is assigned to a VLAN.

VMPS Database Configuration File

The VMPS contains a database configuration file that you create. This ASCII text file is stored on a
switch-accessible TFTP server that functions as a VMPS server. The file contains VMPS information,
such as the domain name, the fall-back VLAN name, and the MAC address-to-VLAN mapping. A
Catalyst 3500, Catalyst 2900, or a Catalyst 2950 switch running this software release cannot act as the
VMPS. Use a Catalyst 5000 series switch such as the VMPS.
The VMPS database configuration file on the server must use the Catalyst 2950 convention for naming
ports. For example, fastethernet 0/5 is fixed-port number 5.
If the switch is a cluster member, the command switch adds the name of the switch before the Fa. For
example, es3%Fa 0/2 refers to fixed 10/100 port 2 on member switch 3. These naming conventions must
be used in the VMPS database configuration file when it is configured to support a cluster.
You can configure a fallback VLAN name. If you connect a device with a MAC address that is not in the
database, the VMPS sends the fallback VLAN name to the client. If you do not configure a fallback
VLAN and the MAC address does not exist in the database, the VMPS sends an access-denied response.
If the VMPS is in secure mode, it sends a port-shutdown response.
This example shows a sample VMPS database configuration file as it appears on a Catalyst 5000 series
switch.
!vmps domain <domain-name>
! The VMPS domain must be defined.
!vmps mode { open | secure }
! The default mode is open.
!vmps fallback <vlan-name>
!vmps no-domain-req { allow | deny }
!
! The default value is allow.
vmps domain WBU
vmps mode open
78-11380-03
8-28.
Catalyst 2950 Desktop Switch Software Configuration Guide
How the VMPS Works
"How the VMPS
8-29