Cisco WS-C2948G-GE-TX Configuration Manual page 259

Chapter 12 Configuring Dynamic VLAN Membership with VMPS
Section 2, MAC addresses, lists MAC addresses and authorized VLAN names for each MAC address.
• Enter the MAC address of each host and the VLAN name to which each should belong.
• Use the --NONE-- keyword as the VLAN name to deny the specified host network connectivity.
• You can enter up to 21,051 MAC addresses in a VMPS database file for the Catalyst 2948G switch.
In the example at the end of this section, MAC addresses are listed in the MAC table. Notice that
the MAC address fedc.ba98.7654 is set to --NONE--. This setting explicitly denies this MAC
address from accessing the network.
Section 3, Port groups, lists groups of ports on various switches in your network that you want grouped
together. You use these port groups when defining VLAN port policies.
• Define a port group name for each port group, and then list all the ports that you want included in
the port group.
• A port is identified by the IP address of the switch and the module/port number of the port in the
form mod_num/port_num. Ranges are not allowed for the port numbers.
• Use the all-ports keyword to specify all the ports in the specified switch.
The example at the end of this section has two port groups:
–
–
Section 4, VLAN groups, lists groups of VLANs that you want to associate together. You use these
VLAN groups when defining VLAN port policies.
• Define the VLAN group name and then list each VLAN name that you want to include in the VLAN
group.
You can enter a maximum of 256 VLANs in a VMPS database file for the Catalyst 2948G switch.
•
The example at the end of this section has the VLAN group Engineering, which consists of the
VLANs hardware and software.
Section 5, VLAN port policies, lists the VLAN port policies, which use the port groups and VLAN
groups to further restrict access to the network.
You can configure a restricted access using MAC addresses and the port groups or VLAN groups.
•
The example at the end of this section has three VLAN port policies specified:
–
–
–
This example shows a sample VMPS database configuration file:
!Section 1: GLOBAL SETTINGS
!VMPS File Format, version 1.1
! Always begin the configuration file with
! the word "VMPS"
!
!vmps domain <domain-name>
! The VMPS domain must be defined.
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
78-15908-01
WiringCloset1 consists of port 3/2 on the VMPS client 198.92.30.32 and port 2/8 on the VMPS
client 172.20.26.141
Executive Row consists of port 1/2 and 1/3 on the VMPS client 198.4.254.222 and all ports on
the VMPS client 198.4.254.223
In the first VLAN port policy, the VLAN hardware or software is restricted to port 3/2 on the
VMPS client 198.92.30.32 and port 2/8 on the VMPS client 172.20.23.141.
In the second VLAN port policy, the devices that are specified in VLAN Green can connect
only to port 4/8 on the VMPS client 198.92.30.32.
In the third VLAN port policy, the devices that are specified in VLAN Purple can connect to
only port 1/2 on the VMPS client 198.4.254.22 and the ports that are specified in the port group
Executive Row.
Configuring VMPS
12-5