Restrictions For Vmps - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Restrictions for VMPS
The VTP management domain of the VMPS client and the VMPS server must be the same.
Restrictions for VMPS
The following are restrictions for configuring VMPS:
• IEEE 802.1x ports cannot be configured as dynamic-access ports. If you try to enable IEEE 802.1x on
• Trunk ports cannot be dynamic-access ports, but you can enter the switchport access vlan dynamic
• Dynamic-access ports cannot be monitor ports.
• Secure ports cannot be dynamic-access ports. You must disable port security on a port before it becomes
• Dynamic-access ports cannot be members of an EtherChannel group.
• Port channels cannot be configured as dynamic-access ports.
• The VLAN configured on the VMPS server should not be a voice VLAN.
• 1K VLAN is supported only on switches running the LAN Base image with the lanbase-default template
Information About VMPS
Dynamic VLAN Assignments
The VLAN Query Protocol (VQP) is used to support dynamic-access ports, which are not permanently assigned
to a VLAN, but give VLAN assignments based on the MAC source addresses seen on the port. Each time an
unknown MAC address is seen, the switch sends a VQP query to a remote VLAN Membership Policy Server
(VMPS); the query includes the newly seen MAC address and the port on which it was seen. The VMPS
responds with a VLAN assignment for the port. The switch cannot be a VMPS server but can act as a client
to the VMPS and communicate with it through VQP.
Each time the client switch receives the MAC address of a new host, it sends a VQP query to the VMPS.
When the VMPS receives this query, it searches its database for a MAC-address-to-VLAN mapping. The
server response is based on this mapping and whether or not the server is in open or secure mode. In secure
mode, the server shuts down the port when an illegal host is detected. In open mode, the server denies the
host access to the port.
If the port is currently unassigned (that is, it does not yet have a VLAN assignment), the VMPS provides one
of these responses:
• If the host is allowed on the port, the VMPS sends the client a vlan-assignment response containing the
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
2152
a dynamic-access (VQP) port, an error message appears, and IEEE 802.1x is not enabled. If you try to
change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the
VLAN configuration is not changed.
interface configuration command for a trunk port. In this case, the switch retains the setting and applies
it if the port is later configured as an access port. You must turn off trunking on the port before the
dynamic-access setting takes effect.
dynamic.
set.
assigned VLAN name and allowing access to the host.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
