Catalyst 2948G Switch - Cisco WS-C2950SX-48-SI Configuration Manual

Chapter 12 Configuring Dynamic VLAN Membership with VMPS
• Define the security mode. VMPS can operate in open or secure mode. If you set it to open mode,
VMPS returns an access denied response for an unauthorized MAC address and returns the fallback
VLAN for a MAC address not listed in the VMPS database. In secure mode, VMPS shuts down the
port for a MAC address that is unauthorized or that is not listed in the VMPS database.
(Optional) Define a fallback VLAN. Assign the fallback VLAN if the MAC addresses of the
•
connected host is not defined in the database.
In the example at the end of this section, the VMPS domain name is WBU, the VMPS mode is set
to open, the fallback VLAN is set to the VLAN default, and if the VTP domain name does match
the VMPS domain name, VMPS sends an access denied response message.
Section 2, MAC addresses, lists MAC addresses and authorized VLAN names for each MAC address.
Enter the MAC address of each host and the VLAN name to which each should belong.
•
Use the --NONE-- keyword as the VLAN name to deny the specified host network connectivity.
•
• You can enter up to 21,051 MAC addresses in a VMPS database file for the Catalyst 2948G switch.
In the example at the end of this section, MAC addresses are listed in the MAC table. Notice that
the MAC address fedc.ba98.7654 is set to --NONE--. This setting explicitly denies this MAC
address from accessing the network.
Section 3, Port groups, lists groups of ports on various switches in your network that you want grouped
together. You use these port groups when defining VLAN port policies.
Define a port group name for each port group, and then list all the ports that you want included in
•
the port group.
A port is identified by the IP address of the switch and the module/port number of the port in the
•
form mod_num/port_num. Ranges are not allowed for the port numbers.
Use the all-ports keyword to specify all the ports in the specified switch.
•
The example at the end of this section has two port groups:
–
–
Section 4, VLAN groups, lists groups of VLANs that you want to associate together. You use these
VLAN groups when defining VLAN port policies.
Define the VLAN group name and then list each VLAN name that you want to include in the VLAN
•
group.
You can enter a maximum of 256 VLANs in a VMPS database file for the Catalyst 2948G switch.
•
The example at the end of this section has the VLAN group Engineering, which consists of the
VLANs hardware and software.
Section 5, VLAN port policies, lists the VLAN port policies, which use the port groups and VLAN
groups to further restrict access to the network.
• You can configure a restricted access using MAC addresses and the port groups or VLAN groups.
78-15486-01
WiringCloset1 consists of port 3/2 on the VMPS client 198.92.30.32 and port 2/8 on the VMPS
client 172.20.26.141
Executive Row consists of port 1/2 and 1/3 on the VMPS client 198.4.254.222, and all ports on
the VMPS client 198.4.254.223
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
Configuring VMPS
—
Release 8.1
12-5