Default Vmps And Dynamic Port Configuration - Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual

Default VMPS and Dynamic Port Configuration

If the assigned VLAN is restricted to a group of ports, VMPS verifies the requesting port against this
group. If the VLAN is allowed on the port, the VLAN name is returned to the client. If the VLAN is not
allowed on the port and VMPS is not in secure mode, the host receives an "access denied" response. If
VMPS is in secure mode, the port is shut down.
If a VLAN in the database does not match the current VLAN on the port and active hosts are on the port,
VMPS sends an access denied or a port shutdown response based on the VMPS secure mode.
You can configure a fallback VLAN name. If you connect a device with a MAC address that is not in
the database, VMPS sends the fallback VLAN name to the client. If you do not configure a fallback
VLAN and the MAC address does not exist in the database, VMPS sends an access denied response. If
VMPS is in secure mode, it sends a port shutdown response.
You can also make an explicit entry in the configuration table to deny access to specific MAC addresses
for security reasons by specifying a --NONE-- keyword for the VLAN name. In this case, VMPS sends
an access denied or port shutdown response.
A dynamic port can belong to only one native VLAN in software releases prior to release 6.2(1)—with
software release 6.2(1), a port can belong to a native VLAN and an auxiliary VLAN. See the
Port VLAN Membership with Auxiliary VLANs" section on page 18-12
When the link comes up, a dynamic port is isolated from its static VLAN. The source MAC address from
the first packet of a new host on the dynamic port is sent to VMPS, which attempts to match the MAC
address to a VLAN in the VMPS database. If there is a match, VMPS provides the VLAN number to
assign to the port. If there is no match, VMPS either denies the request or shuts down the port (depending
on the VMPS secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. If
the link goes down on a dynamic port, the port returns to an isolated state. Any hosts that come online
through the port are checked again with VMPS before the port is assigned to a VLAN.
Default VMPS and Dynamic Port Configuration
Table 18-1
Table 18-1 Default VMPS and Dynamic Port Configuration
Feature
VMPS server
VMPS enable state
VMPS management domain
VMPS TFTP server
VMPS database configuration
filename
VMPS fallback VLAN
VMPS secure mode
VMPS no domain requests
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
18-2
shows the default VMPS and dynamic port configuration.
Default Configuration
Disabled
Null
None
vmps-config-database.1
Null
Open
Allow
Chapter 18 Configuring Dynamic Port VLAN Membership with VMPS
"Dynamic
for complete details.
78-13315-02