Table of Contents
Advertisement
VMPS and Dynamic Port Hardware and Software Requirements
If the assigned VLAN is restricted to a group of ports, VMPS verifies the requesting port against this
group. If the VLAN is allowed on the port, the VLAN name is returned to the client. If the VLAN is not
allowed on the port and VMPS is not in secure mode, the host receives an "access denied" response. If
VMPS is in secure mode, the port is shut down.
If a VLAN in the database does not match the current VLAN on the port and active hosts are on the port,
VMPS sends an access denied or a port shutdown response based on the VMPS secure mode.
You can configure a fallback VLAN name. If you connect a device with a MAC address that is not in the
database, VMPS sends the fallback VLAN name to the client. If you do not configure a fallback VLAN
and the MAC address does not exist in the database, VMPS sends an access denied response. If VMPS
is in secure mode, it sends a port shutdown response.
You can also make an explicit entry in the configuration table to deny access to specific MAC addresses
for security reasons by specifying a --NONE-- keyword for the VLAN name. In this case, VMPS sends
an access denied or port shutdown response.
A dynamic port can belong to only one native VLAN in software releases prior to software
release 6.2(1). With software release 6.2(1), a port can belong to a native VLAN and an auxiliary VLAN.
See the
details.
When the link comes up, a dynamic port is isolated from its static VLAN. The source MAC address from
the first packet of a new host on the dynamic port is sent to VMPS, which attempts to match the MAC
address to a VLAN in the VMPS database. If there is a match, VMPS provides the VLAN number to
assign to the port. If there is no match, VMPS either denies the request or shuts down the port (depending
on the VMPS secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. If the
link goes down on a dynamic port, the port returns to an isolated state. Any hosts that come online
through the port are checked again with VMPS before the port is assigned to a VLAN.
VMPS and Dynamic Port Hardware and Software Requirements
VMPS and dynamic port membership requires these software and hardware versions (later software
versions might be required depending on the specific hardware):
•
•
Default VMPS and Dynamic Port Configuration
Table 12-1
Table 12-1 Default VMPS Client and Dynamic Port Configuration
Feature
VMPS domain server
VMPS reconfirm interval
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
12-2
"Dynamic Port VLAN Membership with Auxiliary VLANs" section on page 12-10
Supervisor engine software release 5.1 or later—The Catalyst 4000 family switches can function
only as VMPS clients.
VMPS-capable hardware—To determine whether a specific piece of hardware supports dynamic
port VLAN membership, refer to your hardware documentation or use the show port capabilities
command. Dynamic port membership is not supported on Gigabit Ethernet ports.
shows the default VMPS client and dynamic port configuration.
Chapter 12
Configuring Dynamic Port VLAN Membership with VMPS
Default Configuration
None
60 minutes
for complete
78-12647-02
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
