Table of Contents
Advertisement
VMPS and Dynamic Port Hardware and Software Requirements
If the assigned VLAN is restricted to a group of ports, VMPS verifies the requesting port against this
group. If the VLAN is allowed on the port, the VLAN name is returned to the client. If the VLAN is not
allowed on the port and VMPS is in open mode, the host receives an "access denied" response. If VMPS
is in secure mode, the port is shut down and you must manually bring the port back up with the set port
command.
If a VLAN in the database does not match the current VLAN on the port and active hosts are on the port,
VMPS sends an access denied or a port shutdown response that is based on the VMPS secure mode.
You can configure a fallback VLAN name. If you connect a device with a MAC address that is not in the
database, VMPS sends the fallback VLAN name to the client. If you do not configure a fallback VLAN
and the MAC address does not exist in the database, VMPS sends an access denied response when VMPS
is in open mode. If VMPS is in secure mode, it sends a port shutdown response.
You can also make an explicit entry in the configuration table to deny access to specific MAC addresses
for security reasons by specifying the --NONE-- keyword for the VLAN name. In this case, VMPS sends
an access denied or port shutdown response.
A dynamic port can belong to only one native VLAN in software releases prior to software
release 6.2(1). With software release 6.2(1), a port can belong to a native VLAN and an auxiliary VLAN.
See the
information.
When the link comes up, a dynamic port is isolated from its static VLAN. The source MAC address from
the first packet of a new host on the dynamic port is sent to the VMPS server, which attempts to match
the MAC address to a VLAN in the VMPS database. If there is a match, VMPS provides the VLAN
number to assign to the port. If there is no match, VMPS either denies the request or shuts down the port
(depending on the VMPS secure mode setting).
You can use up to 50 hosts (MAC addresses) on a dynamic port if they are all authorized for the same
VLAN. Each host that comes online through the port is checked against the VMPS database before the
host is assigned to a VLAN.
If you move a host from one dynamic port to another, the port remains assigned to the VLAN until
another MAC address changes the VLAN. You do not need to do clean up. All clean up is completed by
the VMPS database.
VMPS and Dynamic Port Hardware and Software Requirements
VMPS and dynamic port membership requires these software and hardware versions (later software
versions might be required depending on the specific hardware):
•
•
•
Default VMPS and Dynamic Port Configuration
Table 12-1
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
12-2
"Dynamic Port VLAN Membership with Auxiliary VLANs" section on page 12-14
Software release 5.1 or later releases—The Catalyst 4000 series switches support only VMPS
clients.
Software release 7.2 or later releases—The Catalyst 4000 series and Catalyst 4500 series switches
support both VMPS servers and clients.
VMPS-capable hardware—To determine whether a specific piece of hardware supports dynamic
port VLAN membership, refer to your hardware documentation or use the show port capabilities
command. Dynamic port membership is not supported on Gigabit Ethernet ports.
shows the default VMPS configurations.
Chapter 12
Configuring Dynamic VLAN Membership with VMPS
for more
78-15908-01
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
