Introduction to catalyst vmps: full access to VMPS Technology

Source: Internet
Author: User

Introduction to catalyst vmps: This article introduces VMPS Technology in three modes: VLAN unspecified on the port and VLAN already specified on the port. How can I configure dynamic VLANs and VMPS for CATALYST 4500 series switches? This article takes cisco ios 12.2 (31) SGA as an example.

VMPS introduction:

VMPS introduces the abbreviation of VLAN Membership Policy Server. as the name suggests, it is a centralized management server that dynamically selects VLANs Based on port MAC addresses. when the host of a port moves to another port, the VMPS dynamically specifies a VLAN for the host. however, cisco ios-based CATALYST 4500 series switches do not support VMPS.

It can only be used as a VLAN Query Protocol client. It can communicate with VMPS through VQP clients. if you want a CATALYST 4500 series switch to support VMPS, you should use CatOS (or select the CATALYST 6500 Series Switch hoho ).

VMPS introduces using UDP ports to listen for requests from VQP clients. Therefore, VPMS clients do not need to know whether the VMPS is in a local network or a remote network. when the VMPS server receives a request from the VMPS client, it searches the local database for the ing information from the MAC address to the VLAN.

VMPS will respond to the request. If the specified VLAN is limited to a group of ports, VMPS will verify the port sending the request:

◆ If the vlan of the request port is licensed, VMPS sends the VLAN to the customer as a response.

◆ If the vlan of the request port is not licensed and the VMPS is not in the secure mode, the VMPS sends the "access-denied" (access denied) message as a response.

◆ If the vlan of the request port is not permitted, but the VMPS is in safe mode, the VMPS sends the "port-shutdown" message as a response.

However, if the VLAN information in the database does not match the current VLAN information of the port, and the port is connected to an active host, the VMPS sends "access-denied ", "fallback VLAN name" (Back VLAN name), "port-shutdown" or "new VLAN name" (new VLAN name) information. the information sent depends on the VMPS Mode settings.

If the switch receives the "access-denied" Message from the VMPS, the switch blocks the traffic from the MAC address or from the port. the switch will continue to monitor the packets destined for this port, and when the switch identifies a new address, it will send query information to VMPS. if the switch receives the "port-shutdown" information from the VMPS, the switch disables the port and must re-enable it through the command line or SNMP.

VMPS introduces three modes (but User Registration Tool (URT) only supports open mode ):
◆ Open mode.
◆ Secure mode.
◆ Multiple mode.
◆ Open mode:

When no VLAN is specified on the Port:

◆ If the MAC address of the port is licensed with the VLAN information associated with it, VMPS returns the VLAN name to the customer.

◆ If the MAC address of the port and its associated VLAN information are not licensed, the VMPS will return the "access-denied" information to the customer.

When the port already specifies a VLAN:

◆ If the information associated with the database VLAN and MAC address does not match the current VLAN association information of the port, and the configured VLAN name is fallback, then, VMPS returns the fallback VLAN name to the client.

◆ If the information associated with the database VLAN and MAC address does not match the current VLAN association information of the port, the fallback VLAN name is not configured, then, VMPS returns the "access-denied" information to the client.

In secure mode, when no VLAN is specified for the Port:

◆ If the MAC address of the port is licensed with the VLAN information associated with it, VMPS returns the VLAN name to the customer.

◆ If the MAC address of the port and its associated VLAN information are not permitted, the port will be disabled.

When the port already specifies a VLAN:

If the information associated with the database VLAN and MAC address does not match the current VLAN association information of the port, the port will be closed even if the fallback VLAN name is configured.

Multiple mode:

When multiple MAC addresses (hosts) are in the same VLAN, multiple MAC addresses can correspond to one dynamic port. if the link of the dynamic port is down, the port will be restored to the unspecified state, and before the specified VLAN, VMPS will re-check these addresses; if these hosts are located in different VLANs, VMPS returns the latest MAC address to VLAN ing information to the customer. you can also specify the fallback VLAN name on the VMPS. if no VLAN is specified for this port, VMPS compares the port with the MAC address of the request:

◆ If the MAC address of the host does not exist in the database and the VMPS has a specified fallback VLAN name, the fallback VLAN name information will be returned to the client.

◆ If the MAC address of the host does not exist in the database but the fallback VLAN name is not specified on VMPS, the "access-denied" information will be returned to the client.

If any VLAN has been specified for this port, VMPS compares the port with the MAC address that initiates the request: no matter whether the VMPS has configured the fallback VLAN name, as long as the VMPS is in secure mode, then it will feed back the "port-shutdown" information to the client. in some cases, we may also see invalid VMPS client requests:

◆ When the fallback VLAN name is not configured on the VMPS, and the database does not have the corresponding MAC address-to-VLAN ing information.

◆ When the port has been specified with a VLAN and the VMPS is not in the multiple mode, but the VMPS receives the VMPS client request information for the second different MAC address.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.