The introduction of vlan of a Huawei switch and three VMPS modes. In the explanation of vlan of a Huawei switch, there are three VMPS modes (but User Registration Tool, namely URT, only supports open mode ). How to configure dynamic vlan and VMPS of a CATALYST 4500 series switch? This article takes cisco ios 12.2 (31) SGA as an example.
1. Introduction to VMPS:
VMPS is short for the Huawei vlanMembership Policy Server. as its name implies, it is a centralized management server that dynamically selects vlan of Huawei Switches Based on port MAC addresses. when the host of a port moves to another port, the VMPS dynamically specifies the vlan of the Huawei switch. however, cisco ios-based CATALYST 4500 series switches do not support VMPS.
It can only be used as a vlan Query Protocol client of a Huawei switch. It can communicate with VMPS through a VQP client. if you want a CATALYST 4500 series switch to support VMPS, you should use CatOS (or select the CATALYST 6500 Series Switch hoho ).
VMPS uses UDP ports to listen for requests from VQP clients. Therefore, VPMS clients do not need to know whether the VMPS is in a local network or a remote network. when the VMPS server receives a request from the VMPS client, it searches the local database for the ing entries from the MAC address to the vlan of the Huawei switch.
VMPS will respond to the request. If the specified VLAN is limited to a group of ports, VMPS will verify the port sending the request:
◆ If the vlan of the Huawei switch on the request port is licensed, VMPS sends the VLAN to the customer as a response.
◆ If the vlan of the request port is not licensed and the VMPS is not in the secure mode, the VMPS sends the "access-denied" (access denied) message as a response.
◆ If the vlan of the request port is not permitted, but the VMPS is in safe mode, the VMPS sends the "port-shutdown" message as a response.
However, if the vlan information of the Huawei switch in the database does not match the vlan information of the current Huawei switch on the port, and the port is connected to an active host, the VMPS will send "access-denied ", "fallback VLAN name" (Back VLAN name), "port-shutdown" or "new VLAN name" (new VLAN name) information. the information sent depends on the VMPS Mode settings.
If the switch receives the "access-denied" Message from the VMPS, the switch blocks the traffic from the MAC address or from the port. the switch will continue to monitor the packets destined for this port, and when the switch identifies a new address, it will send query information to VMPS. if the switch receives the "port-shutdown" information from the VMPS, the switch disables the port and must re-enable it through the command line or SNMP.
VMPS has three modes (but User Registration Tool, namely URT, only supports open mode ):
◆ Open mode.
◆ Secure mode.
◆ Multiple mode.
In open mode, when the port does not specify a Huawei switch vlan:
◆ If the MAC address of the port and the VLAN information associated with the port are licensed, the VMPS will return the vlan name of the Huawei switch to the customer.
◆ If the MAC address of the port and its associated VLAN information are not licensed, the VMPS will return the "access-denied" information to the customer.