Name: Cisco 4500M
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

11-3

Software Configuration Guide—Release 12.2(25)EW

OL-6696-01

Chapter 11 Configuring Dynamic VLAN Membership

Understanding VMPS

• If a VLAN in the database does not match the current VLAN on the port and a fallback VLAN name

is configured, VMPS sends the fallback VLAN name to the client.

• If a VLAN in the database does not match the current VLAN on the port and a fallback VLAN name

is not configured, the host receives an “access denied” response.

Secure mode

If the assigned VLAN is restricted to a group of ports, VMPS verifies the requesting port against this

group:

• If the VLAN is allowed on the port, the VLAN name is returned to the client.

• If the VLAN is not allowed on the port, the port is shut down.

• If a VLAN in the database does not match the current VLAN on the port, the port is shutdown, even

if a fallback VLAN name is configured.

Multiple mode

Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. If the

link goes down on a dynamic port, the port returns to the unassigned state. Any hosts that come online

through the port are checked again with VMPS before the port is assigned to a VLAN.

If multiple hosts connected to a dynamic port belong to different VLANs, the VLAN matching the MAC

address in the last request is returned to the client, provided that multiple mode is configured on the

VMPS server.

Note Although Catalyst 4500 series and Catalyst 6500 series switches running Catalyst operating system

software support VMPS in all three operation modes, the Cisco network management tool URT (User

Registration Tool) supports open mode only.

Fall-back VLAN

You can configure a fallback VLAN name on a VMPS server. If you connect a device with a MAC

address that is not in the database, the VMPS sends the fallback VLAN name to the client. If you do not

configure a fallback VLAN name and the MAC address does not exist in the database, the VMPS sends

an “access-denied” response. If the VMPS is in secure mode, it sends a “port-shutdown” response,

whether or not a fallback VLAN has been configured on the server.

Illegal VMPS client requests

Two examples of illegal VMPS client requests are as follows:

• When a MAC-address mapping is not present in the VMPS database and “no fall back” VLAN is

configured on the VMPS.

• When a port is already assigned a VLAN (and the VMPS mode is not “multiple”) but a second

VMPS client request is received on the VMPS for a different MAC-address.

Cisco 4500M User Manual

Other manuals for Cisco 4500M