283
Configuring VLANs
VLANs
If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not previously configured, it
uses the domain name from the first VTP packet it receives on its trunk port from the VMPS. If the client switch was
previously configured, it includes its domain name in the query packet to the VMPS to obtain its VLAN number. The VMPS
verifies that the domain name in the packet matches its own domain name before accepting the request and responds
to the client with the assigned VLAN number for the client. If there is no match, the VMPS either denies the request or
shuts down the port (depending on the VMPS secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic-access port if they are all in the same VLAN; however, the
VMPS shuts down a dynamic-access port if more than 20 hosts are active on the port.
If the link goes down on a dynamic-access port, the port returns to an isolated state and does not belong to a VLAN. Any
hosts that come online through the port are checked again through the VQP with the VMPS before the port is assigned
to a VLAN.
Dynamic-access ports can be used for direct host connections, or they can connect to a network. A maximum of 20 MAC
addresses are allowed per port on the switch. A dynamic-access port can belong to only one VLAN at a time, but the
VLAN can change over time, depending on the MAC addresses seen.
Default VMPS Client Settings
VMPS Configuration Guidelines
These guidelines and restrictions apply to dynamic-access port VLAN membership:
You should configure the VMPS before you configure ports as dynamic-access ports.
When you configure a port as a dynamic-access port, the spanning-tree Port Fast feature is automatically enabled
for that port. The Port Fast mode accelerates the process of bringing the port into the forwarding state.
IEEE 802.1x ports cannot be configured as dynamic-access ports. If you try to enable IEEE 802.1x on a
dynamic-access (VQP) port, an error message appears, and IEEE 802.1x is not enabled. If you try to change an IEEE
802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not
changed.
Trunk ports cannot be dynamic-access ports, but you can enter the switchport access vlan dynamic interface
configuration command for a trunk port. In this case, the switch retains the setting and applies it if the port is later
configured as an access port.
You must turn off trunking on the port before the dynamic-access setting takes effect.
Dynamic-access ports cannot be monitor ports.
Secure ports cannot be dynamic-access ports. You must disable port security on a port before it becomes dynamic.
Private VLAN ports cannot be dynamic-access ports.
Dynamic-access ports cannot be members of an EtherChannel group.
Port channels cannot be configured as dynamic-access ports.
Feature Default Setting
VMPS domain server None
VMPS reconfirm interval 60 minutes
VMPS server retry count 3
Dynamic-access ports None configured
To Next Page
Loading...
Need help?
General