Simple VMPS database configuration

a.manosca · ‎03-02-2004

Just seeking confirmation if the following config will work or not:

Objective(s):

- When a host with MAC address 0000.0000.0001 is connected to port 0/1, 0/2 or 0/3

of Switch_A, it will be assigned to VLAN Group_A_Vlan.

- When a host with MAC address 0000.0000.0002 is connected to port 0/3, 0/4 or 0/5

of Switch_A, it will be assigned to VLAN Group_B_Vlan.

- When a host with MAC address 0000.0000.0001 is connected to port 0/4 of Switch_A,

the port will be inactive.

******************************************************

! --- VMPS Port Policy ---

!

vmps domain <domain-name>

!

vmps fallback <default-vlan>

!

!vmps-mac-addrs

address 0000.0000.0001 vlan-name Group_A_Vlan

address 0000.0000.0002 vlan-name Group_B_Vlan

!

vmps-vlan-group Group_A

vlan-name Group_A_Vlan

!

vmps-port-group Group_A_ports

device 192.168.2.1 port 0/1

device 192.168.2.1 port 0/2

device 192.168.2.1 port 0/3

!

vmps-port-policies vlan-group Group_A

port-group Group_A_ports

!

vmps-vlan-group Group_B

vlan-name Group_B_Vlan

!

vmps-port-group Group_B_ports

device 192.168.2.1 port 0/3

device 192.168.2.1 port 0/4

device 192.168.2.1 port 0/5

!

vmps-port-policies vlan-group Group_B

port-group Group_B_ports

!

******************************************************

I'm confused because of the following statement:

"A dynamic (nontrunking) port on the switch can belong to only one VLAN,

with a VLAN ID from 1 to 1005."

Thanks in advance for any input.

Ariel

c.larsen · ‎03-03-2004

Regarding your comment -

"A dynamic (nontrunking) port on the switch can belong to only one VLAN,

with a VLAN ID from 1 to 1005."

I believe what this is saying is that the port can only belong to 1 VLAN at any given time. It can be configured be in several different VLANs in the VMPS server but the port can only be actively switching packets for 1 VLAN at a time. This is referring to the situation where you may have a Hub hanging off of that port with multiple machines on the Hub. That 1 port will assign all of the machines hanging off the hub to the same VLAN.

I don't think the config you have posted will shut down the port. The machine will be assigned to VLAN 1 which is the default VLAN. If you want the switch to shutdown the port, you have to configure the VMPS server to run in secure mode.

The syntax for that is:

vmps mode secure

a.manosca · ‎03-03-2004

Chad, first of all thanks for your reply. You mentioned:

"The machine will be assigned to VLAN 1 which is the default VLAN."

Are you talking about the host with MAC address "0000.0000.0001"? If yes,

this host should not be assigned to VLAN 1 (or the default VLAN) when connected

to port 0/4. A host should only be assigned to the default VLAN (based on my config)

if the host's MAC address is not defined or present in the VMPS MAC database.

Also, I would not like the port to be shut down when a PC with an unallowed MAC

address is connected. I don't want to manually enable the port once it is shut down

by the switch. Thus leaving the default vmps mode to "open". And I was thinking

what would be the exact port status in the switch. (status = disabled ??)

So basically, I'd like to know if I need to change any part of the VMPS database

config to achieve the objectives I've mentioned.

Thanks again.