8-28
Catalyst 2950 Desktop Switch Software Configuration Guide
78-11380-03
Chapter8 Configuring VLANs
How the VMPS Works
How the VMPS Works
A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS)
and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP
request from a client switch, it searches its database for a MAC-address-to-VLAN mapping. The server
response is based on this mapping and whether or not the server is in secure mode. Secure mode
determines whether the server shuts down the port when a VLAN is not allowed on it or just denies the
port access to the VLAN.
In response to a request, the VMPS takes one of these actions:
• If the assigned VLAN is restricted to a group of ports, the VMPS verifies the requesting port against
this group and responds as follows:
–
If the VLAN is allowed on the port, the VMPS sends the VLAN name to the client in response.
–
If the VLAN is not allowed on the port, and the VMPS is not in secure mode, the VMPS sends
an access-denied response.
–
If the VLAN is not allowed on the port, and the VMPS is in secure mode, the VMPS sends a
port-shutdown response.
• If the VLAN in the database does not match the current VLAN on the port and active hosts exist on
the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure
mode of the VMPS.
If the switch receives an access-denied response from the VMPS, it continues to block traffic from the
MAC address to or from the port. The switch continues to monitor the packets directed to the port and
sends a query to the VMPS when it identifies a new address. If the switch receives a port-shutdown
response from the VMPS, it disables the port. The port must be manually reenabled by using the CLI,
Cluster Management Suite, or SNMP.
You can also use an explicit entry in the configuration table to deny access to specific MAC addresses
for security reasons. If you enter the none keyword for the VLAN name, the VMPS sends an
access-denied or port-shutdown response.
Step 11
spanning-tree vlan 3 cost 30 Setthespanning-treepathcostto30forVLAN3.
Step 12
spanning-tree vlan 4 cost 30 Setthespanning-treepathcostto30forVLAN4.
Step 13
end Return to global configuration mode.
Step 14
RepeatSteps9through11onSwitch1interfacefastethernet0/2,
and set the spanning-tree path cost to 30 for VLANs 8, 9, and 10.
Step 15
exit Return to privileged EXEC mode.
Step 16
show running-config Verify your entries.
In the display, verify that the path costs are set correctly for
interfaces fastethernet 0/1 and fastethernet 0/2.
Command Purpose
To Next Page
Loading...
Need help?
General
