EasyManua.ls Logo

Cisco Catalyst 4500 Series - Security Modes for VMPS Server

Cisco Catalyst 4500 Series
1610 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-22
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 15 Configuring VLANs, VTP, and VMPS
VLAN Membership Policy Server
Security Modes for VMPS Server
VMPS operates in three different modes. The way a VMPS server responds to illegal requests depends
on the mode in which the VMPS is configured:
Open Mode, page 15-22
Secure Mode, page 15-22
Multiple Mode, page 15-22
Open Mode
If no VLAN is assigned to this port, VMPS verifies the requesting MAC address against this port:
If the VLAN associated with this MAC address is allowed on the port, the VLAN name is returned
to the client.
If the VLAN associated with this MAC address is not allowed on the port, the host receives an
“access denied” response.
If a VLAN is already assigned to this port, VMPS verifies the requesting MAC address against this port:
If the VLAN associated with this MAC address in the database does not match the current VLAN
assigned on the port, and a fallback VLAN name is configured, VMPS sends the fallback VLAN
name to the client.
If a VLAN associated with this MAC address in the database does not match the current VLAN
assigned on the port, and a fallback VLAN name is not configured, the host receives an “access
denied” response.
Secure Mode
If no VLAN is assigned to this port, VMPS verifies the requesting MAC address against this port:
If the VLAN associated with this MAC address is allowed on the port, the VLAN name is returned
to the client.
If the VLAN associated with this MAC address is not allowed on the port, the port is shut down.
If a VLAN is already assigned to this port, VMPS verifies the requesting MAC address against this port:
If a VLAN associated with this MAC address in the database does not match the current VLAN
assigned on the port, the port is shutdown, even if a fallback VLAN name is configured.
Multiple Mode
Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. If the
link fails on a dynamic port, the port returns to the unassigned state. Any hosts that come online through
the port are checked again with VMPS before the port is assigned to a VLAN.
If multiple hosts connected to a dynamic port belong to different VLANs, the VLAN matching the MAC
address in the last request is returned to the client provided that multiple mode is configured on the
VMPS server.
Note Although Catalyst 4500 series and Catalyst 6500 series switches running Catalyst operating system
software support VMPS in all three operation modes, the User Registration Tool (URT) supports open
mode only.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals