•
If the host is not allowed on the port and the VMPS is in open mode, the VMPS sends an access-denied
response.
•
If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a port-shutdown
response.
If the port already has a VLAN assignment, the VMPS provides one of these responses:
•
If the VLAN in the database matches the current VLAN on the port, the VMPS sends an success response,
allowing access to the host.
•
If the VLAN in the database does not match the current VLAN on the port and active hosts exist on the
port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure mode of
the VMPS.
If the switch receives an access-denied response from the VMPS, it continues to block traffic to and from the
host MAC address. The switch continues to monitor the packets directed to the port and sends a query to the
VMPS when it identifies a new host address. If the switch receives a port-shutdown response from the VMPS,
it disables the port. The port must be manually reenabled by using Network Assistant, the CLI, or SNMP.
Related Topics
Configuring Dynamic-Access Ports on VMPS Clients, on page 2156
Example: VMPS Configuration, on page 2162
Dynamic-Access Port VLAN Membership
A dynamic-access port can belong to only one VLAN with an ID from 1 to 4094. When the link comes up,
the switch does not forward traffic to or from this port until the VMPS provides the VLAN assignment. The
VMPS receives the source MAC address from the first packet of a new host connected to the dynamic-access
port and attempts to match the MAC address to a VLAN in the VMPS database.
If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not previously
configured, it uses the domain name from the first VTP packet it receives on its trunk port from the VMPS.
If the client switch was previously configured, it includes its domain name in the query packet to the VMPS
to obtain its VLAN number. The VMPS verifies that the domain name in the packet matches its own domain
name before accepting the request and responds to the client with the assigned VLAN number for the client.
If there is no match, the VMPS either denies the request or shuts down the port (depending on the VMPS
secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic-access port if they are all in the same VLAN;
however, the VMPS shuts down a dynamic-access port if more than 20 hosts are active on the port.
If the link goes down on a dynamic-access port, the port returns to an isolated state and does not belong to a
VLAN. Any hosts that come online through the port are checked again through the VQP with the VMPS
before the port is assigned to a VLAN.
Dynamic-access ports can be used for direct host connections, or they can connect to a network. A maximum
of 20 MAC addresses are allowed per port on the switch. A dynamic-access port can belong to only one VLAN
at a time, but the VLAN can change over time, depending on the MAC addresses seen.
Related Topics
Configuring Dynamic-Access Ports on VMPS Clients, on page 2156
Example: VMPS Configuration, on page 2162
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
2153
Information About VMPS
Содержание Catalyst 2960 Series
Страница 78: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches lxxviii Contents ...
Страница 96: ......
Страница 184: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 102 Additional References ...
Страница 195: ...P A R T II IP Multicast Routing Configuring IGMP Snooping and Multicast VLAN Registration page 115 ...
Страница 196: ......
Страница 250: ......
Страница 292: ......
Страница 488: ......
Страница 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Страница 590: ......
Страница 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Страница 620: ......
Страница 749: ...P A R T VIII Routing Configuring IP Unicast Routing page 669 Configuring IPv6 First Hop Security page 677 ...
Страница 750: ......
Страница 796: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 714 Additional References ...
Страница 856: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 774 Additional References ...
Страница 1400: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1318 Additional References ...
Страница 1546: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1464 Auto Identity ...
Страница 1596: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1514 Additional References ...
Страница 1604: ......
Страница 1740: ......
Страница 1764: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1682 Additional References ...
Страница 1942: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1860 cli_write ...
Страница 1950: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1868 context_save ...
Страница 2058: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1976 event_register_wdsysmon ...
Страница 2076: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 1994 smtp_subst ...
Страница 2090: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 2008 sys_reqinfo_syslog_history ...
Страница 2104: ...Consolidated Platform Configuration Guide Cisco IOS Release 15 2 4 E Catalyst 2960 X Switches 2022 unregister_counter ...
Страница 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Страница 2106: ......
Страница 2118: ......
Страница 2164: ......