VMPS Configuration

With the VLAN Membership Policy Server (VMPS) Configuration page, you can:

Dynamic VLAN membership is a convenient way to dynamically assign end stations to VLANs. Dynamic VLAN assignment is especially useful in administering large networks because you can move a connection from a port on one switch to a port on another switch in the network without reconfiguring the port.

Dynamic-access ports work with the VMPS, which holds a database of MAC-address-to-VLAN mappings. During initialization, the VMPS downloads the configuration information from a TFTP server to build the VLAN database. It can then start accepting requests from VQP clients. For more information about configuring and troubleshooting the Catalyst 5000 switch as the VMPS, see the Catalyst 5000 Series Software Configuration Guide.

Initially, the dynamic-access port does not belong to a VLAN. No traffic is forwarded to or from this port. When the client receives the first packet from a new host on its dynamic-access port, it uses VLAN Query Protocol (VQP) to send the source MAC address to the VMPS. The VMPS provides the VLAN name to which this port must be assigned. The VMPS can also send an access denied or a port shutdown response if the VLAN is illegal on the port.

Caution: Dynamic-access ports are designed to work with end stations. Loss of connectivity can occur if you connect dynamic-access ports to switches or routers.

Note: This switch functions as the VQP client capable of querying a VMPS, such as the Catalyst 5000 switch. Make sure you configure the server before configuring a port as dynamic.

Viewing VMPS Configuration Information

The VMPS Configuration page displays the following read-only information:

Field Description
VLAN Query Protocol Version The VQP client sends only VQP version 1 requests to the VMPS for VLAN assignment.
Current VMPS The address of the VMPS server currently responding to VQP client requests. If no secondary servers are configured, the current VMPS server address and the primary VMPS server address are the same. By default, no primary or secondary servers are configured. If the current server is not the primary server, the switch tries to contact the primary server every 5 minutes. If contact is reestablished, the primary server becomes the current server again.
Primary VMPS The address of the primary VMPS server that responds to VQP client requests. By default, no primary servers are configured.
Reconfirmation Status Queries are periodically sent to reconfirm VLAN membership of addresses already learned on the port. By default, these messages are sent every 60 minutes. The following status messages are valid:
- reconfirm in progress
- reconfirm completed successfully
- reconfirm failed because no VMPS responded
- no VMPS configured
- no dynamic port configured
- no hosts on dynamic port
- no reconfirmation has been done

Configuring the Client for Dynamic VLAN Membership

Before configuring the switch (client) for dynamic VLAN membership, you must first set up the VMPS. For information on setting up and troubleshooting the server, see the Catalyst 5000 Series Software Configuration Guide.

To configure the client for dynamic VLAN membership:

  1. In the New Server field, enter the IP address of the VMPS server to be queried by the client.
    Note: In a cluster configuration in which a member switch does not have an IP address, the VMPS server configured on the member switch is not used. The VMPS server configured on the command switch is used, and VMPS requests are proxied through the command switch. The VMPS treats the cluster as a single switch and uses the IP address of the command switch to respond to requests.
  2. Click <<Add<<.
  3. In the list box, highlight the IP address, and click Primary to make this address the primary address.
    Note: Only one address can be primary.
  4. Enter the secondary VMPS IP addresses that the client queries if no response is received from the primary VMPS.
    Note: You can enter up to three secondary server addresses. Enter each IP address into the New Server field and click <<Add<<.
  5. In the Number of Retries field, enter a number from 1 to 10 (the default is 3) to adjust the number of times the client tries to reach the current server before switching to an alternate.
  6. Click Apply.
  7. Verify that VTP domain name is correctly configured:
    From the menu bar, select VLAN > VTP Management.
    Verify that the domain name is the same as in the VMPS configuration file.
  8. Assign a port as dynamic.
    From the menu bar, select VLAN > VLAN Membership.
    Access help topics from that page.

Note: You can override the first primary server by clicking Primary on an address that is highlighted in the server list box.

You can also remove a VMPS address.

Reconfirming Dynamic VLAN Membership

By default, the client queries the VMPS every 60 minutes to reconfirm all VLAN assignments. You can change the reconfirmation interval or reconfirm the assignments on demand.

To reconfirm dynamic VLAN membership:

  1. In the Reconfirmation Interval field, enter a number from 1 and 120 to adjust the reconfirmation interval, if necessary.
    The default is 60 minutes.
  2. Click Apply.
    The client queries the VMPS at the new confirmation interval and reflects the status in the Reconfirmation Status field.

Note: You can also reconfirm dynamic VLAN membership on demand by clicking Reconfirm Dynamic VLAN Membership. The status is updated in the Reconfirmation Status field.

Removing a VMPS Address

To remove a server from the list of designated VMPS servers:

  1. In the server list box, select an address to highlight it.
  2. Click Remove.

Note: If you delete all servers when dynamic-access ports are present, the switch cannot forward packets from new sources on these ports because it cannot query the VMPS.