Cisco Systems 3130 User Manual
12-29
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 12 Configuring VLANs
Configuring VMPS
If the port is currently unassigned (that is, it does not yet have a VLAN assignment), the VMPS provides
one of these responses:
one of these responses:
•
If the host is allowed on the port, the VMPS sends the client a vlan-assignment response containing
the assigned VLAN name and allowing access to the host.
the assigned VLAN name and allowing access to the host.
•
If the host is not allowed on the port and the VMPS is in open mode, the VMPS sends an
access-denied response.
access-denied response.
•
If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a
port-shutdown response.
port-shutdown response.
If the port already has a VLAN assignment, the VMPS provides one of these responses:
•
If the VLAN in the database matches the current VLAN on the port, the VMPS sends an success
response, allowing access to the host.
response, allowing access to the host.
•
If the VLAN in the database does not match the current VLAN on the port and active hosts exist on
the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure
mode of the VMPS.
the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure
mode of the VMPS.
If the switch receives an access-denied response from the VMPS, it continues to block traffic to and from
the host MAC address. The switch continues to monitor the packets directed to the port and sends a query
to the VMPS when it identifies a new host address. If the switch receives a port-shutdown response from
the VMPS, it disables the port. The port must be manually re-enabled by using Network Assistant, the
CLI, or SNMP.
the host MAC address. The switch continues to monitor the packets directed to the port and sends a query
to the VMPS when it identifies a new host address. If the switch receives a port-shutdown response from
the VMPS, it disables the port. The port must be manually re-enabled by using Network Assistant, the
CLI, or SNMP.
Dynamic-Access Port VLAN Membership
A dynamic-access port can belong to only one VLAN with an ID from 1 to 4094. When the link comes
up, the switch does not forward traffic to or from this port until the VMPS provides the VLAN
assignment. The VMPS receives the source MAC address from the first packet of a new host connected
to the dynamic-access port and attempts to match the MAC address to a VLAN in the VMPS database.
up, the switch does not forward traffic to or from this port until the VMPS provides the VLAN
assignment. The VMPS receives the source MAC address from the first packet of a new host connected
to the dynamic-access port and attempts to match the MAC address to a VLAN in the VMPS database.
If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not
previously configured, it uses the domain name from the first VTP packet it receives on its trunk port
from the VMPS. If the client switch was previously configured, it includes its domain name in the query
packet to the VMPS to obtain its VLAN number. The VMPS verifies that the domain name in the packet
matches its own domain name before accepting the request and responds to the client with the assigned
VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the
port (depending on the VMPS secure mode setting).
previously configured, it uses the domain name from the first VTP packet it receives on its trunk port
from the VMPS. If the client switch was previously configured, it includes its domain name in the query
packet to the VMPS to obtain its VLAN number. The VMPS verifies that the domain name in the packet
matches its own domain name before accepting the request and responds to the client with the assigned
VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the
port (depending on the VMPS secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic-access port if they are all in the same
VLAN; however, the VMPS shuts down a dynamic-access port if more than 20 hosts are active on the
port.
VLAN; however, the VMPS shuts down a dynamic-access port if more than 20 hosts are active on the
port.
If the link goes down on a dynamic-access port, the port returns to an isolated state and does not belong
to a VLAN. Any hosts that come online through the port are checked again through the VQP with the
VMPS before the port is assigned to a VLAN.
to a VLAN. Any hosts that come online through the port are checked again through the VQP with the
VMPS before the port is assigned to a VLAN.
Dynamic-access ports can be used for direct host connections, or they can connect to a network. A
maximum of 20 MAC addresses are allowed per port on the switch. A dynamic-access port can belong
to only one VLAN at a time, but the VLAN can change over time, depending on the MAC addresses seen.
maximum of 20 MAC addresses are allowed per port on the switch. A dynamic-access port can belong
to only one VLAN at a time, but the VLAN can change over time, depending on the MAC addresses seen.