Cisco Systems WSC2960XR48FPSI Manual De Usuario
Restrictions for VMPS
• IEEE 802.1x ports cannot be configured as dynamic-access ports. If you try to enable IEEE 802.1x on
a dynamic-access (VQP) port, an error message appears, and IEEE 802.1x is not enabled. If you try to
change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the
VLAN configuration is not changed.
change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the
VLAN configuration is not changed.
• Trunk ports cannot be dynamic-access ports, but you can enter the switchport access vlan dynamic
interface configuration command for a trunk port. In this case, the switch retains the setting and applies
it if the port is later configured as an access port.
it if the port is later configured as an access port.
You must turn off trunking on the port before the dynamic-access setting takes effect.
• Dynamic-access ports cannot be monitor ports.
• Secure ports cannot be dynamic-access ports. You must disable port security on a port before it becomes
dynamic.
• Private VLAN ports cannot be dynamic-access ports.
• Dynamic-access ports cannot be members of an EtherChannel group.
• Port channels cannot be configured as dynamic-access ports.
• A dynamic-access port can participate in fallback bridging.
• The VTP management domain of the VMPS client and the VMPS server must be the same.
• The VLAN configured on the VMPS server should not be a voice VLAN.
Information About VMPS
Dynamic VLAN Assignments
The VLAN Query Protocol (VQP) is used to support dynamic-access ports, which are not permanently assigned
to a VLAN, but give VLAN assignments based on the MAC source addresses seen on the port. Each time an
unknown MAC address is seen, the switch sends a VQP query to a remote VLAN Membership Policy Server
(VMPS); the query includes the newly seen MAC address and the port on which it was seen. The VMPS
responds with a VLAN assignment for the port. The switch cannot be a VMPS server but can act as a client
to the VMPS and communicate with it through VQP.
to a VLAN, but give VLAN assignments based on the MAC source addresses seen on the port. Each time an
unknown MAC address is seen, the switch sends a VQP query to a remote VLAN Membership Policy Server
(VMPS); the query includes the newly seen MAC address and the port on which it was seen. The VMPS
responds with a VLAN assignment for the port. The switch cannot be a VMPS server but can act as a client
to the VMPS and communicate with it through VQP.
Each time the client switch receives the MAC address of a new host, it sends a VQP query to the VMPS.
When the VMPS receives this query, it searches its database for a MAC-address-to-VLAN mapping. The
server response is based on this mapping and whether or not the server is in open or secure mode. In secure
mode, the server shuts down the port when an illegal host is detected. In open mode, the server denies the
host access to the port.
When the VMPS receives this query, it searches its database for a MAC-address-to-VLAN mapping. The
server response is based on this mapping and whether or not the server is in open or secure mode. In secure
mode, the server shuts down the port when an illegal host is detected. In open mode, the server denies the
host access to the port.
If the port is currently unassigned (that is, it does not yet have a VLAN assignment), the VMPS provides one
of these responses:
of these responses:
• If the host is allowed on the port, the VMPS sends the client a vlan-assignment response containing the
assigned VLAN name and allowing access to the host.
Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1
108
OL-29440-01
Configuring VMPS
Restrictions for VMPS