|
vmps server配置
To use VMPS, you first must create a VMPS database and store it on a TFTP server. The VMPS parser is line based. Start each entry in the file on a new line. The example at the end of this section corresponds to the information described below.
The VMPS database can have up to five sections:
Section 1, Global settings, lists the settings for the VMPS domain name, security mode, fallback VLAN, and the policy for VMPS and VTP domain name mismatches.
Begin the configuration file with the word "VMPS," to prevent other types of configuration files from incorrectly being read by the VMPS server.
Define the VMPS domain. The VMPS domain should correspond to the VTP domain name configured on the switch.
Define the security mode. VMPS can operate in open or secure mode. If you set it to open mode, VMPS returns an access denied response for an unauthorized MAC address and returns the fallback VLAN for a MAC address not listed in the VMPS database. In secure mode, VMPS shuts down the port for a MAC address that is unauthorized or that is not listed in the VMPS database.
(Optional) Define a fallback VLAN. Assign the fallback VLAN is assigned if the MAC addresses of the connected host is not defined in the database.
In the example at the end of this section, the VMPS domain name is WBU, the VMPS mode is set to open, the fallback VLAN is set to the VLAN default, and if the VTP domain name does match the VMPS domain name, then VMPS sends an access denied response message.
Section 2, MAC addresses, lists MAC addresses and authorized VLAN names for each MAC address.
Enter the MAC address of each host and the VLAN name to which each should belong.
Use the --NONE-- keyword as the VLAN name to deny the specified host network connectivity.
You can enter up to 21,051 MAC addresses in a VMPS database file for the Catalyst 2948G switch.
In the example at the end of this section, MAC addresses are listed in the MAC table. Notice that the MAC address fedc.ba98.7654 is set to --NONE--. This setting explicitly denies this MAC address from accessing the network.
Section 3, Port groups, lists groups of ports on various switches in your network that you want grouped together. You use these port groups when defining VLAN port policies.
Define a port group name for each port group; then list all ports you want included in the port group.
A port is identified by the IP address of the switch and the module/port number of the port in the form mod_num/port_num. Ranges are not allowed for the port numbers.
Use the all-ports keyword to specify all the ports in the specified switch.
The example at the end of this section has two port groups:
WiringCloset1 consists of the two ports: port 3/2 on the VMPS client 198.92.30.32 and port 2/8 on the VMPS client 172.20.26.141
Executive Row consists of three ports: port 1/2 and 1/3 on the VMPS client 198.4.254.222, and all ports on the VMPS client 198.4.254.223
Section 4, VLAN groups, lists groups of VLANs you want to associate tog |
