11-23
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter11 Configuring VLANs Configuring VMPS
Configuring VMPS
The VLAN Query Protocol (VQP) supports dynamic-access ports, whi ch are not permanently assigned
to a VLAN, but give VLAN assignments based on the MAC source addresses seen on the port.
Note Because only UNIs can be configured as dynamic-access ports, only UNIs take part in VQP.
Each time an unknown MAC address is seen, the sw itch sends a VQP query to a remote VMPS; th e query
includes the newly seen MAC address and the port on which it was seen. The VMPS responds with a
VLAN assignment for the port. The switch cannot be a VMPS serv er b ut can act as a clien t to the VM PS
and communicate with it through VQP.
These sections contain this information:
“Understanding VMPS” section on page 11-23
“Default VMPS Client Configuration” section on page11-24
“VMPS Configuration Guidelines” section on page 11-25
“Configuring the VMPS Client” section on page 11-25
“Monitoring the VMPS” section on page 11-27
“Troubleshooting Dynamic-Access Port VLAN Membership” section on page 11-28
“VMPS Configuration Example” section on page 11-28

Understanding VMPS

Each time the client switch receives the MAC address of a new host, it sends a VQP query to the VMPS.
When the VMPS receives this query, it searches its database for a MA C-ad dress-to-VLAN mappin g. The
server response is based on this mapping and whether or not t he s er ver is in o pen o r sec ur e mod e. In
secure mode, the server shuts down the port when an illegal host is detected. In open mode, the server
simply denies the host access to the port.
If the port is currently unassigned (that is, it does not yet have a VLAN assignment), the VMPS provides
one of these responses:
If the host is allowed on the port, the VMPS sends the client a vlan-assignment response containing
the assigned VLAN name and allowing access to the host.
If the host is not allowed on the port and the VMPS is in open mode , the VM PS sends a n
access-denied response.
If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a
port-shutdown response.
If the port already has a VLAN assignment, the VMPS provides one of these responses:
If the VLAN in the database matches the current VLAN on the port, the VMPS sends an success
response, allowing access to the host.
If the VLAN in the database does not match the current VLAN on the p ort and active hosts exist on
the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure
mode of the VMPS.