11-24
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter11 Configuring VLANs
Configuring VMPS
If the switch receives an access-denied response from the VMPS, it continues to block traffic to and from
the host MAC address. The switch continues to monitor the packets directed to the port and sends a query
to the VMPS when it identifies a new host address. If the switch recei ves a port-shutdown response from
the VMPS, it disables the port. The port must be manually re-enabled by using the CLI or SNMP.

Dynamic-Access Port VLAN Membership

A dynamic-access port can belong to only one VLAN with an ID from 1 to 4094. When the link comes
up, the switch does not forward traffic to or from this port until the VMPS provides the VLAN
assignment. The VMPS receives the source MAC address from the first packet of a new host connected
to the dynamic-access port and attempts to match the MAC address to a VLAN in the VMPS database.
Note Only UNIs can be dynamic-access ports.
If there is a match, the VMPS sends the VLAN number for that port. If the client switch was not
previously configured, it uses the domain name from the first VTP packet it receives on its trunk port
from the VMPS. If the client switch was previously configured, it includes its d omain name i n the query
packet to the VMPS to obtain its VLAN number. The VMPS v eri f ies t ha t the do main n ame i n the pa cke t
matches its own domain name before accepting the request and responds to the client with the as signed
VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the
port (depending on the VMPS secure mode setting).
Multiple hosts (MAC addresses) can be active on a dynamic-access port if they are all in the same
VLAN; however, the VMPS shuts down a dynamic-access port if more than 20 hosts are active on the
port.
If the link goes down on a dynamic-access port, the port returns to an isolate d state and does not belong
to a VLAN. Any hosts that come online through the port are checked again through the VQP with the
VMPS before the port is assigned to a VLAN.
Dynamic-access ports can be used for direct host connections, or they can connect to a network. A
maximum of 20 MAC addresses are allowed per port on the switch. A dynamic-acc ess por t c an bel ong
to only one VLAN at a time, but the VLAN can change over time, depending on th e MAC addresses seen.
Default VMPS Client Configuration
Table11-6 shows the de fault V MPS a nd dyna mic- a cces s po rt co nfigurat ion on clie nt sw it ches .
Table11-6 Default VMPS Client and Dynamic-Access Port Configuration
Feature Default Setting
VMPS domain server None
VMPS reconfirm interval 60 minutes
VMPS server retry count 3
Dynamic-access ports None configured