10-20
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter10 Understanding and Configuring VLANs, VTP, andVMPS
VLAN Membership Policy Server

Illegal VMPS Client Requests

Two examples of illegal VMPS client requests are as follows:
When a MAC-address mapping is not present in the VMPS database and “no fall back” VLAN is
configured on the VMPS.
When a port is already assigned a VLAN (and the VMPS mode is not “multiple”) but a second
VMPS client request is received on the VMPS for a different MAC-address.
Overview of VMPS Clients
The following subsections describe how to configure a switch as a VMPS client and configure its ports
for dynamic VLAN membership.
The following topics are included:
Understanding Dynamic VLAN Membership, page 10-20
Default VMPS Client Configuration, page 10-21
Configuring a Switch as a VMPS Client, page 10-21
Administering and Monitoring the VMPS, page 10-24
Troubleshooting Dynamic Port VLAN Membership, page 10-25

Understanding Dynamic VLAN Membership

When a port is configured as “dynamic,” it receives VLAN information based on the MAC-address that
is on the port. The VLAN is not statically assigned to the port; it is dynamically acquired from the VMPS
based on the MAC-address on the port.
A dynamic port can belong to one VLAN only. When the link becomes active, the swit ch does not
forward traffic to or from this port until the port is assigned to a VLAN. The source MAC address from
the first packet of a new host on the dynamic port is sent to the VMPS as part of the VQP request, which
attempts to match the MAC address to a VLAN in the VMPS database. If there is a match, the VMPS
sends the VLAN number for that port. If there is no match, the VMPS either denies the request or shuts
down the port (depending on the VMPS security mode setting). See the “Overview of VMPS” section
on page 10-17 for a complete description of possible VMPS responses.
Multiple hosts (MAC addresses) can be active on a dynamic port if all are in the same VLAN. If the link
goes down on a dynamic port, the port returns to the unassigned st ate and does not belong to a VLAN.
Any hosts that come online through the port are checked again with the VMPS before the port is assigned
to a VLAN.
For this behavior to work, the client device must be able to reach the VMPS. A VMPS client sends VQP
requests as UDP packets, trying a certain number of times before giving up. For de tails on how to set the
retry interval, refer to section “Configuring the Retry Interval” on page 24.
The VMPS client also periodically reconfirms the VLAN membership. For details on how to set the
reconfirm frequency, refer to section “Administering and Monitoring the VMPS” on page 24.
A maximum of 50 hosts are supported on a given port at any given time. Once this m aximum is exceeded,
the port is shut down, irrespective of the operating mode of the VMPS server.
Note The VMPS shuts down a dynamic port if more than 50 hosts are a ctive on that port.