How the VMPS Works
Command
Step 11
spanning-tree vlan 3 cost 30
Step 12
spanning-tree vlan 4 cost 30
Step 13
end
Step 14
Step 15
exit
Step 16
show running-config
How the VMPS Works
A switch running this software release acts as a client to the VLAN Membership Policy Server (VMPS)
and communicates with it through the VLAN Query Protocol (VQP). When the VMPS receives a VQP
request from a client switch, it searches its database for a MAC-address-to-VLAN mapping. The server
response is based on this mapping and whether or not the server is in secure mode. Secure mode
determines whether the server shuts down the port when a VLAN is not allowed on it or just denies the
port access to the VLAN.
In response to a request, the VMPS takes one of these actions:
•
•
If the switch receives an access-denied response from the VMPS, it continues to block traffic from the
MAC address to or from the port. The switch continues to monitor the packets directed to the port and
sends a query to the VMPS when it identifies a new address. If the switch receives a port-shutdown
response from the VMPS, it disables the port. The port must be manually reenabled by using the CLI,
Cluster Management Suite, or SNMP.
You can also use an explicit entry in the configuration table to deny access to specific MAC addresses
for security reasons. If you enter the none keyword for the VLAN name, the VMPS sends an
access-denied or port-shutdown response.
Catalyst 2950 Desktop Switch Software Configuration Guide
8-28
If the assigned VLAN is restricted to a group of ports, the VMPS verifies the requesting port against
this group and responds as follows:
–
If the VLAN is allowed on the port, the VMPS sends the VLAN name to the client in response.
If the VLAN is not allowed on the port, and the VMPS is not in secure mode, the VMPS sends
–
an access-denied response.
If the VLAN is not allowed on the port, and the VMPS is in secure mode, the VMPS sends a
–
port-shutdown response.
If the VLAN in the database does not match the current VLAN on the port and active hosts exist on
the port, the VMPS sends an access-denied or a port-shutdown response, depending on the secure
mode of the VMPS.
Purpose
Set the spanning-tree path cost to 30 for VLAN 3.
Set the spanning-tree path cost to 30 for VLAN 4.
Return to global configuration mode.
Repeat Steps 9 through 11 on Switch 1 interface fastethernet 0/2,
and set the spanning-tree path cost to 30 for VLANs 8, 9, and 10.
Return to privileged EXEC mode.
Verify your entries.
In the display, verify that the path costs are set correctly for
interfaces fastethernet 0/1 and fastethernet 0/2.
Chapter 8
Configuring VLANs
78-11380-03