1

I am trying to design a topology in which I need to use VMPS and unfortunately the resources are rather few on the internet.

Based on this Configuration document

VMPS

I have created a sample configuration document. However I see in it a particular command, viz

download vmps

Which I believe creates a copy of the VMPS database from the TFTP server to the NVRAM.

Now my question is: Are any of my assumptions above true? Is that the method to create a more permanent copy of the VMPS database into the NVRAM ? Is there any way for the VMPS database to be edited and management from the Catalyst switch itself or does it always have to be updated via the TFTP Server?

Finally does anyone have any authoritative document or tech notes for the VMPS? I have not seen this particular technology in the syllabi of either CCNA, CCNP or even CCIE.

Thanks

gokul varma nk
  • 67
  • 2
  • 15
  • what do you want achieve? Is the technology you can use set in stone? – cstamas Sep 16 '11 at 22:10
  • Nothing set in stone, just that this is the only pure switching technology I could find. I am open to other alternatives to achieve the dynamic assignment of Vlans based on MAC Address. – gokul varma nk Sep 17 '11 at 01:38

2 Answers2

1

VMPS is deprecated now so I would advise against using it. The mac authentication bypass feature of 802.1X is what you really ought to be using for this type of application. This does require you to have a radius or tacacs server though.

Cisco MAC authentication bypass

There's some discussion on how to implement this in a Microsoft environment here

To directly answer your questions - If I recall correctly the database is loaded into memory, not nvram so if switch is reloaded the database needs downloading again. The VPMS database can only be updated via the tftp server.

I think the configuration guide you already have might be as good as the documentation gets but this might be of some use to you if you haven't come across it already. The Cisco support forums usualy have a lot of useful information buried in them.

paulos
  • 1,694
  • 9
  • 12
0

I found a better alternative to both VMPS and other Server based authentication based Vlan assignment. I found out that it can be done per switch using macros.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/swmacro.html#wp1238054

Using that I have created sample configurations like this:

configure terminal
    macro auto mac-address-group ServerVlan
        oui list 001222 
        exit
    macro auto execute ServerVlan {
    macro auto execute MP_EVENT { 
        if [[ $LINKUP -eq YES ]]; then 
            conf t 
            interface $INTERFACE 
            macro description $TRIGGER 
            switchport access vlan 2 
            switchport mode access 
            switchport port-security 
            switchport port-security maximum 1 
            switchport port-security violation restrict 
            switchport port-security aging time 2 
            switchport port-security aging type inactivity 
            spanning-tree portfast 
            spanning-tree bpduguard enable 
            exit 
        fi
        }

Hopefully this would work.

gokul varma nk
  • 67
  • 2
  • 15