/ Centos / cisco / Linux / ubuntu / VMPS / OpenVMPS - Vlan Management Policy Server

OpenVMPS - Vlan Management Policy Server

databom0 bình luận
It is possible assign a vlan to a switch port both static or dynamic way; for the last is required an VMPS, which is a server that allow you assign a vlan to a switch port depending of some parameters.

Cisco officially has VMPS support for Catalyst 4000, 5000 and 6500 series; but using a linux server with OpenVMPS service we can do it.

Before proceed to the implementation of this solution is needed that you understand how it work: when a device is connect to a switch port, it send a query to the VMPS Server indicating its Mac Address, then the VMPS Server sends to our device its correct Vlan. The VMPS has a database with a Mac-Vlan Relations, when a Mac is not located then it will send the default VLAN.

The first thing that we have to do is download OpenVPMS, we can download it through this link: http://sourceforge.net/projects/vmps/

Then we have to extract the OpenVMPS package:

[root@punto-libre.org]/ # tar -xvf vmpsd-1.4.03.tar.gz

Then install the packet:

[root@punto-libre.org] # cd vmpsd-1.4.03
[root@punto-libre.org] # ./configure
[root@punto-libre.org] # make
[root@punto-libre.org] # make install

OpenVMPS for its operation uses a configuration file that is used as database, in the installation folder we can see a file called vlan.db in which we have to modify the next parameters:
  • VTP Domain: It is the domain configured in the switches.
  • VMPS Mode: It can be Open or Secure, if it is Open, the unidentified Mac will be in the Default Vlan, and if it is Secure, the port will be disabled.
  • Default Vlan: It is the Vlan in which the port will be in case of an unidentified Mac detection.
For this configuration example I will show you how assign the Vlan Commercial to the Mac aaaa.aaaa.aaaa and the Vlan Technology to the Mac bbbb.bbbb.bbbb.

vmps domain punto-libre.org
vmps mode open
vmps fallback default
vmps-mac-addrs
address aaaa.aaaa.aaaa vlan-name Commercial
address bbbb.bbbb.bbbb vlan-name Technology

Then we have to run the server:

[root@punto-libre.org] # vmpsd -f vlan.db -a 10.200.9.230 

With the option -f we can specify the configuration file, with -a option we can specify the interface that will listen queries, and optionally we can add the option -d for looking all the queries and actions that the server takes.

Just enough  apply the next configuration in the switches:

Switch (config)# vmps server 10.200.9.230
Switch (config)# vmps retry 10
Switch (config)# vmps reconfirm 1

In each switch port we have to apply the next:

Switch (config)# interface fastethernet0/1
Switch (config-if)# switchport access vlan dynamic

And Ready! If you have some doubt, we are here!

Post a Comment

Post a Comment

Subscribe to: Post Comments (Atom)