You are on page 1of 30

CH A P T E R

13

Configuring VLANs, VTP, and VMPS
This chapter describes VLANs on Catalyst 4500 series switches. It also describes how to enable the VLAN Trunking Protocol (VTP) and to configure the Catalyst 4500 series switch as a VMPS client. This chapter includes the following major sections:
• • •

VLANs, page 13-1 VLAN Trunking Protocol, page 13-8 VLAN Membership Policy Server, page 13-17

Note

For complete syntax and usage information for the switch commands used in this chapter, look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Command Reference, it is located in the larger Cisco IOS library. Refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html

VLANs
This section includes the following major subsections:
• • • •

Overview of VLANs, page 13-1 VLAN Configuration Guidelines and Restrictions, page 13-3 VLAN Default Configuration, page 13-4 Configuring VLANs, page 13-5

Overview of VLANs
A VLAN is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

Software Configuration Guide—Release 12.2(44)SG OL-15342-01

13-1

Chapter 13 VLANs

Configuring VLANs, VTP, and VMPS

VLANs define broadcast domains in a Layer 2 network. A broadcast domain is the set of all devices that will receive broadcast frames originating from any device within the set. Broadcast domains are typically bounded by routers because routers do not forward broadcast frames. Layer 2 switches create broadcast domains based on the configuration of the switch. Switches are multiport bridges that allow you to create multiple broadcast domains. Each broadcast domain is like a distinct virtual bridge within a switch. You can define one or many virtual bridges within a switch. Each virtual bridge you create in the switch defines a new broadcast domain (VLAN). Traffic cannot pass directly to another VLAN (between broadcast domains) within the switch or between two switches. To interconnect two different VLANs, you must use routers or Layer 3 switches. See the “Overview of Layer 3 Interfaces” section on page 27-1 for information on inter-VLAN routing on Catalyst 4500 series switches. Figure 13-1 shows an example of three VLANs that create logically defined networks.
Figure 13-1 Sample VLANs
Engineering VLAN Cisco router Marketing VLAN Accounting VLAN

Floor 3 Fast Ethernet

Floor 2

Floor 1
16751

VLANs are often associated with IP subnetworks. For example, all of the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. You must assign LAN interface VLAN membership on an interface-by-interface basis (this is known as interface-based or static VLAN membership). You can set the following parameters when you create a VLAN in the management domain:
• • • • • • •

VLAN number VLAN name VLAN type VLAN state (active or suspended) Maximum transmission unit (MTU) for the VLAN Security Association Identifier (SAID) VLAN number to use when translating from one VLAN type to another

Software Configuration Guide—Release 12.2(44)SG

13-2

OL-15342-01

Chapter 13

Configuring VLANs, VTP, and VMPS VLANs

Note

When the software translates from one VLAN type to another, it requires a different VLAN number for each media type.

VLAN Configuration Guidelines and Restrictions
Follow these guidelines and restrictions when creating and modifying VLANs in your network:

Before creating a VLAN, put the Catalyst 4500 series switch in VTP server mode or VTP transparent mode. If the Catalyst 4500 series switch is a VTP server, you must define a VTP domain. For information on configuring VTP, see the section VLAN Trunking Protocol, page 13-8. The Cisco IOS end command is not supported in VLAN database mode. You cannot use Ctrl-Z to exit VLAN database mode. If a Catalyst 4948 switch running MSTP and configured with all possible VLANs (4094) is in the path of two HSRP peers with the timeout set below 500 ms., HSRP flaps. Workarounds:
– Use fewer VLANs. – Set the timers greater than 600 ms. – Enter the commands no igmp snooping (globally) and access-list hardware capture mode

• • •

VLAN.

VLAN Ranges
Note

You must enable the extended system ID to use 4094 VLANs. See the “Understanding the Bridge ID” section on page 17-2. With Cisco IOS Release 12.2(25)EWA and later, Catalyst 4500 series switches support 4096 VLANs in compliance with the IEEE 802.1Q standard. These VLANs are organized into three ranges: reserved, normal, and extended. Some of these VLANs are propagated to other switches in the network when you use the VLAN Trunking Protocol (VTP). The extended-range VLANs are not propagated, so you must configure extended-range VLANs manually on each network device. Table 13-1 describes the uses for VLAN ranges.

Table 13-1 VLAN Ranges

VLANs 0, 4095 1 2–1001

Range Reserved Normal Normal

Usage For system use only. You cannot see or use these VLANs. Cisco default. You can use this VLAN but you cannot delete it. Used for Ethernet VLANs; you can create, use, and delete these VLANs.

Propagated by VTP — Yes Yes

Software Configuration Guide—Release 12.2(44)SG OL-15342-01

13-3

where x is a number assigned by the software. VTP.10 SAID MTU size Translational bridge 1 Default 1 VLANx. enter the show vlan internal usage command. Internal VLANs are allocated from 1006 and up. and VMPS Table 13-1 VLAN Ranges VLANs 1002–1005 1006–4094 Range Normal Extended Usage Cisco defaults for FDDI and Token Ring. Table 13-2 Ethernet VLAN Defaults and Ranges Parameter VLAN ID VLAN name 802.294.190 0–1005 Software Configuration Guide—Release 12.2(44)SG 13-4 OL-15342-01 . To display the VLANs used internally. You cannot use a VLAN that has been allocated for such use. See the “Enabling the Extended System ID” section on page 17-8. Switches running Catalyst product family software do not support configuration of VLANs 1006–1024.967. • • Configurable Normal-Range VLAN Parameters Note Ethernet VLANs 1 and 1006 through 4094 use only default values.001 1500 1002 Valid Values 1–4094 No range 1–4. If you configure VLANs 1006–1024. You cannot delete VLANs 1002–1005. You must enable the extended system ID to use extended range VLANs.Chapter 13 VLANs Configuring VLANs. You can configure the following parameters for VLANs 2 through 1001: • • • • • VLAN name VLAN type VLAN state (active or suspended) SAID STP type for VLANs VLAN Default Configuration Table 13-2 shows the default VLAN configuration values.294 1500–18. ensure that the VLANs do not extend to any switches running Catalyst product family software. note the following: • Propagated by VTP Yes No Layer 3 ports and some software features require internal VLANs. For Ethernet VLANs only. 100. When configuring extended-range VLANs.

but they are not truly supported. or TrBRF traffic. page 13-8 Configuring VLANs in Global Configuration Mode If the switch is in VTP server or transparent mode (see the “VLAN Trunking Protocol” section on page 13-8). but it does propagate the VLAN configuration via VTP. not the running-config or startup-config files. which is stored in nonvolatile memory. Software Configuration Guide—Release 12. refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference.2(44)SG OL-15342-01 13-5 . Configuring VLANs Note Before you configure VLANs. The software reserves parameters for these media types. The switch does not forward FDDI. The following sections describe how to configure VLANs: • • Configuring VLANs in Global Configuration Mode. You can cause inconsistency in the VLAN database if you manually delete the vlan. shutdown Note Catalyst 4500 series switches do not support Token Ring or FDDI media.dat file. you can configure VLANs in global and VLAN configuration modes. After you save the running configuration as the startup configuration.Chapter 13 Configuring VLANs. you must use VLAN Trunking Protocol (VTP) to maintain global VLAN configuration information for your network. If the switch is in VLAN transparent mode. When you configure VLANs in global and config-vlan configuration modes. VTP. the VLAN configuration is saved in the vlan. For complete information.dat files. use the copy running-config startup-config command to save the VLAN configuration to the startup-config file.dat file. enter the show vlan command. FDDI-NET. see the “VLAN Trunking Protocol” section on page 8. TrCRF. suspend. Note The VLAN configuration is stored in the vlan. For complete information on VTP. Note VLANs support a number of parameters that are not discussed in detail in this section. page 13-5 Assigning a Layer 2 LAN Interface to a VLAN. To display the VLAN configuration. and VMPS VLANs Table 13-2 Ethernet VLAN Defaults and Ranges (continued) Parameter Translational bridge 2 VLAN state Default 1003 active Valid Values 0–1005 active. the show running-config and show startup-config commands display the VLAN configuration. use the commands described in the following sections and in the Catalyst 4500 Series Switch Cisco IOS Command Reference. If you want to modify the VLAN configuration or VTP.

dat files do not match. Software Configuration Guide—Release 12.2(44)SG 13-6 OL-15342-01 . the switch uses the configuration in the vlan. To create a VLAN. and you can display the contents of the file by entering the show running-config command. The results of these commands are written to the running-config file. if the VTP domain name and VTP mode in the startup-config and vlan. You use the interface configuration command mode to define the port membership mode and add and remove ports from a VLAN. If you do not use the media keyword when specifying the VLAN type. VTP. the VLAN is an Ethernet VLAN. enter the show vlan id ID command. and VMPS Note When the switch boots. enter the vlan command with an unused ID. To modify a VLAN. To verify whether a particular ID is in use.Chapter 13 VLANs Configuring VLANs.dat file. enter the vlan command for an existing VLAN. See the “VLAN Default Configuration” section on page 13-4 for the list of default parameters that are assigned when you create a VLAN. User-configured VLANs have unique IDs from 1 to 4094.

VTP. If the VLAN you are trying to create or modify is being used by a Layer 3 port or a software feature.----------------.----. Note You cannot delete the default VLANs for these media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.---------.-------. When you delete a VLAN. use this mode.-------------------------------.-----.----. configure extended-range VLANs starting with 4094 and work downward. Layer 3 ports and some software features use extended-range VLANs.-----.------------------------------3 VLAN0003 active VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---. Step 3 Step 4 Switch(config-vlan)# end Switch# show vlan [id | name] vlan_name Returns to enable mode from vlan-configuration mode. You can configure extended-range VLANs only in global configuration mode. the switch displays a message and does not modify the VLAN configuration.-----3 enet 100003 1500 0 0 Primary Secondary Type Interfaces ------. Verifies the VLAN configuration.-------. note the following: • • • Because Layer 3 ports and some software features require internal VLANs allocated from 1006 and up. When you create or modify an Ethernet VLAN.Chapter 13 Configuring VLANs. When the prompt reads Switch(config-vlan)#.---. you are in vlan-configuration mode. They remain associated with the VLAN (and thus inactive) until you assign them to a new VLAN. If you wish to change any of the parameters for the newly created VLAN. Adds an Ethernet VLAN.--------. perform this task: Command Step 1 Step 2 Switch# configure terminal Switch(config)# vlan vlan_ID Switch(config-vlan)# Purpose Enters global configuration mode.2(44)SG OL-15342-01 13-7 . You cannot configure extended-range VLANs in VLAN database mode.--------.-----. and VMPS VLANs To create a VLAN. You can use the no keyword to delete a VLAN.------------------------------------------Switch# Software Configuration Guide—Release 12. any LAN interfaces configured as access ports assigned to that VLAN become inactive. This example shows how to create an Ethernet VLAN in global configuration mode and verify the configuration: Switch# configure terminal Switch(config)# vlan 3 Switch(config-vlan)# end Switch# show vlan id 3 VLAN Name Status Ports ---.

you must decide whether you want to use VTP in your network. and 10-Gigabit Ethernet interfaces to Ethernet-type VLANs. Before you create VLANs. and VMPS Assigning a Layer 2 LAN Interface to a VLAN A VLAN created in a management domain remains unused until you assign one or more LAN interfaces to the VLAN. you can make configuration changes centrally on one or more network devices and have those changes automatically communicated to all the other network devices in the network. A VTP domain (also called a VLAN management domain) is made up of one or more network devices that share the same VTP domain name and that are interconnected with trunks.2(44)SG 13-8 OL-15342-01 . For details on configuring VLANs. deletion. This section includes the following major subsections: • • • • Overview of VTP. and renaming of VLANs within a VTP domain.Chapter 13 VLAN Trunking Protocol Configuring VLANs. page 13-9 Understanding VTP Modes. such as duplicate VLAN names. page 13-1 These sections describe how VTP works: • • • • • Understanding the VTP Domain. page 13-12 VTP Default Configuration. page 13-10 Understanding VTP Pruning. page 13-12 Configuring VTP. VTP. With VTP. To assign one or more LAN interfaces to a VLAN. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems. and security violations. page 13-8 VTP Configuration Guidelines and Restrictions. Gigabit Ethernet. see VLANs. VLAN Trunking Protocol This section describes the VLAN Trunking Protocol (VTP) on the Catalyst 4500 series switches. incorrect VLAN-type specifications. Note Make sure you assign LAN interfaces to a VLAN of the proper type. page 13-9 Understanding VTP Advertisements. complete the procedures in the “Configuring Ethernet Interfaces for Layer 2 Switching” section on page 15-5. page 13-12 Overview of VTP VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition. Assign Fast Ethernet. page 13-9 Understanding VTP Version 2. page 13-10 Software Configuration Guide—Release 12.

but the changes affect only the individual switch. transparent network devices do forward VTP advertisements that they receive on their trunking LAN interfaces. VTP advertisements are transmitted out all Inter-Switch Link (ISL) and IEEE 802. You cannot create or modify VLANs on a VTP server until the management domain name is specified or learned. it inherits the management domain name and the VTP configuration revision number. If this happens. VTP. If you configure the switch as VTP transparent. A VTP transparent network device does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. • • Note Catalyst 4500 series switches automatically change from VTP server mode to VTP client mode if the switch detects a failure while writing configuration to NVRAM. By default.1Q trunk connections. you can create. Client—VTP clients behave the same way as VTP servers.Chapter 13 Configuring VLANs. modify. If the switch receives a VTP advertisement over a trunk link. VTP advertisements are received by neighboring network devices. and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain. the change is propagated to all network devices in the VTP domain. but you cannot create. Understanding VTP Modes You can configure a Catalyst 4500 series switch to operate in any one of these VTP modes: • Server—In VTP server mode. The switch ignores advertisements with a different management domain name or an earlier configuration revision number. which update their VTP and VLAN configurations as necessary. However. VTP maps VLANs dynamically across multiple LAN types with unique names and internal index associations. Mapping eliminates unnecessary device administration for network administrators. and VMPS VLAN Trunking Protocol Understanding the VTP Domain A VTP domain is made up of one or more interconnected network devices that share the same VTP domain name. change. in VTP version 2. Software Configuration Guide—Release 12. VTP servers advertise their VLAN configuration to other network devices in the same VTP domain and synchronize their VLAN configuration with other network devices based on advertisements received over trunk links. Understanding VTP Advertisements Each network device in the VTP domain sends periodic advertisements out each trunking LAN interface to a reserved multicast address. you can create and modify VLANs. Transparent—VTP transparent network devices do not participate in VTP. the switch cannot be returned to VTP server mode until the NVRAM is functioning. When you make a change to the VLAN configuration on a VTP server. the Catalyst 4500 series switch is in VTP server mode and the domain is set to NULL until the switch receives an advertisement for a domain over a trunk link or you configure a management domain. VTP server is the default mode. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).2(44)SG OL-15342-01 13-9 . or delete VLANs on a VTP client. A network device can be configured to be in only one VTP domain.

its information is accepted without consistency checks. you must manually configure the VLANs allowed on trunks. 5. and VMPS The following global configuration information is distributed in VTP advertisements: • • • • • • • VLAN IDs (ISL and 802. Unrecognized Type-Length-Value (TLV) Support—A VTP server or client propagates configuration changes to its other trunks.Chapter 13 VLAN Trunking Protocol Configuring VLANs. If the digest on a received VTP message is correct. even though Switches 3. The unrecognized TLV is saved in NVRAM. VTP. Consistency checks are not performed when new information is obtained from a VTP message or when information is read from NVRAM. The switch does not forward FDDI. • • Understanding VTP Pruning VTP pruning enhances network bandwidth use by reducing unnecessary flooded traffic. all devices in the management domain must either support VTP pruning or. VTP pruning is disabled. Token Ring Concentrator Relay Function [TrCRF]. VTP version 2 supports the following features. even for TLVs it is not able to parse. Interface 1 on Switch 1 and Interface 2 on Switch 4 are assigned to the Red VLAN. and 6 have no interfaces in the Red VLAN. multicast. VLAN consistency checks (such as VLAN names and values) are performed only when you enter new information through the CLI or SNMP. Consistency Checks—In VTP version 2. a VTP transparent network device forwards VTP messages in transparent mode without checking the version. Software Configuration Guide—Release 12. By default. such as broadcast. Note Catalyst 4500 series switches do not support Token Ring or FDDI media. and unicast packets. or Token Ring Bridge Relay Function [TrBRF] traffic. For VTP pruning to be effective. you must decide whether to use VTP version 1 or version 2. Version-Dependent Transparent Mode—In VTP version 1 and version 2. but it does propagate the VLAN configuration via VTP. including maximum transmission unit (MTU) size for each VLAN Frame format Understanding VTP Version 2 If you use VTP in your network.2(44)SG 13-10 OL-15342-01 .1Q) Emulated LAN names (for ATM LANE) 802. Switch 1 floods the broadcast and every network device in the network receives it. VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. A broadcast is sent from the host connected to Switch 1. which are not supported in version 1: • • Token Ring support—VTP version 2 supports Token Ring LAN switching and VLANs (TrBRF and TrCRF). on devices that do not support VTP pruning. FDDI-Net. Figure 13-2 shows a switched network without VTP pruning enabled.10 SAID values (FDDI) VTP domain name VTP configuration revision number VLAN configuration.

To configure VTP pruning on a trunking LAN interface. whether any given VLAN exists. Switch 2 Red VLAN Switch 5 Interface 5 Interface 1 31075 Switch 6 Switch 3 Switch 1 Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning operates when a LAN interface is trunking. and 6 because traffic for the Red VLAN has been pruned on the links indicated (Interface 5 on Switch 2 and Interface 4 on Switch 4). Figure 13-3 Flooding Traffic with VTP Pruning Switch 4 Interface 2 Interface 4 Flooded traffic is pruned. VLANs 2 through 1000 are eligible for pruning. By default. and regardless of whether the LAN interface is currently trunking. The broadcast traffic from Switch 1 is not forwarded to Switches 3. Figure 13-2 Flooding Traffic without VTP Pruning Catalyst series switch 4 Interface 2 Catalyst series switch 5 Catalyst series switch 2 Red VLAN Interface 1 Catalyst series switch 6 Catalyst series Catalyst series switch 3 switch 1 94151 Figure 13-3 shows the same switched network with VTP pruning enabled. You can set VLAN pruning eligibility regardless of whether VTP pruning is enabled or disabled for the VTP domain. VTP pruning does not prune traffic from pruning-ineligible VLANs. VTP. VTP pruning takes effect several seconds after you enable it. Software Configuration Guide—Release 12. 5. and VMPS VLAN Trunking Protocol You can enable pruning globally on the Catalyst 4500 series switch (see the “Enabling VTP Pruning” section on page 13-13). VLAN 1 is always ineligible for pruning. traffic from VLAN 1 cannot be pruned.2(44)SG OL-15342-01 13-11 . use the switchport trunk pruning vlan command.Chapter 13 Configuring VLANs.

dat or issuing the erase cat4000_flash: command. page 13-13 Configuring the Switch as a VTP Server.2(44)SG 13-12 OL-15342-01 . Caution If you configure VTP in secure mode. • • • VTP Default Configuration Table 13-3 shows the default VTP configuration. Configuring VTP The following sections describe how to configure VTP: • • Configuring VTP Global Parameters. When you enable VTP version 2 on a server. and VMPS VTP Configuration Guidelines and Restrictions Follow these guidelines and restrictions when implementing VTP in your network: • • All network devices in a VTP domain must run the same VTP version. VTP. Deleting vlan. You must configure a password on each network device in the management domain when VTP is in secure mode. and resetting the switch will change the VTP mode to server. • A VTP version 2-capable network device can operate in the same VTP domain as a network device running VTP version 1 if VTP version 2 is disabled on the VTP version 2-capable network device (VTP version 2 is disabled by default). Do not enable VTP version 2 on a network device unless all of the network devices in the same VTP domain are version 2-capable. Configuring VLANs as eligible for pruning on a Catalyst 4500 series switch affects pruning eligibility for those VLANs on that switch only. Table 13-3 VTP Default Configuration Feature VTP domain name VTP mode VTP version 2 enable state VTP password VTP pruning Default Value Null Server Version 2 is disabled None Disabled The default VTP mode for newly manufactured Catalyst 4500 supervisor engines. and the Cisco ME 4924-10GE switche is transparent. Catalyst 4900 series switches. not on all network devices in the VTP domain. Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire management domain. page 13-14 Software Configuration Guide—Release 12. the management domain will not function properly if you do not assign a management domain password to each network device in the domain.Chapter 13 VLAN Trunking Protocol Configuring VLANs. all of the version 2-capable network devices in the domain enable VTP version 2.

page 13-15 Disabling VTP (VTP Transparent Mode).2(44)SG OL-15342-01 13-13 . Uses the no keyword to remove the password. VTP. Step 2 Switch# show vtp status Verifies the configuration. perform this task: Command Step 1 Switch# [no] vtp pruning Purpose Enables VTP pruning in the management domain. This example shows how to configure a VTP password: Switch# vtp password WATER Setting device VLAN database password to WATER. page 13-16 Configuring VTP Global Parameters The following sections describe configuring the VTP global parameters: • • • Configuring a VTP Password. page 13-14 Configuring a VTP Password To configure the VTP password. Use the no keyword to disable VTP pruning in the management domain. perform this task: Command Switch# [no] vtp password password_string Purpose Sets a password for the VTP domain. This example shows how to enable VTP pruning in the management domain: Switch# vtp pruning Pruning switched ON This example shows how to verify the configuration: Switch# show vtp status | include Pruning VTP Pruning Mode : Enabled Switch# Software Configuration Guide—Release 12. and VMPS VLAN Trunking Protocol • • • Configuring the Switch as a VTP Client. page 13-13 Enabling VTP Version 2.Chapter 13 Configuring VLANs. page 13-16 Displaying VTP Statistics. The password can be from 8 to 64 characters. page 13-13 Enabling VTP Pruning. Switch#show vtp password VTP Password:WATER Switch# Enabling VTP Pruning To enable VTP pruning in the management domain.

Exits VLAN configuration mode. Step 2 Switch# show vtp status This example shows how to enable VTP version 2: Switch# vtp version 2 V2 mode enabled. When you enable VTP version 2 on a server. VTP. Switch(config)# end Switch# show vtp status This example shows how to configure the switch as a VTP server: Switch# configuration terminal Switch(config)# vtp mode server Setting device to VTP SERVER mode. Use the no keyword to revert to the default. Switch# This example shows how to verify the configuration: Switch# show vtp status | include V2 VTP V2 Mode : Enabled Switch# Configuring the Switch as a VTP Server To configure the Catalyst 4500 series switch as a VTP server. VTP version 2 is disabled on VTP version 2-capable network devices. which can be up to 32 characters long. perform this task: Command Step 1 Step 2 Step 3 Step 4 Step 5 Switch# configuration terminal Switch(config)# vtp mode server Switch(config)# vtp domain domain_name Purpose Enters configuration mode. Defines the VTP domain name. every VTP version 2-capable network device in the VTP domain enables version 2. perform this task: Command Step 1 Switch# [no] vtp version {1 | 2} Purpose Enables VTP version 2. To enable VTP version 2.2(44)SG 13-14 OL-15342-01 . Caution VTP version 1 and VTP version 2 are not interoperable on network devices in the same VTP domain. Switch(config)# vtp domain Lab_Network Setting VTP domain name to Lab_Network Switch(config)# end Switch# Software Configuration Guide—Release 12. and VMPS Enabling VTP Version 2 By default. Configures the switch as a VTP server. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2. Verifies the configuration. Verifies the configuration.Chapter 13 VLAN Trunking Protocol Configuring VLANs. Every network device in the VTP domain must use the same VTP version.

0.Chapter 13 Configuring VLANs. Verifies the configuration. Switch(config)# exit Switch# This example shows how to verify the configuration: Switch# show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Client VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.2(44)SG OL-15342-01 13-15 .0 at 8-12-99 15:04:49 Switch# Software Configuration Guide—Release 12.0 at 8-12-99 15:04:49 Local updater ID is 172.52. VTP.34 on interface Gi1/1 (first interface found) Switch# Configuring the Switch as a VTP Client To configure the Catalyst 4500 series switch as a VTP client. and VMPS VLAN Trunking Protocol This example shows how to verify the configuration: Switch# show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Server VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.20. Configure the switch as a VTP client.0. perform this task: Command Step 1 Step 2 Switch# configuration terminal Switch(config)# [no] vtp mode client Purpose Enters configuration mode. Step 3 Step 4 Switch(config)# end Switch# show vtp status This example shows how to configure the switch as a VTP client: Switch# configuration terminal Switch(config)# vtp mode client Setting device to VTP CLIENT mode. Exits configuration mode. Use the no keyword to return to enable server mode.

0 at 8-12-99 15:04:49 Switch# Displaying VTP Statistics To display VTP statistics. and VMPS Disabling VTP (VTP Transparent Mode) To disable VTP on the Catalyst 4500 series switch. perform this task: Command Step 1 Step 2 Switch# configuration terminal Switch(config)# [no] vtp mode transparent Purpose Enters configuration mode.2(44)SG 13-16 OL-15342-01 . Exits configuration mode. Switch(config)# end Switch# This example shows how to verify the configuration: Switch# show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Transparent VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0. Verifies the configuration. VTP. Step 3 Step 4 Switch(config)# end Switch# show vtp status This example shows how to disable VTP on the switch: Switch# configuration terminal Switch(config)# vtp transparent Setting device to VTP mode.0. perform this task: Command Switch# show vtp counters Purpose Displays VTP statistics.Chapter 13 VLAN Trunking Protocol Configuring VLANs. Use the no keyword to enable server mode. including VTP advertisements sent and received and VTP errors. Disables VTP on the switch. This example shows how to display VTP statistics: Switch# show vtp counters VTP statistics: Summary advertisements received Subset advertisements received Request advertisements received Summary advertisements transmitted Subset advertisements transmitted Request advertisements transmitted Number of config revision errors : : : : : : : 7 5 0 997 13 3 0 Software Configuration Guide—Release 12.

page 13-19 Dynamic Port VLAN Membership Configuration Example. page 13-28 Overview of VMPS These subsections describe what a VMPS server does and how it operates: • • • • Understanding the VMPS Server. A Catalyst 4500 series switch running Cisco IOS software does not support the functionality of a VMPS.---------------.Chapter 13 Configuring VLANs. page 13-17 Overview of VMPS Clients.2(44)SG OL-15342-01 13-17 . page 13-19 Understanding the VMPS Server A VLAN Membership Policy Server (VMPS) provides a centralized server for selecting the VLAN for a port dynamically based on the MAC address of the device connected to the port. page 13-17 Security Modes for VMPS Server. For VMPS functionality. page 13-19 Illegal VMPS Client Requests. Upon receiving a valid request from a VMPS client. VMPS uses a UDP port to listen to VQP requests from clients. When the host moves from a port on one switch in the network to a port on another switch in the network.--------------------------Fa5/8 43071 42766 5 Join Transmitted Join Received VLAN Membership Policy Server This section describes how to configure dynamic port VLAN membership through the VLAN Membership Policy Server (VMPS). that switch dynamically assigns the new port to the proper VLAN for that host. page 13-18 Fallback VLAN. page 13-25 VMPS Database Configuration File Example. the VMPS verifies the requesting port against this group and responds as follows: Software Configuration Guide—Release 12. so. This section includes the following subsections: • • • • Overview of VMPS. you need to use a Catalyst 4500 series switch (or Catalyst 6500 series switch) running Catalyst operating system (OS) software. a VMPS server searches its database for an entry of a MAC-address to VLAN mapping. it is not necessary for VMPS clients to know if the VMPS resides on a local or remote device on the network.---------------. In response to a request. the VMPS takes one of the following actions: • If the assigned VLAN is restricted to a group of ports. It can only function as a VLAN Query Protocol (VQP) client. VTP. and VMPS VLAN Membership Policy Server Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk : 0 : 0 Summary advts received from non-pruning-capable device ---------------. which communicates with a VMPS through the VQP.

If a VLAN associated with this MAC address in the database does not match the current VLAN assigned on the port. and a fallback VLAN name is not configured. VMPS verifies the requesting MAC address against this port: • • Secure Mode If no VLAN is assigned to this port. Cisco Visual Switch Manager (CVSM). If the VLAN associated with this MAC address is not allowed on the port. the host receives an “access denied” response. VMPS verifies the requesting MAC address against this port: • If the VLAN associated with this MAC address is allowed on the port. You can also use an explicit entry in the configuration table to deny access to specific MAC addresses for security reasons. a “fallback VLAN name” (open with fallback VLAN configured).2(44)SG 13-18 OL-15342-01 . the VMPS sends the VLAN name to the client in response. Software Configuration Guide—Release 12. – If the VLAN is not allowed on the port and the VMPS is not in secure mode. The port must be manually re-enabled by using the CLI. and VMPS – If the VLAN is allowed on the port. page 13-18 Secure Mode. VTP. or SNMP. If you enter the none keyword for the VLAN name. If the VLAN associated with this MAC address in the database does not match the current VLAN assigned on the port. and a fallback VLAN name is configured. The way a VMPS server responds to illegal requests depends on the mode in which the VMPS is configured: • • • Open Mode. VMPS sends the fallback VLAN name to the client. – If the VLAN is not allowed on the port and the VMPS is in secure mode. The switch continues to monitor the packets directed to the port and sends a query to the VMPS when it identifies a new address. VMPS verifies the requesting MAC address against this port: • • If the VLAN associated with this MAC address is allowed on the port. the VMPS sends an “access-denied” or “port-shutdown” response. If the switch receives an “access-denied” response from the VMPS. the switch continues to block traffic from the MAC address to or from the port. • If the VLAN in the database does not match the current VLAN on the port and there are active hosts on the port. If a VLAN is already assigned to this port. the VMPS sends a “port-shutdown” response. page 13-18 Multiple Mode. the VMPS sends an “access-denied” (open). or a “new VLAN name” (multiple) response. depending on the secure mode setting of the VMPS.Chapter 13 VLAN Membership Policy Server Configuring VLANs. the switch disables the port. the host receives an “access denied” response. If the switch receives a “port-shutdown” response from the VMPS. a “port-shutdown” (secure). Security Modes for VMPS Server VMPS operates in three different modes. the VLAN name is returned to the client. the VLAN name is returned to the client. page 13-19 Open Mode If no VLAN is assigned to this port. the VMPS sends an “access-denied” response.

the VLAN matching the MAC address in the last request is returned to the client provided that multiple mode is configured on the VMPS server. If you do not configure a fallback VLAN name and the MAC address does not exist in the database. If the link fails on a dynamic port. When a port is already assigned a VLAN (and the VMPS mode is not “multiple”) but a second VMPS client request is received on the VMPS for a different MAC-address. VMPS verifies the requesting MAC address against this port: • Multiple Mode Multiple hosts (MAC addresses) can be active on a dynamic port if they are all in the same VLAN. even if a fallback VLAN name is configured. the port returns to the unassigned state. the User Registration Tool (URT) supports open mode only. VMPS compares the requesting MAC address to this port: • • If you connect a device with a MAC address that is not in the database. page 13-20 Software Configuration Guide—Release 12. If no VLAN has been assigned to this port. whether or not a fallback VLAN has been configured on the server. VTP. If a VLAN is already assigned to this port. Any hosts that come online through the port are checked again with VMPS before the port is assigned to a VLAN. Overview of VMPS Clients The following subsections describe how to configure a switch as a VMPS client and configure its ports for dynamic VLAN membership. it sends a “port-shutdown” response. the port is shut down. If multiple hosts connected to a dynamic port belong to different VLANs. the VMPS sends an “access-denied” response. the port is shutdown. The following topics are included: • Understanding Dynamic VLAN Membership.Chapter 13 Configuring VLANs. If a VLAN associated with this MAC address in the database does not match the current VLAN assigned on the port.2(44)SG OL-15342-01 13-19 . the VMPS sends the fallback VLAN name to the client. Note Although Catalyst 4500 series and Catalyst 6500 series switches running Catalyst operating system software support VMPS in all three operation modes. Fallback VLAN You can configure a fallback VLAN name on a VMPS server. VMPS compares the requesting MAC address to this port: • Illegal VMPS Client Requests Two examples of illegal VMPS client requests are as follows: • • When a MAC-address mapping is not present in the VMPS database and “no fall back” VLAN is configured on the VMPS. If a VLAN is already assigned to this port. and VMPS VLAN Membership Policy Server • If the VLAN associated with this MAC address is not allowed on the port. If the VMPS is in secure mode.

page 13-25 Understanding Dynamic VLAN Membership When a port is configured as “dynamic. If the link goes down on a dynamic port. page 13-21 Administering and Monitoring the VMPS. the VMPS either denies the request or shuts down the port (depending on the VMPS security mode setting). VTP. irrespective of the operating mode of the VMPS server. Note The VMPS shuts down a dynamic port if more than 50 hosts are active on that port. For details on how to set the retry interval. the client device must be able to reach the VMPS. If there is no match. refer to section “Administering and Monitoring the VMPS” on page 24. Any hosts that come online through the port are checked again with the VMPS before the port is assigned to a VLAN. A maximum of 50 hosts are supported on a given port at any given time. A VMPS client sends VQP requests as UDP packets. the port is shut down. and VMPS • • • • Default VMPS Client Configuration. The VLAN is not statically assigned to the port.Chapter 13 VLAN Membership Policy Server Configuring VLANs. the switch does not forward traffic to or from this port until the port is assigned to a VLAN. it is dynamically acquired from the VMPS based on the MAC-address on the port. which attempts to match the MAC address to a VLAN in the VMPS database.2(44)SG 13-20 OL-15342-01 . Table 13-4 Default VMPS Client and Dynamic Port Configuration Feature VMPS domain server VMPS reconfirm interval VMPS server retry count Dynamic ports Default Configuration None 60 minutes 3 None configured Software Configuration Guide—Release 12. The source MAC address from the first packet of a new host on the dynamic port is sent to the VMPS as part of the VQP request. See the “Overview of VMPS” section on page 13-17 for a complete description of possible VMPS responses. the port returns to the unassigned state and does not belong to a VLAN. For this behavior to work.” it receives VLAN information based on the MAC-address that is on the port. Default VMPS Client Configuration Table 13-4 shows the default VMPS and dynamic port configuration on client switches. the VMPS sends the VLAN number for that port. page 13-20 Configuring a Switch as a VMPS Client. Once this maximum is exceeded. For details on how to set the reconfirm frequency. refer to section “Configuring the Retry Interval” on page 23. If there is a match. trying a certain number of times before giving up. The VMPS client also periodically reconfirms the VLAN membership. When the link becomes active. Multiple hosts (MAC addresses) can be active on a dynamic port if all are in the same VLAN. page 13-24 Troubleshooting Dynamic Port VLAN Membership. A dynamic port can belong to one VLAN only.

20. VTP.128. Switch(config)# vmps server 172.Chapter 13 Configuring VLANs. page 13-23 Reconfirming VLAN Memberships.179 primary Switch(config)# vmps server 172. Returns to privileged EXEC mode. page 13-22 Reconfirming VLAN Memberships.128.178 Switch(config)# end Note You can configure up to four VMPS servers using this CLI on the VMPS client. Switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172. perform this task: Command Step 1 Step 2 Step 3 Step 4 Step 5 Switch# configure terminal Switch(config)# vmps server {ipaddress | hostname} primary Switch(config)# vmps server {ipaddress | hostname} Switch(config)# end Switch# show vmps Purpose Enters global configuration mode. This example shows how to define the primary and secondary VMPS devices: Switch# configure terminal Enter configuration commands. Verifies the VMPS server entry.178 Reconfirmation status --------------------VMPS Action: No Dynamic Port Software Configuration Guide—Release 12. Specifies the IP address or hostname of the switch acting as the primary VMPS server. current) 172. End with CNTL/Z. you must enter the IP address or hostname of the switch acting as the VMPS. To define the primary and secondary VMPS on a Catalyst 4500 series switch.128.2(44)SG OL-15342-01 13-21 .179 (primary. and VMPS VLAN Membership Policy Server Configuring a Switch as a VMPS Client This section contains the following topics: • • • • • Configuring the IP Address of the VMPS Server.20.20. page 13-23 Configuring the IP Address of the VMPS Server To configure a Catalyst 4500 series switch as a VMPS client. page 13-21 Configuring Dynamic Access Ports on a VMPS Client.128. Specifies the IP address or hostname of the switch acting as a secondary VMPS server.20. page 13-23 Configuring Reconfirmation Interval. one per line.

and VMPS Configuring Dynamic Access Ports on a VMPS Client To configure a dynamic access port on a VMPS client switch. perform this task: Command Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Switch# configure terminal Switch(config)# interface interface Purpose Enters global configuration mode. Switch(config)# interface fa1/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan dynamic Switch(config-if)# end Switch# show interface fa1/1 switchport Name: Fa0/1 Switchport: Enabled Administrative mode: dynamic auto Operational Mode: dynamic access Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: Disabled Access Mode VLAN: 0 ((Inactive)) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: NONE Pruning VLANs Enabled: NONE Voice Ports If a VVID (voice VLAN ID) is configured on a dynamic access port.2(44)SG 13-22 OL-15342-01 . Returns to privileged EXEC mode. Verifies the entry. the port can belong to both an access VLAN and a voice VLAN. Configures the port as eligible for dynamic VLAN access.Chapter 13 VLAN Membership Policy Server Configuring VLANs. one per line. End with CNTL/Z. Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan dynamic Switch(config-if)# end Switch# show interface interface switchport This example shows how to configure a dynamic access port and to verify the entry: Switch# configure terminal Enter configuration commands. VTP. Consequently. Enters interface configuration mode and specifies the port to be configured. Sets the port to access mode. an access port configured for connecting an IP phone can have separate VLANs for the following: • • Data traffic to and from the PC that is connected to the switch through the access port of the IP phone (access VLAN) Voice traffic to and from the IP phone (voice VLAN) Software Configuration Guide—Release 12.

Software Configuration Guide—Release 12. and VMPS VLAN Membership Policy Server Reconfirming VLAN Memberships To confirm the dynamic port VLAN membership assignments that the switch has received from the VMPS. perform this task: Command Step 1 Step 2 Step 3 Step 4 Switch# configure terminal Switch(config)# vmps reconfirm minutes Purpose Enters global configuration mode. Configuring Reconfirmation Interval VMPS clients periodically reconfirm the VLAN membership information received from the VMPS. Specifies the number of minutes between reconfirmations of the dynamic VLAN membership. You can set the number of minutes the VMPS client waits before reconfirming the VLAN-to-MAC-address assignments. Verifies the dynamic VLAN reconfirmation status. Switch(config)# end Switch# show vmps This example shows how to change the reconfirmation interval to 60 minutes and verify the change: Switch# configure terminal Enter configuration commands. VTP. current) Reconfirmation status --------------------VMPS Action: No Host Configuring the Retry Interval You can set the number of times that the VMPS client attempts to contact the VMPS before querying the next server.50 (primary.130.20. Switch(config)# vmps reconfirm 60 Switch(config)# end Switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 10 VMPS domain server: 172.2(44)SG OL-15342-01 13-23 . Verifies the dynamic VLAN reconfirmation status.Chapter 13 Configuring VLANs. perform this task: Command Step 1 Step 2 Switch# vmps reconfirm Switch# show vmps Purpose Reconfirms dynamic port VLAN membership. Returns to privileged EXEC mode. End with CNTL/Z. one per line. To configure the reconfirmation interval.

current) Reconfirmation status --------------------VMPS Action: No Host Administering and Monitoring the VMPS You can display the following information about the VMPS with the show vmps command: VQP Version Reconfirm Interval Server Retry Count The version of VQP used to communicate with the VMPS. VMPS Action The result of the most-recent reconfirmation attempt. Returns to privileged EXEC mode. The switch queries the VMPS using VQP Version 1.50 (primary. Switch(config)# end Switch# show vmps This example shows how to change the retry count to 5 and to verify the change: Switch# configure terminal Enter configuration commands. Verifies the retry count. Software Configuration Guide—Release 12. and VMPS To configure the retry interval. VMPS domain server The IP address of the configured VLAN membership policy servers.” The one marked “primary” is the primary server. perform this task: Command Step 1 Step 2 Step 3 Step 4 Switch# configure terminal Switch(config)# vmps retry count Purpose Enters global configuration mode.130. If no response is received after this many tries. or you can force it by entering the vmps reconfirm command or its CVSM or SNMP equivalent. The number of times VQP resends a query to the VMPS.Chapter 13 VLAN Membership Policy Server Configuring VLANs. Range is from 1 to 10. The switch currently sends queries to the one marked “current. End with CNTL/Z.20. one per line. Specifies the retry count for the VPQ queries. The number of minutes the switch waits before reconfirming the VLAN-to-MAC-address assignments. Default is 3.2(44)SG 13-24 OL-15342-01 . Switch(config)# vmps retry 5 Switch(config)# end Switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 5 VMPS domain server: 172. VTP. the switch starts to query the secondary VMPS. This action can occur automatically when the reconfirmation interval expired.

VTP.20. refer to Chapter 7.22.2(44)SG OL-15342-01 13-25 .” To recover an errdisabled port. End stations are connected to these clients: – Catalyst 4500 series XL Switch 2 (running Catalyst IOS) – Catalyst 4500 series XL Switch 9 (running Catalyst IOS) • The database configuration file is called Bldg-G. In this example. The Catalyst 6000 family Switch 3 (running CatOS) and the URT are secondary VMPS servers. and VMPS VLAN Membership Policy Server The following example shows how to display VMPS information: Switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: Reconfirmation status --------------------VMPS Action: other The following example shows how to display VMPS statistics: Switch# show vmps statistics VMPS Client Statistics ---------------------VQP Queries: 0 VQP Responses: 0 VMPS Changes: 0 VQP Shutdowns: 0 VQP Denied: 0 VQP Wrong Domain: 0 VQP Wrong Version: 0 VQP Insufficient Resource: 0 Note Refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference for details on VMPS statistics. and it will not allow the host to connect to the port.db and is stored on the TFTP server with the IP address 172. Software Configuration Guide—Release 12.7. For information on how to display the status of interfaces in error-disabled state. More than 50 active hosts reside on a dynamic port. Dynamic Port VLAN Membership Configuration Example Figure 13-4 on page 13-26 shows a network with a VMPS servers and VMPS client switches with dynamic ports.Chapter 13 Configuring VLANs. use the errdisable recovery cause vmps global configuration command. Troubleshooting Dynamic Port VLAN Membership VMPS errdisables a dynamic port under the following conditions: • • The VMPS is in secure mode. The VMPS errdisables the port to prevent the host from connecting to the network. these assumptions apply: • • • • The VMPS server and the VMPS client are separate switches. “Checking Port Status and Connectivity. The Catalyst 4000 family Switch 1 (running CatOS) is the primary VMPS server.

26.20.152 Switch 4 172.154 Switch 6 172.156 Switch 8 172. which is attached to a Catalyst 4500 series switch.150 Client 172.2(44)SG 13-26 130118 Catalyst 4500 (CatOS)/ Catalyst 6500 (CatOS)/ URT (VMPS server) OL-15342-01 .26.155 Switch 7 172.20.26. VTP.26.159 Two topologies are possible.20.158 130105 URT Secondary VMPS Server 3 Switch 10 172.Chapter 13 VLAN Membership Policy Server Configuring VLANs. and VMPS Figure 13-4 Dynamic Port VLAN Membership Configuration Catalyst 4000 (CatOS) Primary VMPS Server 1 Switch 1 End station 1 3/1 Switch 2 TFTP server 172.20.20.151 Router 172.153 Ethernet segment Switch 5 172.20.22. Figure 13-5 Dynamic Port VLAN Membership Configuration Internet Endstation (in VLAN 10) Catalyst 4500 (IOS) (VMPS client) Software Configuration Guide—Release 12.26.20.26.20. Figure 13-5 illustrates a topology with one end station attached directly to a Catalyst 4500 series switch operating as a VMPS client. Figure 13-6 illustrates a topology with an end station attached to a Cisco IP Phone.20.20.7 Catalyst 6000 (CatOS) Secondary VMPS Server 2 Switch 3 172.26.26.20.26.26.157 Client End station 2 Switch 9 172.

150 (primary.150 primary c. Enter the primary VMPS server IP address: switch(config)# vmps server 172. the Catalyst 4000 and Catalyst 6000 series switches (running CatOS) are the VMPS servers.2(44)SG OL-15342-01 130119 13-27 . Configure the VLAN membership mode for static-access ports: switch(config-if)# switchport mode access Software Configuration Guide—Release 12.20. the client switch.26. Return to global configuration mode: switch# configure terminal b.26.20. Enter the secondary VMPS server IP addresses: switch(config)# vmps server 172. current Step 2 Configure port Fa0/1 on Switch 2 as a dynamic port. Use this procedure to configure the Catalyst 4500 series switch clients in the network: Step 1 Configure the VMPS server addresses on Switch 2. To verify your entry of the VMPS IP addresses. enter global configuration mode: switch# configuration terminal b. Display VMPS information configured for the switch: switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172. VTP. Enter interface configuration mode: switch(config)# interface fa2/1 c.152 d. a.Chapter 13 Configuring VLANs.20.20. return to privileged EXEC mode: switch#(config) exit e. Starting from privileged EXEC mode.152 172. a. and VMPS VLAN Membership Policy Server Figure 13-6 Dynamic Port VLAN Membership Configuration Endstation (in VLAN 20) Internet IP Cisco IP phone (in VLAN 10) Catalyst 4500 (IOS) (VMPS client) Catalyst 4500 (CatOS)/ Catalyst 6500 (CatOS)/ URT (VMPS server) In the following procedure.26.26.

A VMPS database configuration file is an ASCII text file that is stored on a TFTP server accessible to the switch that functions as the VMPS server. VMPS Database Configuration File Example This example shows a sample VMPS database configuration file as it appears on a VMPS server. !vmps mode { open | secure } ! The default mode is open.Chapter 13 VLAN Membership Policy Server Configuring VLANs. vmps domain WBU vmps mode open vmps fallback default vmps no-domain-req deny ! ! !MAC Addresses ! vmps-mac-addrs Software Configuration Guide—Release 12. Set the VMPS reconfirmation period to 60 minutes. Switch 1 responds with the VLAN ID for port Fa2/1. !vmps domain <domain-name> ! The VMPS domain must be defined. If spanning-tree PortFast mode is enabled on Fa2/1. When End Station 2 sends a packet. port Fa2/1 connects immediately and begins forwarding. Return to privileged EXEC mode: switch(config-if)# exit switch# Step 3 Connect End Station 2 on port Fa2/1.2(44)SG 13-28 OL-15342-01 . The reconfirmation period is the number of minutes the switch waits before reconfirming the VLAN to MAC address assignments. VTP. and VMPS d. Assign the port dynamic VLAN membership: switch(config-if)# switchport access vlan dynamic e. switch# config terminal switch(config)# vmps reconfirm 60 Step 4 Step 5 Confirm the entry from privileged EXEC mode: switch# show vmps VQP Client Status: -------------------VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: Reconfirmation status --------------------VMPS Action: No Dynamic Port Step 6 Repeat Steps 1 and 2 to configure the VMPS server addresses. and assign dynamic ports on each VMPS client switch. Switch 2 sends a query to the primary VMPS server. !vmps fallback <vlan-name> !vmps no-domain-req { allow | deny } ! ! The default value is allow. Switch 1.

32 port Fa1/3 device 172.254.Chapter 13 Configuring VLANs.7654 vlan-name --NONE-address fedc.5678.4455 vlan-name hardware address 0000.4.254.254.20.223 all-ports ! !VLAN groups ! !vmps-vlan-group <group-name> ! vlan-name <vlan-name> ! vmps-vlan-group Engineering vlan-name hardware vlan-name software ! !VLAN port Policies ! !vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name> } ! { port-group <group-name> | device <device-id> port <port-name> } ! vmps-port-policies vlan-group Engineering port-group WiringCloset1 vmps-port-policies vlan-name Green device 198.1245 vlan-name Purple ! !Port Groups ! !vmps-port-group <group-name> ! device <device-id> { port <port-name> | all-ports } ! vmps-port-group WiringCloset1 device 198.254.6509.32 port Fa0/9 vmps-port-policies vlan-name Purple device 198.ba23.9abc vlan-name ExecStaff address fedc.30.222 port es5%Fa0/1 device 198.92.4.ba98.eeff vlan-name Green address 1223.a080 vlan-name hardware address aabb.30.2(44)SG OL-15342-01 13-29 .222 port es5%Fa0/2 device 198.141 port Fa1/4 vmps-port-group “Executive Row” device 198.4.22 port Fa0/10 port-group “Executive Row” Software Configuration Guide—Release 12. VTP.ccdd.2233.92.26.4. and VMPS VLAN Membership Policy Server ! ! address <addr> vlan-name <vlan_name> ! address 0012.

VTP. and VMPS Software Configuration Guide—Release 12.2(44)SG 13-30 OL-15342-01 .Chapter 13 VLAN Membership Policy Server Configuring VLANs.