Bn s tm hiu k hn v Dynamic VLAN khi hc v mn Switching (CCNP)

Dynamic VLAN
Reference:
Chapter 4 - Academy Semester 7
Cisco CD Documentation
http://www.cisco.com/univercd/cc/td/...g/mascvmps.htm
Static VLAN (port-based VLAN) l loi VLAN thng gp nht, trong cc port trn
switch c gn trc tip v c nh vo VLAN.
Dynamic VLAN l loi VLAN m trong cc thnh vin ca VLAN c xc nh
bng MAC address ca thit b gn vo switch. Qu trnh ny da vo bng a ch
MAC address to VLAN lu trong VMPS database. Khi i host sang switch khc,
switch s thc hin ch nh VLAN cho host .
- Mi dynamic port ch thuc 1 VLAN. Traffic s khng lu thng qua port ny cho
n khi VMPS server ch nh VLAN cho port ny.
-Khi kch hot VMPS, VMPS database t TFTP server s download vo VMPS server
trn switch(nu reset VMPS server th s thc hin download li t TFTP).
- Khi host c gn vo dynamic port, VMPS client s nhn c source MAC
address. Sau , VMPS client s tin hnh kim tra MAC ny bng cch gi VQP
request n VMPS server, VMPS server s gi v VLAN number cho VMPS client.
VMPS Client s cu hnh port vo ng VLAN da trn nhng thng tin nhn t VMPS
Server.
Lu :
- Nhiu host c th hot ng trn cng 1 dynamic port khi chng cng chung VLAN.
Ti a l 20 host (i vi 29xx XL) v 50 host (Catalyst 5xxx), dynamic port s b
shutdown => Cn thc hin lnh no shut reenable a shutdown dynamic port.
- Cn cu hnh VMPS trc khi cu hnh dynamic port.
- VMPS server v VMPS client phi cng chung management VLAN.
- Khi cu hnh dynamic port s t ng kch hot spanning-tree PortFast(PortFast l 1
tnh nng ca STP cho php port gi frame ngay khi physical link active), do ch
disable portfast mode khi cn thit.
- Static secure port khng th lm dynamic port => cn turn off security trn static
secure port trc khi cu hnh dynamic.
- Trunk port khng th lm dynamic port => cn turn off trunking trn trunk port
trc khi cu hnh dynamic.
Cc bc cu hnh VMPS v dynamic port
Bc 1: To VMPS database(text file) & lu trn TFTP server
- nh ngha VMPS domain
- nh ngha security mode (default mode = open mode, VMPS operate both)
- nh ngha MAC-to-VLAN mapping

- nh ngha port group

- nh ngha VLAN group
- nh ngha VLAN port policy
vmps domain WBU
!
vmps mode open
!
vmps-mac-addrs
!
address 0012.2233.4455 vlan-name hardware
address 0000.6509.a080 vlan-name hardware
address aabb.ccdd.eeff vlan-name Green
address 1223.5678.9abc vlan-name ExecStaff
address fedc.ba98.7654 vlan-name --NONE-address fedc.ba23.1245 vlan-name Purple
!Port groups
vmps-port-group WiringCloset1
device 192.168.1.1 port Fa1/3
device 172.16.1.1 port Fa1/4
vmps-port-group "Executive Row"
device 192.168.2.2 port es5%Fa0/1
device 192.168.2.2 port es5%Fa0/2
device 192.168.2.3 all-ports
!VLAN groups
vmps-vlan-group Engineering
vlan-name hardware
vlan-name software
!VLAN port Policies
vmps-port-policies vlan-group Engineering
port-group WiringCloset1
vmps-port-policies vlan-name Green
device 192.168.1.1 port Fa0/9
vmps-port-policies vlan-name Purple
device 192.168.2.2 port Fa0/10
port-group "Executive Row"
Bc 2: Cu hnh VMPS Server
VMPS Server ch chy trn 2926G series v Catalyst 5000 (more?) => Tp lnh
set-based.
1- Ch nh cch thc download VMPS database(set vmps tftpserver ip-address
[filename])
Console> (enable) set vmps tftpserver 172.16.254.222 vmps_config.db
Console> (enable)
2- Enable VMPS
Console> (enable) set vmps state enable
Vlan Membership Policy Server enable is in progress.
Console> (enable)

Sau khi thc hin lnh ny file vmps_config.db s download xung Switch, switch tr
thnh VMPS server. Khi mun update thng tin, c th thc hin lnh download
vmps (dng troubleshoot)
3- Ch nh Primary/Secondary VMPS
Console> (enable) set vmps server
Console> (enable) set vmps server
Console> (enable) set vmps server

server
172.20.26.150 primary
172.20.26.152
172.20.26.159

4. Kim tra VMPS server address

Console> (enable) show vmps server

Bc 3: Cu hnh VMPS Client

Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan dynamic
Switch(config-if)# end
Switch# show interface fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative mode: dynamic access
Operational Mode: dynamic access
Administrative Trunking Encapsulation: isl
Operational Trunking Encapsulation: isl
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 ((Inactive))
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: NONE
Pruning VLANs Enabled: NONE
Bc 4 optional) Cu hnh Retry, Reconfirm Interval
The default reconfirm interval is 60 minutes. The default number of retries on a VQP
query are 3
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# vmps reconfirm 60
Switch(config)# vmps retry 10
Switch(config)# end
Switch# show vmps
VQP Client Status:
-------------------VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 10
VMPS domain server: 172.20.130.50 (primary, current)
Reconfirmation status

--------------------VMPS Action: No Host

m bo cc dynamic port nhn c VLAN Membership ta thc hin lnh VMPS
reconfim
Switch# vmps reconfirm
Switch# show vmps
VQP Client Status:
-------------------VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 10
VMPS domain server: 172.20.130.50 (primary, current)
Reconfirmation status
--------------------VMPS Action: Success
Cheers!