Re: How to configure a VLAN based on network address,NOT port an

satagraha · ‎02-21-2003

How to configure a VLAN based on network address,NOT port and MAC-based ?

lgijssel · ‎02-21-2003

You are asking for an application of vlans that is not in line with the vlan concept. virtual lans are situated on layer2, so is a systems mac-adress. In general there is a relation between mac and port once everything is plugged in. There is however no direct relation between a mac-adress and a layer3 adress. Hence it is not logical to set this up, you either use port or mac-based vlans. The vlans correspond with a layer3 adressing scheme and adress assigment is preferrably done automatically througf DHCP.

If can be slightly more specific about what you want to achieve, we might be able to provide an alternate solution.

Regards,

leo

satagraha · ‎02-23-2003

I understood what you said

I read the book,DCN(ISBN:1-57870-171-6) , Birkner, ciscopress

I was cofused about the vlan configuration after reading that book

Page 69, CH.4 :Campus LAN Technology, vlan

" The assignment of VLAN membership is done in the switch and can be

based on physical port association, MAC address, network address, or

other packet characteristics. "

I tried to find any sourse for configuration a vlan based on network address

at cisco homepage ,wwww.cisco.com ,

but I couldn't find anything about that

What's wrong ?

donewald · ‎02-23-2003

Possibly you're referring to VMPS which will dynamically assign ports to VLANS based on MAC address.

Here's a link for this:

http://www.cisco.com/en/US/partner/products/hw/switches/ps679/products_configuration_guide_chapter09186a00800d9e23.html

If not VMPS, since you seemed to not want MAC based you might try this..

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2136/products_installation_guide_chapter09186a008008781f.html

Here's a link for 3500 series switches setup for dynamic VLANS.

http://www.cisco.com/en/US/partner/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f03c.html

Hope this helps,

Don

satagraha · ‎02-24-2003

When is it possible to use 6500 series switches with VMPS Server on Native IOS ?

donewald · ‎02-24-2003

Catalyst 6000 family switches support VMPS client only. You must have a Catalyst 5000 family switch as the VMPS server to configure dynamic port VLAN membership. VMPS server configuration is included in this chapter as a convenience; all VMPS server configuration must be performed on the Catalyst 5000 family switch.

Check this link for more information if you are interested:

http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_configuration_guide_chapter09186a008007f2ec.html

Hope this explains,

Don

t.baranski · ‎02-24-2003

I'm using a 6509 as a VMPS server just fine. I believe all the 2000/3000/4000 series switches are client-only, but the 6500 series switches can act as a VMPS server.

raarons · ‎02-21-2003

You mean something like the protocol-based and network-based vlans on 3Com Corebuilder devices? Not possible on Cisco, I'm afraid. Probably just as well, too, since it's pretty flakey on the 3Coms.

dwallwork · ‎02-22-2003

Actually, I think it might be possible on Cisco systems using Cisco's User Registration Tool (URT). We looked into it very briefly but never implemented it. It is certainly, to my knowledge, not possible to do anything like this natively in the Cisco switching implementation.

If I recall correctly (not having implemented it) the basic premise was that users upon connecting to the network would be challenged and authenticated. Then they would have their port reconfigured thereafter by the URT servers for membership in a specific VLAN - consider it dynamic user VLAN assignment. I cannot recall all the options around how the VLANs were assigned and on what basis. Check the site for details.

raarons · ‎02-24-2003

I know what you're suggesting may seem possible, but in reality, the one thing that URT is not going to permit is the selection of VLAN according to the configured network address on the client. All it can do is set the network address according to the configured VLAN.

The way URT works is essentially to allow the station to log into a network operating system (NT, NDS, etc) first on some separate login vlan using a temporary IP address from the login vlan DHCP server, then put the switch port into an appropriate vlan for the logged-in station using VMPS. The station's client software is instructed to release its IP address on the login vlan and request a new one appropriate to the logged-in vlan.

This is the reverse of what the OP asked, although it may be what he needs. You can set the IP address according to the assigned VLAN, but not vice versa. There is no way to get a vlan to work according to pre-configured network address on the client. This was what I read into the original question.

As an aside, I assume we're talking IP here. URT is only compatible with IP, although the marketing documentation says it works with other protocols as long as IP is configured as well. I have queried this with Cisco in the past and they have confirmed that it doesn't work with IPX, which a customer had a specific need for. This is because the client configures itself with its network address when the stack initialises, and there is no mechanism to re-negotiate it thereafter, either within any standard IPX stack or with the Cisco URT shim.

Does anyone know of any non-IP protocol that URT does work with?