cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
5
Replies

MAC address and VLAN assignement

cboland
Level 1
Level 1

Is there a way to control what VLAN a user is placed in based on their MAC address? There is VMPS but it requires a Catalyst 5000 as a VMPS server, but we don't have a Cat. 5000.

Thanks.

5 Replies 5

zhang-hao
Level 1
Level 1

As far as i know, Nortel 8600 series passport switches support mac_address based Vlans, i am not sure if Cisco have such switches.

milan.kulik
Level 10
Level 10

Hi,

AFAIK, you can use any Cisco CatOS switch (Cat4000,5000,6000) as a VMPS server.

See http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/8_2/confg/vmps.htm#35409

Regards,

Milan

greg.fuller
Level 5
Level 5

You can use another Catalyst box to run as a vmps server. But on a 6500 as we found out you can only run the vmps server with it running in hybrid mode. If your running straight IOS on it, you won't be able to do it. There are several solutions, I believe Cisco now has a seperate box which will run VMPS under an NT/2K platform (can't think of the name of this box off the top of my head). Or there are several opensource solutions that you can run on any linux/unix box. I've heard of some success with these:

http://sourceforge.net/projects/vmps/

http://sourceforge.net/projects/vmps-srv/

We have a custom built java app that runs on a solaris box that we register MAC's with. It will then create DHCP records (we hand out static IP's via DHCP), unix host files, DNS, reverse DNS, and vmps files. We push this info out every 15minutes and our 6500's redownload the vmps file via tftp and all switches are set to reconfirm every 15minutes. Works great except on our old 1900EN's (which the majority of our switches are). We found they don't always reconfirm like they are suppose to(you can't specify a reconfirm interval on them). We have a telnet script we wrote to telnet to all 1900EN's and reconfirm them manually every 30 to 45 minutes. --greg

This can also be accomplished on Cisco devices with 802.1x, but VMPS tends to be easier.

Can VMPS and 802.1x run in the same switch? I'm planning to implement 802.1x but there are some devices in the network that don't support it and they tend to move from time to time. I'm planning to use VMPS for them instead of static port security.

Thanks,

Fernando

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco