Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VMPS as a port security

Has anyone implemented and/or has any problems running VMPS protocol as a means of port authentication? I am asking this because I have implemented it on my network and having some problems, for which I don't have any explaination, except that I am running VMPS to authenticate the ports. I did not, however, found any real world case studies on VMPS.

Any inputs appreciated.

Thanks,

5 REPLIES
Cisco Employee

Re: VMPS as a port security

I have seen many customers implement it. The following troubleshooting page should help as well

http://www.cisco.com/warp/public/473/157.html

What exact issues are you facing and on what products?

Bronze

Re: VMPS as a port security

I've done it on a 6509 with success, though there do seem to be some bugs depending on what software version you're using. There are some gotcha's that you can run into though that aren't necessarily intuitive if you've never dealt with dynamic VLANs before. As stated, some detailed information about the problems you're having will help us try and diagnose it.

New Member

Re: VMPS as a port security

Well, I have crossconect at the brand new building that is loosing connections every now and then. The reason I was suspecting possibility of VMPS is that I've heard from some engineers that they have had problems with it. This is the problem.

Several stations on different VLANs (There are PIXes between VLANS) and loosing connections if nobody is actively using the station. If there is no activity for about 15-30 minutes, packets don't get anywhere. Physical link is up on the station and on the switch. Everything seems to be OK, VLANs, local ARP, but packets would not get anywhere. Only solution is to disable/renable the Windows NIC, or to unplug/replug the cable from the wall. Dropped connections are random. However, if I leave ping -t constantly, connection stays up with no problems.

I changed the timeout of VMPS, so VLANs stay assigned. I even replaced the switch, but no help. Several different stations on different VLANs behind different firewalls. I even removed the firewall, not help. Only common thing is that they all are terminated at the same side of the building.

Bronze

Re: VMPS as a port security

Hard to say if VMPS is the culprit here. You say that the ports aren't losing their VLAN assignment (verifiable via a "show port x/x" assuming you're using CatOS) when the outages occur? Just about all the connectivity issues I've run into with VMPS involved a given port not being assigned to any VLANs for various reasons.

What switch are you using, and what software version? Are you using VMPS elsewhere without these problems or is it only in use on this side of the new building? What VMPS timeout did you change? I'm not aware of VMPS timers that are configurable -- my experience has been that a switch port, once dynamically assigned to a VLAN, remains in that VLAN until the port goes down.

It may help in the interim to turn up the logging levels of the "vmps" and "dvlan" facilities to 7 and see if anything useful is logged.

New Member

Re: VMPS as a port security

i have exactly the same problem for 2 years in a french university using vmps. the network is build with Catalyst 4500-S3, 2950G, & 2 URT servers.

It seems that's the server is not the cause of the problem, because we tried with URT 2.1, upgrading 2.5, and now a linux GPL vmps server without changing the problem.

i'm very interresting if you found a workaround !

125
Views
0
Helpful
5
Replies
CreatePlease to create content