[nsp] port security on 29xx switches

Kristofer Sigurdsson ks at rhi.hi.is
Wed May 19 11:04:50 EDT 2004


Gould, Aaron M (NRSW N61CR1W), Wed, May 19, 2004 at 07:28:34AM -0700 :
> it seems that vmps is rarely spoken of Kristofer.  i labbed/studied vmps and
> it seemed really cool in it's vlan assignment automation.

Yes, I'm pretty surprised it isn't used/discussed more.  Maybe because 802.1x
is the solution Cisco proposes in this field (correct me if I'm wrong?).

> 
> i even think that i remember it downing a port for security reasons if an
> unexpected mac address was to show up on it.  i did the vmps server on a
> cat5000 , and clients on 2924M-XL

Yes, but unfortunately that's only available as a global setting, the VMPS
server is either in "open" mode, in which it simply doesn't accept traffic
unless it's from authorized mac addresses, and then there's "secure mode", in
which it shuts the port down, and IIRC, a network administrator has to manually
open the port up again.

-- 
Kristófer Sigurðsson			Tel: +354 525 4103 / MSN: ks at rhi.hi.is
Netsérfræðingur/Network specialist	Reiknistofnun HÍ/University of Iceland


More information about the cisco-nsp mailing list