[c-nsp] VMPS

Adam KOSA adamk at sch.bme.hu
Tue May 10 04:35:18 EDT 2005


On Tue, 10 May 2005, Peter Hicks wrote:

> On an infrastructure level, is VMPS the 'right thing' to implement to
> prevent unauthorized machines on our network?  Or would upgrading the 3500s
> to 3550s and running 802.1x be an option?
>

Hi Peter

I've had a similar problem, when i started to use VMPS.  dot1x was not an
option, because i could not find free client software for linux, mac and
for palms.  I'm still searching though, because it would be a great thing
to use.

I'm also using a 6500 core switch as a vmps server, i trust in its
reliability more than a cheap PC.  The vmps clients are all 2950s, and
there is a catch: there must not be any switchports, used by two mac
addresses which belong to different vlans.  another catch: vmps-configured
ports can not be secured ports.  i have a perl script which telnets into
the 6500, and downloads the new vmps list via tftp.  this way i could
provide 'minimal services' for everybody even if the computer was not
allowed to use the internet (in a separate vlan).

regards
Adam

A: No.
Q: Should I include quotations after my reply?




More information about the cisco-nsp mailing list