VLAN Management Policy Server
Encyclopedia
A VLAN Management Policy Server or "VMPS" is a network switch
that contains a mapping of device information to VLAN.
The primary goal of VMPS is VLAN assignment for general network management purposes, but can also be used for providing security through segregating clients with an unknown MAC address
, or through further extension of the protocol to provide login for Cisco AClS. This last functionality is now deprecated by Cisco, in favour of 802.1x, and as the VMPS technology is Cisco only, the VLAN assignment can now be carried out in the 802.1x framework.
Client switches query the VMPS server using the VLAN Query Protocol, or VQP
. Only Cisco produces hardware with VMPS client functionality, and is currently fully supported across their IOS switching lines. Cisco officially only supports the use of Catalyst 4000, 5000 and 6500 switch platforms (with appropriate firmware) as VMPS servers, but these have limited functionality, and only support a static text file transferred into them with tftp.
, FreeNAC and Icarus VMPSd available and including additional management tools to help manage hundreds or thousands of clients and MAC addresses and their VMPS support.
FreeNAC is an OpenSource tool that includes OpenVMPS for communication with the switches, but also adds a database, automation, reporting and SNMP scanning to allow VMPS to be more easily used in larger environments.
Network switch
A network switch or switching hub is a computer networking device that connects network segments.The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer of the OSI model...
that contains a mapping of device information to VLAN.
The primary goal of VMPS is VLAN assignment for general network management purposes, but can also be used for providing security through segregating clients with an unknown MAC address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
, or through further extension of the protocol to provide login for Cisco AClS. This last functionality is now deprecated by Cisco, in favour of 802.1x, and as the VMPS technology is Cisco only, the VLAN assignment can now be carried out in the 802.1x framework.
Client switches query the VMPS server using the VLAN Query Protocol, or VQP
VQP
The VLAN Query Protocol was developed by Cisco and allows end-devices on LANs to be authenticated via their MAC address and an appropriate VLAN attributed to the port, using a VLAN Management Policy Server...
. Only Cisco produces hardware with VMPS client functionality, and is currently fully supported across their IOS switching lines. Cisco officially only supports the use of Catalyst 4000, 5000 and 6500 switch platforms (with appropriate firmware) as VMPS servers, but these have limited functionality, and only support a static text file transferred into them with tftp.
Third party servers
To enhance functionality, which can talk to SQL or use external programs to decide on network access for a given request. The first publicly available of these was OpenVMPS, by Dori Seliskar and others, with FreeRADIUSFreeRADIUS
FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use...
, FreeNAC and Icarus VMPSd available and including additional management tools to help manage hundreds or thousands of clients and MAC addresses and their VMPS support.
FreeNAC is an OpenSource tool that includes OpenVMPS for communication with the switches, but also adds a database, automation, reporting and SNMP scanning to allow VMPS to be more easily used in larger environments.