Specifications

ManualsBrandsMitel ManualsTelephone5560 IPT none

261

262

263

264

265

266

267

268

269

270

Engineering Guidelines

254

messaging compatibility with CDP overcomes this limitation. Thus, an IP phone that is

compatible with the Auxiliary_VLAN setting in CDP can be used with another attached device,

such as a PC. An IP phone that cannot determine the Auxiliary_VLAN setting will be treated

as a single end device, and require an entry in the VMPS database.

When the VMPS (Server) is enabled, a MAC address to VLAN mapping database is downloaded

from a TFTP server and VMPS begins to accept client (access switch) requests. When a valid

request from a client is received, the VMPS searches through the database for a MAC address

to VLAN mapping. The VMPS will then instruct the client how to configure the port for access

and also which VLAN to enable.

Access can be restricted to certain ports, and it can be denied for certain MAC addresses (e.g.

a known attacker). In either of these cases, the ports can also be configured to simply deny

access, or they can be physically shut down. Re-enabling a shutdown port, no shutdown,

requires configuration access to the network switch of the affected port, for example, via the

serial interface or Telnet.

A fallback VLAN can also be defined for devices that are unknown, but that may be granted

limited access, for example, to a guest VLAN. Access to the remainder of the network will then

be controlled through the VLAN router. An example may be a hotel room with Internet access

where unknown guest devices will connect to the network.

Some other rules that apply to configuration of VMPS include:

• A dynamic port can belong to only one VLAN (that is, one device per port, or common

group of devices per port. Note: The number of attached devices differs by switch product.

• The VMPS must be configured before the access ports are enabled as dynamic.

• When a port is configured as dynamic, spanning-tree Portfast is enabled automatically for

that port. Automatic enabling of spanning tree Portfast prevents applications on the host

from timing out and entering loops caused by incorrect configurations. You can disable

spanning-tree PortFast mode on a dynamic port, but it is not recommended.

• If a port is reconfigured from a static port to a dynamic port on the same VLAN, the port

connects immediately to that VLAN. However, VMPS checks the legality of the specific host

on the dynamic port after a certain period, and may disconnect if it is not valid.

Table 79: VLAN Membership Policy Server (VMPS)

Recognized

Device

Allowed Access

Fallback VLAN

Defined

Secure Settings Action

Yes Yes

N/A N/A Send dynamic VLAN

Unknown Unknown

Yes N/A Fallback VLAN (guest)

No vmps mode open Access denied

No vmps mode secure Port shutdown

Yes No N/A vmps mode open Access denied

N/A vmps mode secure Port shutdown