Mastodon
sungate.co.uk

sungate.co.uk

Ramblings about stuff

Cisco switch, vLANs etc.

Our department has inherited a Cisco 4006 network switch:

This is a Proper Piece Of Computing Equipment. I say this because it is heavy, noisy and hot.

We will eventually have two of them in our new network setup when we move premises later in the year. This will be interesting for a number of reasons, mainly because this is not something that we’ve “got our hands dirty with” previously. One security measure that we are interested in introducing is the following:

  • Allow the switch to manage a number of virtual LANs on the private network;
  • Ensure that the switch allocates ‘known’ machines to one of a number of virtual LANs (e.g. called ‘desktops’, ‘laptops’, ‘servers’ etc,);
  • Ensure that the switch allocates ‘unknown’ machines to a different virtual LAN, called ‘unknown’.

It turns out that the latter two objectives can be done using something called VMPS (VLAN Membership Policy Server). In this setup, the switch retrieves a configuration file of MAC addresses (and vLAN assignments) from a TFTP server and then manages the vLANs as appropriate. This is incredibly useful.

In fact, I discovered this was possible only this afternoon, after chatting to Omahn about a related feature (Being more experienced with Cisco kit than me, I had asked him to explain something). I found the documentation on the Cisco web site. “That really is a killer feature”, I think he said. Certainly looks very useful.

Posted in Uncategorised on
7 Comments »

7 Responses to Cisco switch, vLANs etc.

  1. goes green with envy/jealousy. ;-(

    Permalink

  2. You mean you’d like this sort of setup at your place?

    Permalink

  3. yup – only got a stack of catalyst 35xxXL’s as the back bone…handy in the fact you can re-patch is one of them dies, but they can only act as a client for a VMPS.

    Permalink

  4. they can only act as a client for a VMPS

    Isn’t that all you need? Can you not make the VMPS server some other box which the switch accesses over TFTP??

    Permalink

  5. no – you need to talk the VMPS protocol I guess. So I still the “big iron” with the server on it. Unless there’s an O/S alternative……

    Permalink

  6. See http://www.cisco.com/warp/public/473/157.html for a little more info…

    VLANS and all that are ‘fun’, esp when you look at the underlying protocols etc

    Permalink

  7. Have you tried Linux-based VMPS? There’s an OpenVMPS (GPL) on SourceForge. If you have could or if you’re willing to look into it pls. give me feedback. thanks.

    Permalink

Comments are closed.