VLAN Management Policy Server

From Wikipedia, the free encyclopedia

A VLAN Management Policy Server or "VMPS" is a network switch that contains a mapping of device information to VLAN.

VMPS' main goal is VLAN assignment, but can also be used for security (LAN access control) purposes. "Device Information" is the MAC address in the case of VMPS.

The VLAN Query Protocol (VQP) was written by Cisco and only Cisco switches behave as VMPS clients. The VMPS client is available in most if not all switches, going back to the mid nineties.

The original VMPS server ran on specific Cisco catalyst switches (The 1900-series and the 2950 cannot fill this role., but the 6500 can). However, it was rather restrictive; a text file uploaded by TFTP.

The VQP protocol was reverse engineered and a server developed that ran on Linux, called OpenVMPS, by Dori Seliskar. FreeRADIUS, OpenVMPS, FreeNAC and Icarus VMPSd are available as open-source alternatives to using Cisco equipment to fill the need of a VMPS server.

Since each device on the network has a MAC address, a list needs to be kept of hundreds or thousands of MACs, what systems these belong to, and what vlan is to be attributed. Managing large (or even huge) lists of MAC addresses becomes rapidly a challenge. VMPS management tools are therefore a necessity.

FreeRADIUS added VMPS support in Version 2.0 of the server. VMPS policies can be obtained from SQL, flat-text files, Perl scripts, or any other source.

FreeNAC is an OpenSource tool that includes OpenVMPS for communication with the switches, but also adds a database, automation, reporting and SNMP scanning to allow VMPS to be more easily used in larger environments.

[edit] External links

• Cisco document on VMPS
• OpenVMPS on Sourceforge
• Icarus VMPSd on Sourceforge
• FreeNAC on Sourceforge
• FreeRADIUS Download page
• FreeNAC website (community & commercial editions)
• NetSheperd; commercial VLAN administration suite