RE: [OpenVMPS-devel] Changing VLANs while the host is connected
Brought to you by:
dori_seliskar
Menu
▾
▴
RE: [OpenVMPS-devel] Changing VLANs while the host is connected
|
From: Sean B. <se...@bo...> - 2005-11-03 08:06:54
|
Hi, I use 1.3 too, but I found that I often have to restart ports to get them to change Vlan. But for me the problem was the switch not sending a VQP request, as opposed to vmpsd giving the wrong answer. Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > Matthew Wilson > Sent: mercredi, 2. novembre 2005 20:46 > To: vmp...@li... > Subject: [OpenVMPS-devel] Changing VLANs while the host is connected > > Hello! First off, thanks so much to the writers of OpenVMPS, > we've been > able to do wonderful things with it for the past couple years (~2,000 > clients). > > We use OpenVMPS to help us quarentine virus infected hosts. > Problem is, > when we find an infected host, change the vlan in the config and > reconfirm the switch while the PC is still connected, the > vmps sends a > DENY message. However, if I disconnected the host from the > switch, and > reconnect, it gets the appropriate vlan. This behavior only became a > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps > would send > an ALLOW message along with the correct new vlan. > > Here is my config: > ================================== > vmps domain ungoliant > vmps mode open > vmps fallback default > vmps no-domain-req deny > vmps-mac-addrs > address 00d0.b7b3.6516 vlan-name VLAN0103 > > Here is the log in v1.3: > ================================== > VQP Request > Unknown: 1 > Request Type: 3 > Response: 0 > No. Data Items: 6 > Sequence No.: 48 > Client IP address: 10.2.1.54 > Port name: Fa0/10 > Vlan name: VLAN0102 > Domain name: Ungoliant > MAC address: 00d0b7b36516 > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > > And now the log (using the same config) using v1.0: > ================================== > VQP Request > Unknown: 1 > Request Type: 3 > Response: 0 > No. Data Items: 6 > Sequence No.: 40 > Client IP address: 10.2.1.54 > Port name: Fa0/10 > Vlan name: VLAN0102 > Domain name: Ungoliant > Vlan name: VLAN0102 > MAC address: 00d0b7b36516 > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > > > Is this the expected result? I think it's reasonable > that a VLAN could change while a PC is still connected > to the port. Is this configurable? > > Thanks for any help you can give! > Matthew > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |