RE: [OpenVMPS-devel] Changing VLANs while the host is connected
Brought to you by:
dori_seliskar
From: Sean B. <se...@bo...> - 2005-11-03 08:41:28
|
I've a PHP script that shutdown/starts the Switch port via SNMP. Is that what you mean? I've a major problem with hubs though, individualt ports work OK. Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > David Smith > Sent: jeudi, 3. novembre 2005 09:26 > To: vmp...@li... > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > is connected > > How do you deal with a changed vLan? In our system, when we > change a vLan, > we also need the client to get a new IP address to continue > operation. Doing > a reboot is sufficient for us, how do you tell the switch to > recheck it's > ports? > > Dave > System Administrator > m/v Africa Mercy > Mercy Ships > tel: 0191 483 8413 ex 108 > fax: 0870 460 0764 > > > > -----Original Message----- > > From: vmp...@li... > > [mailto:vmp...@li...] On Behalf Of > > Sean Boran > > Sent: 03 November 2005 07:34 > > To: vmp...@li... > > Subject: RE: [OpenVMPS-devel] Changing VLANs while the host > > is connected > > > > > > Hi, > > > > I use 1.3 too, but I found that I often have to restart ports > > to get them to > > change Vlan. But for me the problem was the switch not sending a VQP > > request, as opposed to vmpsd giving the wrong answer. > > > > Sean > > > > > -----Original Message----- > > > From: vmp...@li... > > > [mailto:vmp...@li...] On Behalf Of > > > Matthew Wilson > > > Sent: mercredi, 2. novembre 2005 20:46 > > > To: vmp...@li... > > > Subject: [OpenVMPS-devel] Changing VLANs while the host > is connected > > > > > > Hello! First off, thanks so much to the writers of OpenVMPS, > > > we've been > > > able to do wonderful things with it for the past couple > > years (~2,000 > > > clients). > > > > > > We use OpenVMPS to help us quarentine virus infected hosts. > > > Problem is, > > > when we find an infected host, change the vlan in the config and > > > reconfirm the switch while the PC is still connected, the > > > vmps sends a > > > DENY message. However, if I disconnected the host from the > > > switch, and > > > reconnect, it gets the appropriate vlan. This behavior > > only became a > > > problem when we upgraded from 1.0 to 1.3. In 1.0, the vmps > > > would send > > > an ALLOW message along with the correct new vlan. > > > > > > Here is my config: > > > ================================== > > > vmps domain ungoliant > > > vmps mode open > > > vmps fallback default > > > vmps no-domain-req deny > > > vmps-mac-addrs > > > address 00d0.b7b3.6516 vlan-name VLAN0103 > > > > > > Here is the log in v1.3: > > > ================================== > > > VQP Request > > > Unknown: 1 > > > Request Type: 3 > > > Response: 0 > > > No. Data Items: 6 > > > Sequence No.: 48 > > > Client IP address: 10.2.1.54 > > > Port name: Fa0/10 > > > Vlan name: VLAN0102 > > > Domain name: Ungoliant > > > MAC address: 00d0b7b36516 > > > DENY: 00d0b7b36516 -> (null), switch 10.2.1.54 port Fa0/10 > > > > > > And now the log (using the same config) using v1.0: > > > ================================== > > > VQP Request > > > Unknown: 1 > > > Request Type: 3 > > > Response: 0 > > > No. Data Items: 6 > > > Sequence No.: 40 > > > Client IP address: 10.2.1.54 > > > Port name: Fa0/10 > > > Vlan name: VLAN0102 > > > Domain name: Ungoliant > > > Vlan name: VLAN0102 > > > MAC address: 00d0b7b36516 > > > ALLOW: 00d0b7b36516 -> VLAN0103, switch 10.2.1.54 port Fa0/10 > > > > > > > > > Is this the expected result? I think it's reasonable > > > that a VLAN could change while a PC is still connected > > > to the port. Is this configurable? > > > > > > Thanks for any help you can give! > > > Matthew > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: > > > Tame your development challenges with Apache's Geronimo App > > > Server. Download > > > it for free - -and be entered to win a 42" plasma tv or > > your very own > > > Sony(tm)PSP. Click here to play: > > http://sourceforge.net/geronimo.php > > > _______________________________________________ > > > Vmps-devel mailing list > > > Vmp...@li... > > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App > > Server. Download > > it for free - -and be entered to win a 42" plasma tv or > your very own > > Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > > _______________________________________________ > > Vmps-devel mailing list > > Vmp...@li... > > https://lists.sourceforge.net/lists/listinfo/vmps-devel > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App > Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Vmps-devel mailing list > Vmp...@li... > https://lists.sourceforge.net/lists/listinfo/vmps-devel > |