RE: [OpenVMPS-devel] Changing VLANs while the host is connected
Brought to you by:
dori_seliskar
Menu
▾
▴
RE: [OpenVMPS-devel] Changing VLANs while the host is connected
|
From: Sean B. <se...@bo...> - 2005-11-03 15:01:32
|
I've done more thinking, I think I'll write a PHP external plugin for the authorisation. The plugin would work as follows (aside from the used mac to vlan lookup): - receive a request for Mac XX on Port XX - Check DB to see if any other hosts are already authorised in the lat ZZ minutes on that port (i.e. there is a hub) - If yes, attribute the valn used by other hosts on the port, if it in an allowed pool - otherwise attribute the default vlan.. Sean > -----Original Message----- > From: vmp...@li... > [mailto:vmp...@li...] On Behalf Of > Matthew Wilson > Sent: jeudi, 3. novembre 2005 15:46 > To: vmp...@li... > Subject: Re: [OpenVMPS-devel] Changing VLANs while the host > is connected > > We have the same problem. If a vlan is changed, the host > would need to > get a new ip before the host could communicate again. We minimalize > impact by reducing our dhcp lease times to a minimum. The > reason this > feature is important to us, is we use a vlan to quarantine virus > infected pcs. So if they are caught at our firewall sending > malicious > packets, then they are immediately quarantined in a vlan and the > malicious traffic immediately stops. > > However, shutting down the port via snmp would also help solve our IP > lease problem. If the port is shutdown for a few seconds and turned > back on, wouldn't that force the PC renew it's dhcp lease? At least > Windows XP would work this way, correct? This could help us > avoid the > time between when the vlan changes and when the ip address is renewed > (or pc is restarted). > > Also, in 1.3, after the vlan has changed in the config, vmps > sends the > DENY message, the switch stops sending a vqp request for that > port. So > after the DENY message, I see the same thing you do, Sean.... > > Thanks! > Matthew > > Sean Boran wrote: |
