VQP
Encyclopedia
The VLAN Query Protocol was developed by Cisco and allows end-devices on LAN
s to be authenticated via their MAC address
and an appropriate VLAN attributed to the port, using a VLAN Management Policy Server
. As VQP is a cisco-only protocol, many other vendors (including Cisco) now support VLAN assignment through 802.1x responses, with authentication using simple MAC Auth.
Upon physically connecting a device to a port of a switch configured as a VMPS client, the switch begins listening for packets, and encapsulates and rebroadcasts the first packet received into a VQP packet, which is sent to one of up to two configured VMPS servers on port udp/1589. The VMPS server will give one of 4 responses (Allow, Deny, Shutdown, Wrong_Domain) and the switch will either assign the port to the appropriate VLAN, put the port back into the pre-confirmation state, shut down the port until the device or another one is physically reconnected, or log an error indicating that it is incorrectly configured. The latter result is often due to Cisco documentation failing to mention that the domain name in the VMPS configuration file must match the VTP
domain name.
If reconfirmation of VLAN assignment is required, it is done in the same manner as initial confirmation, with the exception of including the currently assigned VLAN for the port in the VQP packet. Reconfirmation is done periodically based on configuration directives of the client switches, or can be forced with a switch command line directive.
The VQP Protocol has no checksums, encryption or authentication of either the client or the switch messages. The protocol also does not include scope to send a message to the server informing that a device has been disconnected.
Län
Län and lääni refer to the administrative divisions used in Sweden and previously in Finland. The provinces of Finland were abolished on January 1, 2010....
s to be authenticated via their MAC address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
and an appropriate VLAN attributed to the port, using a VLAN Management Policy Server
VLAN Management Policy Server
A VLAN Management Policy Server or "VMPS" is a network switch that contains a mapping of device information to VLAN.The primary goal of VMPS is VLAN assignment for general network management purposes, but can also be used for providing security through segregating clients with an unknown MAC...
. As VQP is a cisco-only protocol, many other vendors (including Cisco) now support VLAN assignment through 802.1x responses, with authentication using simple MAC Auth.
Upon physically connecting a device to a port of a switch configured as a VMPS client, the switch begins listening for packets, and encapsulates and rebroadcasts the first packet received into a VQP packet, which is sent to one of up to two configured VMPS servers on port udp/1589. The VMPS server will give one of 4 responses (Allow, Deny, Shutdown, Wrong_Domain) and the switch will either assign the port to the appropriate VLAN, put the port back into the pre-confirmation state, shut down the port until the device or another one is physically reconnected, or log an error indicating that it is incorrectly configured. The latter result is often due to Cisco documentation failing to mention that the domain name in the VMPS configuration file must match the VTP
VTP
VLAN Trunking Protocol is a Cisco proprietary protocol that propagates the definition of Virtual Local Area Networks on the whole local area network. To do this, VTP carries VLAN information to all the switches in a VTP domain. VTP advertisements can be sent over ISL, 802.1q, IEEE 802.10 and...
domain name.
If reconfirmation of VLAN assignment is required, it is done in the same manner as initial confirmation, with the exception of including the currently assigned VLAN for the port in the VQP packet. Reconfirmation is done periodically based on configuration directives of the client switches, or can be forced with a switch command line directive.
The VQP Protocol has no checksums, encryption or authentication of either the client or the switch messages. The protocol also does not include scope to send a message to the server informing that a device has been disconnected.