LAN Access Control Overview
The basic principal behind MAC-mode access control is quite simple.
What is VMPS?
“With VMPS (Dynamic Port VLAN Membership with VLAN Management Policy Server), you can assign switch ports to VLANs dynamically, based on the source Media Access Control (MAC) address of the device connected to the port. When you move a host from a port on one switch in the network to a port on another switch in the network, the switch assigns the new port to the proper VLAN for that host dynamically.
.. VMPS opens a User Datagram Protocol (UDP) socket to communicate and listen to client requests. When the VMPS server receives a valid request from a client, it searches its database for a MAC address-to-VLAN mapping.
..If the VLAN is allowed on the port, the VLAN name is returned to the client. If the VLAN is not allowed on the port and VMPS is not in secure mode, the host receives an "access denied" response. If VMPS is in secure mode, the port is shut down.”
OpenVMPS is a GPL implementation of VMPS, that is easier to use than Cisco’s (see http://vmps.sourceforge.net). FreeNAC uses OpenVMPS with some small logging modifications, and by using the "external" interface to provide custom logic.
Note the original sources to OpenVMPS are provided in the 'contrib' directory of FreeNAC.
How does VMPS work in FreeNAC?
In the case of FreeNAC, vmps works as follows:
Going into more detail, the sequence of events in VMPS-mode is as follows.