Server overview

Posted June 28th, 2007 by sean

Overview

VMPS components

vmpsd_external

This is an "external" program called by the original OpenVMPS daemon "vmpsd". This program decides what to do, in real time, when access is requested by a switch for a MAC address. Since it operates in 'real time', performance is important; so some jobs such as documenting what was last seen, where, or recognising PCs from external databases, is done in the vmps_lastseen script (which is asynchronous).

  • If the MAC is active in the DB authorise it, and,
  • Port check: If the MAC is active on a port where another system has been active within the last hour, try to use the Vlan last seen on the port, not the normal Vlan assigned to this system.
    This is to detect hubs and prevent 'flapping'. This feature is only allowed if the Vlan on the port and assigned to the MAC are in the same Vlan group (otherwise the new MAC is denied).
  • Otherwise, if the MAC is unknown
    • check to see if a 'port default vlan' has been configured for that port and use it
    • else use the default vlan (which might be simply '0' meaning DENY)
    • and, do a ?port check? as noted above (check for active port/hub & vlan group).
  • Log decisions to syslog, and key events to DB (visible in the GUI).

postconnect (vmps_lastseen v2.x)

Parse the syslog logs for 'vmpsd' entries and implement the postconnect policy, for example:

  • Update the 'last seen' fields for the relevant Mac, if the system is known
  • Or add a new entry with status 'inactive', if none yet exists in the systems table
  • And add new switches to the switch table and new ports to the port table.
  • And if the MAC found is registered in a Microsoft-SMS system (enterprise feature only), it is automatically added to a pre-defined vlan, a 'port check' done, authorised and the port restarted.

Performance measurement

A way to test performance, is to use vqpcli.pl to sent man requests.

set $count to 200 in ./vqpcli.pl

The adapt the IP addresses, VTP domain, and port name in the following example:

./vqpcli.pl -s 192.168.245.40 -v ctcs -w 192.168.245.71 -i '2/22' -m '0000.0000.9999' -c sec230

 

‹ FreeNAC componentsupcron_restart_port.php ›
Syndicate content