C3750+VMPS服务器+DHCP实现按MAC地址绑定动态分配VLAN和IP址址

C3750+VMPS服务器+DHCP实现按MAC地址绑定动态分
配VLAN和IP址址
C3750+VMPS服务器+DHCP实现按MAC地址绑定动态分配VLAN和IP址址
字体大小：大 | 中 | 小 2009-04-02 15:32 阅读(2876) 评论(0) 分类：它山之石
Openbox(葡萄藤)最近做了一个项目,也不大就3台2960和1台3750交换机,上网控制使用深信服的M5000-AC.
但是用户要求交换机要按MAC地址绑定动态分配VLAN,并且还要按MAC绑定实现IP地址,DNS,网关等自动分配.
找了一些资料看了一下,发现2960和1台3750交换机只能做VMPS客户端,要做动态VLAN功能,需要4000以上的交换机或者新推出的C3750E高端交换机才支持VMPS服务器端功能,否则需要另外架设第三方VMPS服务器.
目前在国内还没有找到有关用第三方软件架设VMPS服务器的,即使真有人做过,也肯定没有写个贴子放到网上来.呵呵,不知我这篇算不算第一贴呢,全当做教材啦.....如果以下资料真的对你有用,记得感谢我哦.
又到国外网站上找了一个Freenac软件所支持的VMPS服务器功能,下了一个做好了的VMWARE镜像文件1G多,下了一晚上终于下下来了,第二天在一台windows 2003上安装一个VMWARE 6.0,导入这个镜像文件.里面启动了一个UBUNTU LINUX系统.帮助太少了,配置挺复杂的,还要配置MYSQL,妈的也太麻烦啦吧..
搞了一天,配来配去还是不理想,功能还是实现不了.还是另谋出路吧.
又下载了一个OpenVMPS的开源软件,vmpsd-1.4.01.tar.gz 下
完后,上传到LINUX中.发现这个版本有些问题,当交换机端口快速拔插时，在交换机上启动ＤＥＢＵＧ发现，vqp信息一直出错，不能查询到正常的ＶＬＡＮ信息，端口也无法正确分配ＶＬＡＮ，并且循环在那vlan 0上发现，增加，删除等动作．于是换一个旧点的版本vmpsd-1.3.tar.tar之后，就没有这些问题．
在root权限下执行:tar -xzvf vmps-1.4.01.tar.gz 解压到当前目录下vmpsd目录中,cd vmpsd;并运行其中的./configure 文件;然后再make一下；再make install一下，就可以在/usr/local/bin目录中找到vmpsd文件,同时在解压目录vmpsd中也有一个vmpsd的可执行文件。

在vmpsd安装目录：/opt/vmpsd中运行./vmpsd -d -f vlan.db .可以看一下它的README文件,有一些说明和测试方法如: 可以执行./tools/vqpcli.pl -s localhost -v mydomain -w 10.0.0.1 -i 2/4 -m 0011.25D3.9970 进行测试
用ps -ef|grep vmpsd* 查看一下vmpsd进程是否运行了. 用man vmpsd查看一下帮助,可以知道-d -f参数的意思.
要终止该进程可以直接kill 掉.
要让LINUX自动执行,需要在/etc/rc.local 中加入./vmpsd -d -f vlan.db "注意执行的路径"
显示允许某个mac地址可以访问那个VLAN,在某台交换机上的某个端口上．
本机使用ＤＨＣＰ得到的ＩＰ地址信息：
其中vlan.db文件就是用于做MAC地址绑定,并动态分配VLAN 的脚本,README中有脚本范例,好像有一大堆参数,也没说明要你一个个的试..呵呵..其实根本就不要理那么多,用到动态分配VLAN的就几行.下面是我当前使用的脚本,仅作参考:
vmps domain XXX
vmps mode open
vmps fallback VLAN64
vmps no-domain-req allow
!有线网络
vmps-mac-addrs
!--------总经理----------
!Admin
[size=+0]address 0011.25D3.9970 vlan-name VLAN66 !与图片中的ＭＡＣ地址一致，测试使用
!Keepy
address 0006.1bde.0218 vlan-name VLAN66
!古总
address 0021.972d.9100 vlan-name VLAN66
!张总
address 0021.9729.db65 vlan-name VLAN66
!--------行政部----------
!行政人员
address 0021.9769.1669 vlan-name VLAN68
!--------财务部----------
!会记人员
address 0021.97ae.a8f5 vlan-name VLAN68
!出纳人员
address 0021.97ae.72e1 vlan-name VLAN68
!--------市场部----------
!xxx
address 0023.5425.baf3 vlan-name VLAN72
!xxx
address 0023.542a.a70c vlan-name VLAN72
!--------投资部----------
!xxx
address 0023.5430.6545 vlan-name VLAN74
!xxx
address 0023.5441.143a vlan-name VLAN74
!xxx
address 0023.542a.ab8b vlan-name VLAN74
!--------招商部----------
!xxx
!xxx
address 0023.5425.bae4 vlan-name VLAN76 !xxx
address 0023.5440.ded4 vlan-name VLAN76 !--------运营部----------
!xxx
address 0023.5430.0e19 vlan-name VLAN78 !xxx
address 0023.5430.0ddb vlan-name VLAN78 !xxx
address 0023.5430.3874 vlan-name VLAN78 !xxx
address 0023.540e.ec68 vlan-name VLAN78 !--------技术部----------
!xxx
address 001f.1612.eb4d vlan-name VLAN80 !xxx
address 001f.160f.6b75 vlan-name VLAN80 !xxx
address 001f.1615.a222 vlan-name VLAN80 !xxx
address 0024.211d.7c46 vlan-name VLAN80 !xxx
address 0024.211d.7c5d vlan-name VLAN80 !xxx
address 0024.211d.7c44 vlan-name VLAN80 !xxx
address 001f.d0d5.f9c2 vlan-name VLAN80 !xxx
!xxx
address 0024.211d.7c95 vlan-name VLAN80
c3750交换机上的配置：
vmps reconfirm 120
vmps retry 5
vmps server 172.18.16.20 primary
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet1/0/1
switchport access vlan 10
．．．．．．
!
interface Vlan64
ip address 172.18.64.1 255.255.255.0
ip helper-address 172.18.16.10
ip dhcp relay information trusted spanning-tree portfast
!
interface Vlan66
ip address 172.18.66.1 255.255.255.0
ip helper-address 172.18.16.10
ip dhcp relay information trusted
spanning-tree portfast
!
interface Vlan68
ip address 172.18.68.1 255.255.255.0
ip helper-address 172.18.16.10
ip dhcp relay information trusted
spanning-tree portfast
!
interface Vlan70
ip address 172.18.70.1 255.255.255.0
ip helper-address 172.18.16.10
ip dhcp relay information trusted
spanning-tree portfast
!
interface Vlan72
ip address 172.18.72.1 255.255.255.0
ip helper-address 172.18.16.10
ip dhcp relay information trusted
spanning-tree portfast
．．．．．
c2960交换机上的配置很简单:
vmps reconfirm 10
vmps retry 10
vmps server 172.18.16.20 primary 指定VMPS SERVER的地址
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan dynamic 将端口设定为动态
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan dynamic
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan dynamic
switchport mode access
spanning-tree portfast
DHCP服务器使用ＷＩＮＤＯＷＳ２００３带的，按部门分成多个域，再在每个部门按mac地址绑定要分配的IP
交换机上ＤＥＢＵＧ信息：
S1-1-24#debug vqpc all
S1-1-24#
05:47:56: VQPC EVENT: -pm_port_vqp_stop: port Fa0/8
05:47:56: VQPC EVENT: port Fa0/8, REMOVE dynamic access config
05:47:56: VQPC EVENT: deleting all addresses on vlan 0, port Fa0/8
05:47:56: VQPC EVENT: Deleted TCAM catch-all for port Fa0/8
05:47:56: VQPC EVENT: -set_hwidb_vlanid: port Fa0/8 to vlan 0, mac: NULL
05:47:56: VQPC EVENT: changing Fa0/8 to vlan 0
05:47:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down
05:47:58: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down
05:48:02: VQPC EVENT: -pm_port_vqp_start: port Fa0/8
05:48:04: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up
05:48:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to up
05:48:07: VQPC LEARN:
05:48:07: VQPC LEARN: -learning mac 0011.25d3.9970 on vlan 0, port Fa0/8
05:48:07: VQPC LEARN: adding mac 0011.25d3.9970 on vlan 0, port Fa0/8, type = 0x0021
05:48:07: VQPC: allocating transID 0x000006A1
05:48:07: VQPC PAK: xmt transaction ID = 0x000006A1
05:48:07: VQPC PAK: sending query to VMPS
05:48:07: VQPC PAK:
05:48:07: VQPC PAK: rcvd packet from VMPS
05:48:07: VQPC PAK: transaction ID = 0x000006A1
05:48:07: VQPC: rcvd response, transID = 0x000006A1
05:48:07: VQPC PAK: VLAN name TLV, vlanName = VLAN66 05:48:07: VQPC PAK: Cookie TLV, cookie = 0011.25d3.9970, length = 6
05:48:07: VQPC EVENT: -set_hwidb_vlanid: port Fa0/8 to vlan 66, mac: 0011.25d3.9970
05:48:07: VQPC EVENT: saving 0011.25d3.9970 from old vlan 0
05:48:07: VQPC EVENT: changing Fa0/8 to vlan 66
05:48:07: VQPC LEARN: adding mac 0011.25d3.9970 on vlan
66, port Fa0/8, type = 0x0001
05:48:07: VQPC LEARN: deleting mac 0011.25d3.9970 on vlan 0, port Fa0/8
05:48:07: VQPC LEARN: changing mac 0011.25d3.9970 on vlan 66, port Fa0/8 to FORWARDING。