- VQP
The VLAN Query Protocol (VQP) was developed by Cisco and allows end-devices on
LAN s to be authenticated via theirMAC address and an appropriateVLAN attributed to the port, using a VLAN Management Policy Server. As VQP is a cisco-only protocol, many other vendors (including Cisco) now support VLAN assignment through802.1x responses, with authentication using simple MAC Auth.Upon physically connecting a device to a port of a switch configured as a VMPS client, the switch begins listening for packets, and encapsulates and rebroadcasts the first packet received into a VQP packet, which is sent to one of up to two configured VMPS servers on port udp/1589. The VMPS server will give one of 4 responses (Allow, Deny, Shutdown, Wrong_Domain) and the switch will either assign the port to the appropriate VLAN, put the port back into the pre-confirmation state, shut down the port until the device or another one is physically reconnected, or log an error indicating that it is incorrectly configured. The latter result is often due to Cisco documentation failing to mention that the domain name in the VMPS configuration file must match the
VTP domain name.If reconfirmation of VLAN assignment is required, it is done in the same manner as initial confirmation, with the exception of including the currently assigned VLAN for the port in the VQP packet. Reconfirmation is done periodically based on configuration directives of the client switches, or can be forced with a switch command line directive.
The VQP Protocol has no checksums, encryption or authentication of either the client or the switch messages. The protocol also does not include scope to send a message to the server informing that a device has been disconnected.
External links
* [http://www.filewatcher.com/n/vqpcli.pl.4941.0.0.html Perl VQP Client]
Wikimedia Foundation. 2010.
