141
If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must configure the
default VLAN of the IP phone’s accessing port as the voice VLAN. As a result, 802.1X authentication
cannot be implemented.
The default VLAN of a port is VLAN 1. Change the default VLAN and assign a port to certain VLANs by
using commands. For more information, see the chapter “VLAN configuration.”
Use the display interface command to display the default VLAN of a port and the VLANs to which the
port is assigned.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in the
following modes.
• Normal mode: In this mode, voice VLAN-enabled ports receive packets carrying the voice VLAN tag
and forward packets in the voice VLAN without checking their source MAC addresses against the
OUI addresses configured for the device. If the default VLAN of the port is the voice VLAN and the
port works in manual VLAN assignment mode, the port forwards all received untagged packets in
the voice VLAN. In normal mode, the voice VLANs are vulnerable to traffic attacks. Vicious users
may forge a large amount of voice packets and send them to the device to consume the voice VLAN
bandwidth, affecting normal voice communication.
• Security mode: In this mode, only voice packets whose source MAC addresses match the
recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, while all
other packets are dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, reducing the
consumption of system resources due to source MAC addresses checking.
TIP:
HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If
you have to, ensure that the voice VLAN security mode is disabled.
Table 19 How a voice VLAN-enabled port processes packets in security/normal mode
Voice VLAN
mode
Packet type Packet processing mode
Untagged packets
Packets carrying the
voice VLAN tag
If the source MAC address of a packet matches an OUI
address configured for the device, it is forwarded in the
voice VLAN. Otherwise, it is dropped.
Security mode
Packets carrying other
tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through.
Untagged packets
Packets carrying the
voice VLAN tag
The port does not check the source MAC addresses of
inbound packets. In this way, both voice traffic and non-
voice traffic can be transmitted in the voice VLAN.
Normal mode
Packets carrying other
tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through.
To Next Page
Loading...
