135
CAUTION:
If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X authentication and
guest VLAN, assign different VLAN IDs for the voice VLAN, the PVID of the connecting port, and the 802.1X
guest VLAN.
If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must configure the PVID of
the IP phone’s accessing port as the voice VLAN. As a result, you cannot implement 802.1X authentication.
NOTE:
The PVID of a port is VLAN 1 by default. You can change the PVID and assign a port to certain VLANs by using
commands. For more information, see the chapter ―VLAN configuration.‖
Use the display interface command to display the PVID of a port and the VLANs to which the port is assigned.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in the
following modes.
Normal mode: Voice VLAN-enabled ports receive packets that carry the voice VLAN tag, and
forward packets in the voice VLAN without comparing their source MAC addresses against the OUI
addresses configured for the device. If the PVID of the port is the voice VLAN and the port works in
manual VLAN assignment mode, the port forwards all received untagged packets in the voice
VLAN. In normal mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send
large quantities of forged voice packets to consume the voice VLAN bandwidth, affecting normal
voice communication.
Security mode: Only voice packets whose source MAC addresses match the recognizable OUI
addresses can pass through the voice VLAN-enabled inbound port, while all other packets are
dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, reducing the
consumption of system resources due to source MAC addresses checking.
TIP:
HP does not recommend that you transmit both voice traffic and non-voice traffic in a voice VLAN. If
you must transmit both voice traffic and nonvoice traffic, ensure that the voice VLAN security mode is
disabled.
Table 17 How a voice VLAN-enabled port processes packets in security and normal mode
If the source MAC address of a packet matches an OUI
address configured for the device, it is forwarded in the
voice VLAN. Otherwise, it is dropped.
Packets that carry the
voice VLAN tag
Packets that carry other
tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through.
The port does not determine the source MAC addresses of
inbound packets. In this way, both voice traffic and non-
voice traffic can be transmitted in the voice VLAN.
To Next Page
Loading...
Need help?
General
