EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
334 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
196
If an IP phone sends out tagged voice traffic, and its access port is configured with 802.1X
authentication, guest VLAN, Auth-Fail VLAN, or critical VLAN, VLAN IDs must be different for the
following VLANs:
• Voice VLAN.
• PVID of the access port.
• 802.1X guest, Auth-Fail, or critical VLAN.
If an IP phone sends out untagged voice traffic, the PVID of the access port must be the voice VLAN.
In this scenario, 802.1X authentication is not supported.
Security mode and normal mode of voice VLANs
Depending on the filtering mechanisms to incoming packets, a voice VLAN-enabled port can operate
in one of the following modes:
• Normal mode—The port receives voice-VLAN-tagged packets and forwards them in the voice
VLAN without examining their MAC addresses. If the PVID of the port is the voice VLAN and the
port operates in manual VLAN assignment mode, the port forwards all the received untagged
packets in the voice VLAN.
In this mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send a large
number of forged voice-VLAN-tagged or untagged packets to affect voice communication.
• Security mode—The port uses the source MAC addresses of voice packets to match the OUI
addresses of the device. Packets that fail the match will be dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode. This mode reduces
system resource consumption in source MAC address checking.
In either mode, the device modifies the transmission priority only for voice VLAN packets whose
source MAC addresses match OUI addresses of the device.
As a best practice, do not transmit both voice traffic and non-voice traffic in a voice VLAN. If you must
transmit different traffic in a voice VLAN, make sure the voice VLAN security mode is disabled.
Table 17 Packet processing on a voice VLAN-enabled port in normal or security mode
Voice VLAN
mode
Packet type Packet processing
Normal
• Untagged packets
• Packets with the
voice VLAN tags
The port does not examine their source MAC addresses.
Both voice traffic and non-voice traffic can be transmitted in
the voice VLAN.
Packets with other VLAN
tags
The port forwards or drops them depending on whether the
port permits packets from these VLANs to pass through.
Security
• Untagged packets
• Packets with the
voice VLAN tags
• If the source MAC address of a packet matches an OUI
address on the device, the packet is forwarded in the
voice VLAN.
• If the source MAC address of a packet does not match
an OUI address on the device, the packet is dropped.
Packets with other VLAN
tags
The port forwards or drops them depending on whether the
port permits packets from these VLANs to pass through.
Voice VLAN configuration task list
Tasks at a glance
(Required.) Configuring the QoS priority settings for voice traffic

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals