beautypg.com

Configuring a voice vlan, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual

Page 158

background image

2-5

the port forwards all received untagged packets in the voice VLAN. In normal mode, the voice

VLANs are vulnerable to traffic attacks. Vicious users can forge a large amount of voice packets

and send them to voice VLAN-enabled ports to consume the voice VLAN bandwidth, affecting

normal voice communication.

z

Security mode: In this mode, only voice packets whose source MAC addresses comply with the

recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, while all

other packets are dropped.

In a safe network, you can configure the voice VLANs to operate in normal mode, thus reducing the

consumption of system resources due to source MAC addresses checking. It is recommended not to

transmit both voice packets and non-voice packets in a voice VLAN. If you have to, please ensure that

the voice VLAN security mode is disabled.

Table 2-4 How a voice VLAN-enable port processes packets in security/normal mode

Voice VLAN

working mode

Packet type

Packet processing mode

Untagged packets

Packets carrying the
voice VLAN tag

If the source MAC address of a packet matches an OUI
address configured for the device, it is forwarded in the
voice VLAN; otherwise, it is dropped.

Security mode

Packets carrying
other tags

Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through

Untagged packets

Packets carrying the
voice VLAN tag

The port does not check the source MAC addresses of
inbound packets. All types of packets can be transmitted
in the voice VLAN.

Normal mode

Packets carrying
other tags

Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through

Configuring a Voice VLAN

Configuration Prerequisites

1) Create a VLAN

Before configuring a VLAN as a voice VLAN, create the VLAN first.

2) Configure the voice VLAN assignment mode. For details, see

Setting a Port to Operate in

Automatic Voice VLAN Assignment Mode

and

Setting a Port to Operate in Manual Voice VLAN

Assignment Mode

.

z

A port can belong to only one voice VLAN at a time.

z

Voice VLAN cannot be enabled on a port with Link Aggregation Control Protocol (LACP) enabled.

See also other documents in the category H3C Technologies Routers: