beautypg.com

Security mode and normal mode of voice vlans – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 118

background image

109

Port link type

Voice VLAN

assignment

mode

Support for

untagged voice

traffic

Configuration requirements

Manual

Yes

Configure the PVID of the port as the voice VLAN.

Trunk

Automatic No

Manual Yes

Configure the PVID of the port as the voice VLAN
and assign the port to the voice VLAN.

Hybrid

Automatic No

Manual Yes

Configure the PVID of the port as the voice VLAN
and configure the port to permit packets of the
voice VLAN to pass through untagged.

CAUTION:

If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X authentication
and guest VLAN, you should assign different VLAN IDs for the voice VLAN, the PVID of the connecting

port, and the 802.1X guest VLAN.

If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must configure the
PVID of the IP phone’s accessing port as the voice VLAN. As a result, 802.1X authentication cannot be

implemented.

NOTE:

The PVID is VLAN 1 for all ports by default. You can configure the PVID of a port and assign a port to
certain VLANs by using commands.

Use the display interface command to display the PVID of a port and the VLANs to which the port is
assigned.

Security mode and normal mode of voice VLANs

Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in the
following modes:

Normal mode: In this mode, voice VLAN-enabled ports receive packets carrying the voice VLAN
tag and forward packets in the voice VLAN without checking their source MAC addresses against

the OUI addresses configured for the device. If the PVID of the port is the voice VLAN and the port

works in manual VLAN assignment mode, the port forwards all received untagged packets in the
voice VLAN. In normal mode, the voice VLANs are vulnerable to traffic attacks. Vicious users may

forge a large amount of voice packets and send them to the device to consume the voice VLAN

bandwidth, affecting normal voice communication.

Security mode: In this mode, only voice packets whose source MAC addresses match the
recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, but all other

packets are dropped.

In a safe network, you can configure the voice VLANs to operate in normal mode, reducing the

consumption of system resources due to source MAC addresses checking.

See also other documents in the category H3C Technologies Routers: