Configuring a voice vlan, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual
Page 158
2-5
the port forwards all received untagged packets in the voice VLAN. In normal mode, the voice
VLANs are vulnerable to traffic attacks. Vicious users can forge a large amount of voice packets
and send them to voice VLAN-enabled ports to consume the voice VLAN bandwidth, affecting
normal voice communication.
z
Security mode: In this mode, only voice packets whose source MAC addresses comply with the
recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, while all
other packets are dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, thus reducing the
consumption of system resources due to source MAC addresses checking. It is recommended not to
transmit both voice packets and non-voice packets in a voice VLAN. If you have to, please ensure that
the voice VLAN security mode is disabled.
Table 2-4 How a voice VLAN-enable port processes packets in security/normal mode
Voice VLAN
working mode
Packet type
Packet processing mode
Untagged packets
Packets carrying the
voice VLAN tag
If the source MAC address of a packet matches an OUI
address configured for the device, it is forwarded in the
voice VLAN; otherwise, it is dropped.
Security mode
Packets carrying
other tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through
Untagged packets
Packets carrying the
voice VLAN tag
The port does not check the source MAC addresses of
inbound packets. All types of packets can be transmitted
in the voice VLAN.
Normal mode
Packets carrying
other tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through
Configuring a Voice VLAN
Configuration Prerequisites
1) Create a VLAN
Before configuring a VLAN as a voice VLAN, create the VLAN first.
2) Configure the voice VLAN assignment mode. For details, see
Automatic Voice VLAN Assignment Mode
Setting a Port to Operate in Manual Voice VLAN
.
z
A port can belong to only one voice VLAN at a time.
z
Voice VLAN cannot be enabled on a port with Link Aggregation Control Protocol (LACP) enabled.