Security mode and normal mode of voice vlans, Table 15, Table 16 – H3C Technologies H3C WX5500E Series Access Controllers User Manual
Page 160
149
Table 15 Required configurations on ports of different link types for supporting tagged voice traffic
Port link type Voice VLAN assignment modes
supported for tagged voice traffic Configuration requirements
Access N/A
N/A
Trunk
Automatic and manual
In automatic mode, the PVID of the port cannot be
the voice VLAN.
In manual mode, the PVID of the port cannot be the
voice VLAN. Configure the port to permit packets
of the voice VLAN to pass through.
Hybrid
Automatic and manual
In automatic mode, the PVID of the port cannot be
the voice VLAN.
In manual mode, the PVID of the port cannot be the
voice VLAN. Configure the port to permit packets
of the voice VLAN to pass through tagged.
Table 16 Required configurations on ports of different link types for supporting tagged voice traffic
Port link type Voice VLAN assignment mode
supported for untagged voice traffic Configuration requirements
Access
Manual
Configure the PVID of the port as the voice VLAN.
Trunk Manual
Configure the PVID of the port as the voice VLAN
and assign the port to the voice VLAN.
Hybrid Manual
Configure the PVID of the port as the voice VLAN
and configure the port to permit packets of the
voice VLAN to pass through untagged.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports can operate in the
one of the following modes:
•
Normal mode—Voice VLAN-enabled ports receive packets that carry the voice VLAN tag and
forward packets in the voice VLAN without comparing their source MAC addresses against the OUI
addresses configured for the device. If the PVID of the port is the voice VLAN and the port operates
in manual VLAN assignment mode, the port forwards all received untagged packets in the voice
VLAN. In normal mode, voice VLANs are vulnerable to traffic attacks. Malicious users may send
large quantities of forged voice VLAN-tagged or untagged packets to consume all of the voice
VLAN bandwidth, affecting normal voice communication.
•
Security mode—Only voice packets whose source MAC addresses match the recognizable OUI
addresses can pass through the voice VLAN-enabled inbound port, but all other packets are
dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, which reduces system
resources used for checking source MAC addresses.
shows how a voice VLAN-enabled port
processes packets in security and normal mode.
H3C does not recommend transmitting both voice traffic and non-voice traffic in a voice VLAN. If you
must transmit both voice traffic and nonvoice traffic, make sure that the voice VLAN security mode is
disabled.