Security mode and normal mode of voice vlans, Table 47, Table 48 – H3C Technologies H3C WX5500E Series Access Controllers User Manual

142

Table 47 Required configurations on ports of different link types for them to support tagged voice traffic

Port link type Voice VLAN assignment mode

supported for tagged voice traffic Configuration requirements

Access N/A

N/A

Trunk

Automatic and manual

In automatic mode, the PVID of the port cannot be
the voice VLAN.
In manual mode, the PVID of the port cannot be the

voice VLAN. Configure the port to permit packets
from the voice VLAN to pass through.

Hybrid

Automatic and manual

In automatic mode, the PVID of the port cannot be
the voice VLAN.
In manual mode, the PVID of the port cannot be the
voice VLAN. Configure the port to permit packets

from the voice VLAN to pass through tagged.

Table 48 Required configurations on ports of different link types for them to support tagged voice traffic

Port link type Voice VLAN assignment mode

supported for untagged voice traffic Configuration requirements

Access

Manual

Configure the PVID of the port as the voice VLAN.

Trunk Manual

Configure the PVID of the port as the voice VLAN
and configure the port to permit packets from the
voice VLAN to pass through.

Hybrid Manual

Configure the PVID of the port as the voice VLAN
and configure the port to permit packets from the

voice VLAN to pass through untagged.

Security mode and normal mode of voice VLANs

Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in one of

the following modes:

•

Normal mode—In this mode, both voice packets and non-voice packets are allowed to pass
through a voice VLAN-enabled inbound port. When receiving a voice packet, the port forwards it

without checking its source MAC address against the OUI addresses configured for the device. If
the default VLAN of the port is the voice VLAN and the port operates in manual VLAN assignment

mode, the port forwards all received untagged packets in the voice VLAN. In normal mode, the

voice VLANs are vulnerable to traffic attacks. Vicious users can forge a large amount of voice

packets and send them to voice VLAN-enabled ports to consume the voice VLAN bandwidth,
affecting normal voice communication.

•

Security mode—In this mode, only voice packets whose source MAC addresses comply with the
recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, but all other

packets are dropped.

In a safe network, you can configure the voice VLANs to operate in normal mode. This reduces the

consumption of system resources due to source MAC addresses checking.
H3C recommends you not transmit both voice packets and non-voice packets in a voice VLAN. If you

have to, first make sure the voice VLAN security mode is disabled.