129
Port link
type
Voice VLAN assignment
mode supported for tagged
voice traffic
Configuration requirements
Hybrid Automatic
and
manual
In automatic mode, the PVID of the port cannot
be the voice VLAN.
In manual mode, configure the port to permit
packets of the voice VLAN to pass through
tagged.
•
IP phones send untagged voice traffic
When IP phones send untagged voice traffic, you can only configure the voice traffic receiving
ports on the device to operate in manual voice VLAN assignment mode.
Table 53 Required configurations on ports of different link types for them to support
tagged voice traffic
Port link
type
Voice VLAN assignment mode
supported for untagged voice
traffic
Configuration requirements
Access Manual
Configure the PVID of the port as the voice
VLAN.
Trunk Manual
Configure the PVID of the port as the voice
VLAN and assign the port to the voice VLAN.
Hybrid Manual
Configure the PVID of the port as the voice
VLAN and configure the port to permit
packets of the voice VLAN to pass through
untagged.
NOTE:
•
If an IP phone sends tagged voice traffic and its access port is configured with 802.1X
authentication and guest VLAN, you must assign different VLAN IDs for the voice VLAN, the
PVID of the access port, and the 802.1X guest VLAN for the functions to operate normally.
•
If an IP phone sends untagged voice traffic, to deliver the voice VLAN function, you must
configure the PVID of the access port as the voice VLAN. As a result, 802.1X authentication does
not take effect.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in one
of the following modes:
•
Normal
mode
—In this mode, both voice packets and non-voice packets are allowed to pass
through a voice VLAN-enabled inbound port. When receiving a voice packet, the port forwards
it without checking its source MAC address against the OUI addresses configured for the
device. If the PVID of the port is the voice VLAN and the port operates in manual VLAN
assignment mode, the port forwards all received untagged packets in the voice VLAN. In
normal mode, the voice VLANs are vulnerable to traffic attacks. Vicious users can forge a large
amount of untagged packets and send them to voice VLAN-enabled ports to consume the voice
VLAN bandwidth, affecting normal voice communication.
•
Security
mode
—In this mode, only voice packets whose source MAC addresses comply with
the recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, but
all other packets are dropped.
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...