159
Port link
type
Voice VLAN
assignment mode
Support for untagged
voice traffic
Configuration requirements
Manual Yes
Configure the PVID of the port as the voice VLAN
and assign the port to the voice VLAN.
Hybrid
Automatic No
N/A
Manual Yes
Configure the PVID of the port as the voice VLAN
and configure the port to permit packets of the
voice VLAN to pass through untagged.
When you configure the voice VLAN assignment modes, follow these guidelines:
•
If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X
authentication and any of the guest VLAN, Auth-Fail VLAN, and critical VLAN features, assign
different VLAN IDs to the voice VLAN, PVID of the connecting port, and 802.1X guest, Auth-Fail, or
critical VLAN.
•
If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must
configure the PVID of the IP phone's accessing port as the voice VLAN. As a result, you cannot
implement 802.1X authentication.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in the
following modes:
•
Normal mode
—Voice VLAN-enabled ports receive packets that carry the voice VLAN tag, and
forward packets in the voice VLAN without comparing their source MAC addresses against the OUI
addresses configured for the device. If the PVID of the port is the voice VLAN and the port operates
in manual VLAN assignment mode, the port forwards all received untagged packets in the voice
VLAN. In normal mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send
large quantities of forged voice VLAN-tagged or untagged packets to consume the voice VLAN
bandwidth, affecting normal voice communication.
•
Security mode
—Only voice packets whose source MAC addresses match the recognizable OUI
addresses can pass through the voice VLAN-enabled inbound port, but all other packets are
dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, reducing the
consumption of system resources due to source MAC addresses checking.
TIP:
H3C does not recommend transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must
transmit both voice traffic and non-voice traffic, make sure that the voice VLAN security mode is disabled.