Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2000 Series
741742743744745746747748749750
748 VLANs
If no RADIUS server is reachable and the port is configured in MAC-based
authentication mode, newly authenticating voice devices, i.e., devices just
powered on or connected to the network, are denied access to the Voice
VLAN. The phone will be authenticated and allowed access to the Voice
VLAN when a RADIUS server becomes reachable. Configuring a RADIUS
server with a deadtime of 0 (default) effectively disables features such as
critical Voice VLAN as the configured server is always marked live.
Use the authentication event server dead action authorize voice command
to enable critical Voice VLAN treatment on an interface. A non-zero dead
time must be configured on all RADIUS servers for the servers to be marked
dead so a device can be placed into the critical Voice VLAN.
Critical Voice VLAN is supported on 802.1X unaware clients by using MAB
mode, for example, an 802.1X-unaware IP phone configured in 802.1X MAC-
based mode. Additionally, the switchport voice vlan override-authentication
command may be used to configure 802.1X unaware IP phones in 802.1X port
based mode.
Voice VLAN Restrictions
The switch enforces the following restrictions regarding Voice VLAN:
The Voice VLAN may not be configured as a PVID. The switch enforces
this restriction by not configuring the Voice VLAN if the VLAN is the
PVID of any port, or by failing the PVID assignment if the VLAN is a Voice
VLAN. This prevents operator misconfiguration which allows DoS attacks
on the data VLAN to disrupt voice traffic.
The Voice VLAN may not be configured as the unauthenticated VLAN
and vice-versa. This prevents operator misconfiguration which allows DoS
attacks on the unauthenticated VLAN to disrupt the voice traffic.
The Voice VLAN may not be configured as the guest VLAN and vice-versa.
This prevents operator misconfiguration which allows DoS attacks on the
guest VLAN to disrupt the voice traffic.
The Voice VLAN may not be configured as a private VLAN host port. This
prevents interference between the internal Private VLAN and Voice VLAN
treatment of packets.