Users Guide
VLANs 793
Configuring a Voice VLAN (Extended Example)
The commands in this example create a VLAN for voice traffic with a VLAN
ID of 25 using an IP phone that does not support 802.1X authentication. Port
gi1/0/10 is set to an 802.1Q VLAN. Next, Voice VLAN is enabled on the port
with the Voice VLAN ID set to 25. Finally, Voice VLAN authentication is
disabled on port gi1/0/10 because the phone connected to that port does not
support 802.1X authentication. All other devices connected to the port are
required to use 802.1X authentication for network access. For more
information about 802.1X authentication, see "Port and System Security" on
page 655.
This example shows the configuration for a switch with directly connected IP
phones. The interior of the network will still require configuration of QoS on
the selected Voice VLAN in order to ensure service.
To configure the switch:
1
Create the Voice VLAN.
console#configure
console(config)#vlan 25
console(config-vlan25)#exit
2
Enable the Voice VLAN feature on the switch.
console(config)#switchport voice vlan
3
Configure port 10 to be in general mode. Access mode ports do not
support MAC-based authentication.
console(config)#interface gi1/0/10
console(config-if-Gi1/0/10)#switchport mode general
4
Enable MAC-based 802.1X authentication on the port. The
authentication server will need to be configured with the MAC address of
the IP phone. See "Configuration Example—MAB Client" on page 261 for
information on how to configure the phone MAC address for 802.1X.
MAC-based authentication allows multiple devices to be independently
authenticated on a port.
NOTE: In an environment where the IP phone uses LLDP-MED to obtain
configuration information, an additional step to enable LLDP-MED on the
interface would be required by issuing the lldp med command in Interface
Configuration mode.