Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2200-ON Series
891892893894895896897898899900
Layer 2 Switching Commands 897
In authentication host-mode multi-domain-multi-host, a voice packet is
switched based on the source MAC address of the IP phone. If override
authentication is enabled, voice packets received are switched regardless of
the 802.1X authentication state. Likewise, voice packets from the switch are
transmitted over the port regardless of the 802.1x authentication state when
the override option is enabled.
In authentication host-mode multi-domain-multi-host, the switch identifies
a device as a voice device when an Access-Accept is received from the AAA
service with the proprietary VSA device-traffic-class = voice. A voice VLAN
must be configured on the port. Additionally, the RADIUS Access-Accept
may include a VLAN assignment in conjunction with the VSA device-traffic-
class = voice. If the VLAN exists on the switch, the voice device is assigned to
the received VLAN ID.
When 802.1X authenticates a device onto the voice VLAN, the device is also
allowed access over the data VLAN for approximately thirty seconds after
authentication succeeds. This allows the device to learn the voice VLAN via
non-standard mechanism such as DHCP, HTTP or TFTP.
If trust mode is disabled, the switch remarks the priority and/or DSCP value
of received voice VLAN packets to the configured or default values (priority 5
and DSCP 46). If trust mode is enabled, voice packets are not remarked.
If trust mode is disabled, the switch classifies the voice packets into CoS
queue 2. If trust mode is enabled, voice packets are classified per the switch
configuration.
Use of the override-authentication option allows packets to flow over the
voice VLAN regardless of the AAA authentication status. The switch cannot
distinguish among voice and other packets in the voice VLAN. Use of this
option should be carefully considered as it may allow malevolent users
unrestricted access to network resources, particularly if authentication host-
mode multi-domain-multi-host is not enabled.
The voice VLAN may not be configured as a PVID. The switch enforces this
restriction by not configuring the voice VLAN, if the VLAN is the PVID of
any port, or by failing the PVID assignment if the VLAN is a voice VLAN.
The voice VLAN may not be configured as the unauthenticated VLAN and
vice-versa.
The voice VLAN may not be configured as the guest VLAN and vice-versa.
The voice VLAN may not be configured as a private VLAN host port.