Administrator Guide
VLANs 753
Configuring a Voice VLAN (Extended Example)
The commands in this example create a VLAN for voice traffic with a VLAN
ID of 25 using an IP phone that does not support 802.1X authentication. Port
gi1/0/10 is set to an 802.1Q VLAN. In this example, there are multiple devices
connected to port gi1/0/10, so the port must be in general mode in order to
enable MAC-based 802.1X authentication. Next, Voice VLAN is enabled on
the port with the Voice VLAN ID set to 25. Finally, Voice VLAN
authentication is disabled on port gi1/0/10 because the phone connected to
that port does not support 802.1X authentication. All other devices
connected to the port are required to use 802.1X authentication for network
access. For more information about 802.1X authentication, see "Port and
System Security " on page 623.
This example shows the configuration for a switch with directly connected IP
phones. The interior of the network will still require configuration of QoS on
the selected voice VLAN in order to ensure service.
To configure the switch:
1
Create the voice VLAN.
console#configure
console(config)#vlan 25
console(config-vlan25)#exit
2
Enable the Voice VLAN feature on the switch.
console(config)#voice vlan
3
Configure port 10 to be in access mode.
console(config)#interface gi1/0/10
console(config-if-Gi1/0/10)#switchport mode access
4
Enable MAC-based 802.1X authentication on the port. This step is
required only if there are multiple devices that use 802.1X authentication
connected to the port. The authentication server will need to be
configured with the MAC address of the IP phone.
console(config-if-Gi1/0/10)#dot1x port-control mac-based
NOTE: In an environment where the IP phone uses LLDP-MED to obtain
configuration information, an additional step to enable LLDP-MED on the
interface would be required by issuing the lldp med command in Interface
Configuration mode.