Administrator Guide
VLANs 761
console(config-vlan-2)#exit
5
Enable voice VLAN globally.
console(config)#voice vlan
6
Configure the VoIP phone connected port. The voice VLAN assignment
must be the same on all switches.
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#switchport mode access
console(config-if-Gi2/0/11)#voice vlan 2
console(config-if-Gi2/0/11)#exit
7
Configure egress queue 2 as strict. By default, the VoIP phone sends voice
traffic with 802.1p priority 5, which is mapped to egress queue 2 by
default.
console(config)#cos-queue strict 2
8
Configure an ACL to rate-limit the voice traffic in case of DoS attacks and
apply the ACL on the phone-connected interfaces. The administrator
should consider whether to apply this configuration on all perimeter ports.
console(config)#mac access-list extended dot1p-5-limit
console(config-mac-access-list)#1000 permit any any cos 5
console(config-mac-access-list)#rate-limit 1024 128
console(config-mac-access-list)#1010 permit any any
console(config-mac-access-list)#exit
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#mac access-group dot1p-5-limit in
1
console(config-if-Gi2/0/11)#exit
Non-MLAG aware device-2 (Partner-2)
1
Configure partner-2 with the following configuration. This configuration is
highly similar to the partner 1 configuration.
console#config
console(config)#interface Gi1/0/21
console(config-if-Gi2/0/21)#channel-group 4 mode active
console(config-if-Gi2/0/21)#no keepalive
console(config-if-Gi2/0/21)#exit
console(config)#interface Gi1/0/23
console(config-if-Gi1/0/23)#channel-group 4 mode active
console(config-if-Gi1/0/23)#no keepalive
console(config-if-Gi1/0/23)#exit