Administrator Guide
762 VLANs
console(config)#interface port-channel 4
console(config-if-Po4)#switchport mode trunk
console(config-if-Po4)#exit
2
Disable loop protect on all the interfaces (optional).
console(config)#interface range gigabitethernet all
console(config-if)#no keepalive
console(config-if)#exit
3
Configure spanning-tree mode as RPVST.
console(config)#spanning-tree mode rapid-pvst
4
Create VLAN 2 for voice traffic. All switches must be configured
identically for the voice VLAN.
console(config)#vlan 2
console(config-vlan-2)#exit
5
Enable voice VLAN globally.
console(config)#voice vlan
6
Configure the VoIP phone connected port as follows:
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#switchport mode access
console(config-if-Gi2/0/11)#voice vlan 2
console(config-if-Gi2/0/11)#exit
7
Configure CoS queue 2 as strict. By default, the VoIP phone sends voice
traffic with 802.1p priority 5, which is mapped to egress queue 2 by
default.
console(config)#cos-queue strict 2
8
Configure an ACL to rate-limit the voice traffic in case of DoS attacks and
apply the ACL on the port-channel interfaces. The administrator should
consider applying this configuration to all perimeter ports.
console(config)#mac access-list extended dot1p-5-limit
console(config-mac-access-list)#1000 permit any any cos 5
console(config-mac-access-list)#rate-limit 1024 128
console(config-mac-access-list)#1010 permit any any
console(config-mac-access-list)#exit
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#mac access-group dot1p-5-limit in
100
console(config-if-Gi2/0/11)#exit