KB.15.15

Where multiple voice VLANs exist on the switch, you can use routing to communicate between

telephones on different voice VLANs.

• Tagged/Untagged VLAN Membership: If the appliances using a voice VLAN transmit tagged

VLAN packets, then configure the member ports as tagged members of the VLAN. Otherwise,

configure the ports as untagged members.

Voice VLAN access security

You can use port security configured on an individual port or group of ports in a voice VLAN. That

is, you can allow or deny access to a phone having a particular MAC address. See the Access

Security Guide for your switch.

NOTE: MAC authentication is not recommended in voice VLAN applications.

Effects of VLANs on other switch features

Spanning Tree operation with VLANs

Depending on the spanning tree option configured on the switch, the spanning tree feature may

operate as:

• A single instance across all ports on the switch regardless of VLAN assignments

• Multiple instances on a per-VLAN basis.

For single-instance operation, this means that if redundant physical links exist between the switch

and another 802.1Q device, all but one link will be blocked, even if the redundant links are in

separate VLANs. In this case you can use port trunking to prevent Spanning Tree from unnecessarily

blocking ports (and to improve overall network performance). For multiple-instance operation,

physically redundant links belonging to different VLANs can remain open.

Note that Spanning Tree operates differently in different devices. For example, in the (obsolete,

non-802.1Q) HP Switch 2000 and the HP Switch 800T, Spanning Tree operates on a per-VLAN

basis, allowing redundant physical links as long as they are in separate VLANs.

Spanning Tree operates differently in different devices

IP interfaces

There is a one-to-one relationship between a VLAN and an IP network interface. Since the VLAN

is defined by a group of ports, the state (up/down) of those ports determines the state of the IP

network interface associated with that VLAN. When a port-based VLAN or an IPv4 or IPv6

protocol-based VLAN comes up because one or more of its ports is up, the IP interface for that

VLAN is also activated. Likewise, when a VLAN is deactivated because all of its ports are down,

the corresponding IP interface is also deactivated.

VLAN MAC address

The switches have one unique MAC address for all of their VLAN interfaces. You can send an

802.2 test packet to this MAC address to verify connectivity to the switch. Likewise, you can assign

an IP address to the VLAN interface, and when you Ping that address, ARP will resolve the IP

address to this single MAC address.

In a topology where a switch has multiple VLANs and must be connected to a device having a

single forwarding database, such as the Switch 4000M, some cabling restrictions apply.

Port trunks

When assigning a port trunk to a VLAN, all ports in the trunk are automatically assigned to the

same VLAN. Do not split trunk members across multiple VLANs. A port trunk is tagged, untagged,

or excluded from a VLAN in the same way as individual, untrunked ports.

Introducing tagged VLAN technology into networks running untagged VLANs 61