R3303-HP HSR6800 Routers Layer 2 - LAN Switching Configuration Guide
118
Port link type
Voice VLAN assignment mode
su
pp
orted for ta
gg
ed voice traffic
Configuration requirements
Hybrid Automatic and manual
In automatic mode, the PVID of the port cannot be
the voice VLAN.
In manual mode, the PVID of the port cannot be the
voice VLAN. Configure the port to permit packets
from the voice VLAN to pass through tagged.
• When IP phones send untagged voice traffic
When IP phones send untagged voice traffic, you can only configure the voice traffic receiving
ports on the device to operate in manual voice VLAN assignment mode.
If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must
configure the PVID of the IP phone's accessing port as the voice VLAN. As a result, you cannot
implement 802.1X authentication.
Table 15 Required configurations on ports of different link types for them to support tagged voice traffic
Port link type
Voice VLAN assignment mode
su
pp
orted for unta
gg
ed voice traffic
Configuration requirements
Access Manual Configure the PVID of the port as the voice VLAN.
Trunk Manual
Configure the PVID of the port as the voice VLAN
and configure the port to permit packets from the
voice VLAN to pass through.
Hybrid Manual
Configure the PVID of the port as the voice VLAN
and configure the port to permit packets from the
voice VLAN to pass through untagged.
Security mode and normal mode of voice VLANs
Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports can operate in the
following modes:
• Normal mode—Voice VLAN-enabled ports receive packets that carry the voice VLAN tag and
forward packets in the voice VLAN without comparing their source MAC addresses against the OUI
addresses configured for the device. If the PVID of the port is the voice VLAN and the port operates
in manual VLAN assignment mode, the port forwards all received untagged packets in the voice
VLAN. In normal mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send
large quantities of forged voice VLAN-tagged or untagged packets to consume all of the voice
VLAN bandwidth, affecting normal voice communication.
• Security mode—Only voice packets whose source MAC addresses match the recognizable OUI
addresses can pass through the voice VLAN-enabled inbound port, but all other packets are
dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, which reduces the
system resources used for checking source MAC addresses. Table 16
shows how packets are handled
based on different security modes.
HP recommends not transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must
transmit both voice traffic and nonvoice traffic, make sure the voice VLAN security mode is disabled.