Security Mode And Normal Mode Of Voice Vlans - HP 5120 EI Series Lan Switching Configuration Manual

Hide thumbs Also See for 5120 EI Series:

Configuration manual (304 pages)

Installation manual (92 pages)

Specification (51 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

page of 235

/ 235
Contents
Table of Contents
Bookmarks

Table of Contents

Port link

type

Hybrid

When you configure the voice VLAN assignment modes, follow these guidelines:

If an IP phone sends tagged voice traffic and its accessing port is configured with 802.1X

•

authentication and any of the guest VLAN, Auth-Fail VLAN, and critical VLAN features, assign

different VLAN IDs to the voice VLAN, PVID of the connecting port, and 802.1X guest, Auth-Fail, or

critical VLAN.

If an IP phone sends untagged voice traffic, to implement the voice VLAN feature, you must

•

configure the PVID of the IP phone's accessing port as the voice VLAN. As a result, you cannot

implement 802.1X authentication.

Security mode and normal mode of voice VLANs

Depending on their inbound packet filtering mechanisms, voice VLAN-enabled ports operate in the

following modes:

Normal mode—Voice VLAN-enabled ports receive packets that carry the voice VLAN tag, and

•

forward packets in the voice VLAN without comparing their source MAC addresses against the OUI

addresses configured for the device. If the PVID of the port is the voice VLAN and the port operates

in manual VLAN assignment mode, the port forwards all received untagged packets in the voice

VLAN. In normal mode, voice VLANs are vulnerable to traffic attacks. Malicious users might send

large quantities of forged voice VLAN-tagged or untagged packets to consume the voice VLAN

bandwidth, affecting normal voice communication.

Security mode—Only voice packets whose source MAC addresses match the recognizable OUI

•

addresses can pass through the voice VLAN-enabled inbound port, but all other packets are

dropped.

In a safe network, you can configure the voice VLANs to operate in normal mode, reducing the

consumption of system resources due to source MAC addresses checking.

TIP:

HP does not recommend transmitting both voice traffic and non-voice traffic in a voice VLAN. If you must

transmit both voice traffic and non-voice traffic, make sure that the voice VLAN security mode is disabled.

Voice VLAN

Support for untagged

assignment mode

voice traffic

Manual

Yes

Automatic

Manual

Yes

Configuration requirements

Configure the PVID of the port as the voice VLAN

and assign the port to the voice VLAN.

N/A

Configure the PVID of the port as the voice VLAN

and configure the port to permit packets of the

voice VLAN to pass through untagged.

150

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

5500 ei series 5500 si series

Security Mode And Normal Mode Of Voice Vlans - HP 5120 EI Series Lan Switching Configuration Manual

Security mode and normal mode of voice VLANs

Hide quick links:

Related Manuals for HP 5120 EI Series

Related Content for HP 5120 EI Series

This manual is also suitable for:

Table of Contents