Security Mode Of Voice Vlan - 3Com 4500 PWR 26-Port Configuration Manual
Hide thumbs
Also See for 4500 PWR 26-Port:
- Manual (942 pages) ,
- Configuration manual (870 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
Table 10-3 Matching relationship between port types and voice devices acquiring voice VLAN through
manual configuration
Voice VLAN
assignment mode
Automatic
Manual
Security Mode of Voice VLAN
The automatic mode and manual mode described earlier only apply to the process of assigning a port to
the voice VLAN. After a port is assigned to the voice VLAN, the switch receives and forwards all voice
VLAN-tagged traffic without matching the source MAC address of each received packet against its OUI
list. For a port in the manual mode with the default VLAN as the voice VLAN, any untagged packet can
be transmitted in the voice VLAN. This makes the voice VLAN vulnerable to flow attacks, because
malicious users can create a large amount of voice VLAN-tagged packets to consume the voice VLAN
bandwidth, affecting normal voice communication.
3Com series switches provide the security mode for voice VLAN to address this problem. When the
voice VLAN works in security mode, the switch checks the source MAC address of each packet to enter
the voice VLAN and drops the packets whose source MAC addresses do not match the OUI list.
However, checking packets occupies lots of system resources. Therefore, in a relatively safe network,
you can configure the voice VLAN to operate in normal mode.
The following table presents how a packet is handled when the voice VLAN is operating in security
mode and normal mode.
Table 10-4 How a packet is handled when the voice VLAN is operating in different modes
Voice VLAN
Mode
Security
Port type
Access
Not supported
Supported
Make sure the default VLAN of the port exists and is not a
Trunk
voice VLAN, and the access port permits the traffic of the
default VLAN.
Supported
Make sure the default VLAN of the port exists and is not a
Hybrid
voice VLAN, and the default VLAN is in the list of the tagged
VLANs whose traffic is permitted by the access port.
Access
Not supported
Supported
Make sure the default VLAN of the port exists and is not a
Trunk
voice VLAN, and the access port permits the traffic of the
default VLAN.
Supported
Make sure the default VLAN of the port exists and is not a
Hybrid
voice VLAN, and the default VLAN and the voice VLAN is in
the list of the tagged VLANs whose traffic is permitted by the
access port.
Packet Type
Untagged packet
Supported or not
Processing Method
If the source MAC address of the packet
10-6
- Quick Links:
- User Control
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
