3com S7906E Manuel De Montage
4-4
VLANs are vulnerable to traffic attacks. Vicious users can forge a large amount of voice packets
and send them to voice VLAN-enabled ports to consume the voice VLAN bandwidth, affecting
normal voice communication.
z
Security mode: In this mode, only voice packets whose source MAC addresses comply with the
recognizable OUI addresses can pass through the voice VLAN-enabled inbound port, while all
other packets are dropped.
In a safe network, you can configure the voice VLANs to operate in normal mode, thus reducing the
consumption of system resources due to source MAC addresses checking. It is recommended not to
transmit both voice packets and non-voice packets in a voice VLAN. If you have to, please ensure that
the voice VLAN security mode is disabled.
Table 4-3 How a voice VLAN-enable port processes packets in security/normal mode
Voice VLAN
working mode
Packet type
Packet processing mode
Untagged packets
Packets carrying the
voice VLAN tag
voice VLAN tag
If the source MAC address of a packet matches an OUI
address configured for the device, it is forwarded in the
voice VLAN; otherwise, it is dropped.
address configured for the device, it is forwarded in the
voice VLAN; otherwise, it is dropped.
Security mode
Packets carrying
other tags
other tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through
allows packets of these VLANs to pass through
Untagged packets
Packets carrying the
voice VLAN tag
voice VLAN tag
The port does not check the source MAC addresses of
inbound packets. All types of packets can be transmitted
in the voice VLAN.
inbound packets. All types of packets can be transmitted
in the voice VLAN.
Normal mode
Packets carrying
other tags
other tags
Forwarded or dropped depending on whether the port
allows packets of these VLANs to pass through
allows packets of these VLANs to pass through
Configuring a Voice VLAN
Configuration Prerequisites
Before configuring a VLAN as a voice VLAN, create the VLAN first. Note that you cannot configure
VLAN 1 (the system-default VLAN) as a voice VLAN.
Setting a Port to Operate in Automatic Voice VLAN Assignment Mode
Follow these steps to set a port to operate in automatic voice VLAN assignment mode:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Set the voice VLAN aging time
voice vlan aging minutes
Optional
1440 minutes by default.
The voice VLAN aging time
configuration is only applicable
on ports in automatic voice
VLAN assignment mode.
configuration is only applicable
on ports in automatic voice
VLAN assignment mode.
Enable the voice VLAN security
mode
mode
voice vlan security enable
Optional
Enabled by default.