Support User Manuals

3Com 4500 Switch User Manual

Open as PDF

of 742

1-6

Table 1-3 Matching relationship between port types and voice devices acquiring voice VLAN through

manual configuration

Voice VLAN

assignment mode

Port type Supported or not

Access Not supported

Trunk

Supported

Make sure the default VLAN of the port exists and is not a

voice VLAN, and the access port permits the traffic of the

default VLAN.

Automatic

Hybrid

Supported

Make sure the default VLAN of the port exists and is not a

voice VLAN, and the default VLAN is in the list of the tagged

VLANs whose traffic is permitted by the access port.

Access Not supported

Trunk

Supported

Make sure the default VLAN of the port exists and is not a

voice VLAN, and the access port permits the traffic of the

default VLAN.

Manual

Hybrid

Supported

Make sure the default VLAN of the port exists and is not a

voice VLAN, and the default VLAN and the voice VLAN is in

the list of the tagged VLANs whose traffic is permitted by the

access port.

Security Mode of Voice VLAN

The automatic mode and manual mode described earlier only apply to the process of assigning a port to

the voice VLAN. After a port is assigned to the voice VLAN, the switch receives and forwards all voice

VLAN-tagged traffic without matching the source MAC address of each received packet against its OUI

list. For a port in the manual mode with the default VLAN as the voice VLAN, any untagged packet can

be transmitted in the voice VLAN. This makes the voice VLAN vulnerable to flow attacks, because

malicious users can create a large amount of voice VLAN-tagged packets to consume the voice VLAN

bandwidth, affecting normal voice communication.

H3C series switches provide the security mode for voice VLAN to address this problem. When the voice

VLAN works in security mode, the switch checks the source MAC address of each packet to enter the

voice VLAN and drops the packets whose source MAC addresses do not match the OUI list. However,

checking packets occupies lots of system resources. Therefore, in a relatively safe network, you can

configure the voice VLAN to operate in normal mode.

The following table presents how a packet is handled when the voice VLAN is operating in security

mode and normal mode.

Table 1-4 How a packet is handled when the voice VLAN is operating in different modes

Voice VLAN

Mode

Packet Type Processing Method

Security

Untagged packet

If the source MAC address of the packet

previous next