Configure lldp-med Authentication Mode of Voice-VLAN
Network Requirements
- IP Phone (the IP phone can send the LLDP packet with the voice field) and PC access IP Network through port gigabitethernet0/1 of Device. The MAC address of IP Phone is 0001.0001.0001, and the MAC address of PC is 0002.0002.0002.
- Ton Device, configure the lldp-med authentication mode of Voice-VLAN so that IP Phone can normally access IP network and PC cannot access IP Network.
Network Topology
Figure 7-4 Networking for Configuring the lldp-med authentication mode of Voice-VLAN
Configuration Steps
Step 1: Configure a VLAN, and configure the link type of the ports.
#On Device, create VLAN2.
|
Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit
|
#On Device, configure the link type of port gigabitethernet0/1 to Trunk and allow services of VLAN2 to pass.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode trunk
Device(config-if-gigabitethernet0/1)# switchport trunk allowed vlan add 2
Device(config-if-gigabitethernet0/1)#exit
|
#On Device, configure the link type of port gigabitethernet0/2 to Trunk and allow services of VLAN2 to pass.
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode trunk
Device(config-if-gigabitethernet0/2)#switchport trunk allowed vlan add 2
Device(config-if-gigabitethernet0/2)#exit
|
Step 2: Configure the Voice-VLAN function.
#On Device, configure VLAN2 as Voice-VLAN, and the modify the Cos value to 7.
|
Device(config)#voice vlan 2 cos 7
|
#On Device, globally enable the lldp-med authentication mode of Voice-VLAN.
|
Device(config)#voice vlan lldp-med authentication
|
#On port gigabitethernet0/1 of Device, configure the Voice-VLAN auto mode.
|
Device(config)# interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#voice vlan enable
Device(config-if-gigabitethernet0/1)#voice vlan mode auto
Device(config-if-gigabitethernet0/1)#exit
|
#On Device, configure the OUI address of the MAC address of IP Phone 0001.0001.0001.
|
Device(config)#voice vlan oui-mac 0001.0001.0001 mask ffff.ffff.0000 name voice-vlan
|
#On Device, view the Voice-VLAN information.
Device#show voice vlan all
Voice Vlan Global Information: Voice Vlan enable
Voice Vlan security: disable
Voice Vlan lldp-med authentication: enable
Voice Vlan VID: 2, Cos: 7
Default OUI number: 5
User config OUI number: 1
Voice vlan interface information:
Interface Mode
-------------------------------
gi0/1 Auto-Mode
Voice Vlan OUI information: Total: 6
MacAddr Mask Name
--------------------------------------
0001.0001.0000 ffff.ffff.0000 voice-vlan
0003.6b00.0000 ffff.ff00.0000 Cisco-phone default
006b.e200.0000 ffff.ff00.0000 H3C-Aolynk-phone default
00d0.1e00.0000 ffff.ff00.0000 Pingtel-phone default
00e0.7500.0000 ffff.ff00.0000 Polycom-phone default
00e0.bb00.0000 ffff.ff00.0000 3Com-phone default
Voice Vlan lldp-med authenticated mac information:
MacAddr Interface
----------------------------------------------
0001.0001.0001 gi0/1
Step 3: Check the result.
#The 802.1P priority of the packet sent by IP Phone to IP Network is modified to 7.
#PC cannot access IP Network.
Switch
.png){kind=icon}
.png){kind=logo}
