Configure the Security Mode of Voice-VLAN
Network Requirements
- IP Phone and PC access IP Network through port gigabitethernet0/1 of Device. The MAC address of IP Phone is 0001.0001.0001, and the MAC address of PC is 0002.0002.0002.
- On Device, configure the security mode of Voice-VLAN, realizing that IP Phone can access IP Network normally, and PC cannot access IP Network.
Network Topology
Figure 7-3 Networking for Configuring the security mode of Voice-VLAN
Configuration Steps
Step 1: Configure a VLAN, and configure the link type of the ports.
#On Device, create VLAN2.
|
Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit
|
#On Device, configure the link type of port gigabitethernet0/1 to Trunk and allow services of VLAN2 to pass.
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode trunk
Device(config-if-gigabitethernet0/1)# switchport trunk allowed vlan add 2
Device(config-if-gigabitethernet0/1)#exit
|
#On Device, configure the link type of port gigabitethernet0/2 to Trunk and allow services of VLAN2 to pass.
|
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode trunk
Device(config-if-gigabitethernet0/2)#switchport trunk allowed vlan add 2
Device(config-if-gigabitethernet0/2)#exit
|
Step 2: Configure the voice-VLAN function.
#On Device, configure VLAN2 to voice-VLAN, and modify the Cos value to 7.
|
Device(config)#voice vlan 2 cos 7
|
#On Device, globally enable the security mode of Voice-VLAN.
|
Device(config)# voice vlan security enable
|
#On port gigabitethernet0/1 of Device, configure the voice-VLAN auto mode.
|
Device(config)# interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#voice vlan enable
Device(config-if-gigabitethernet0/1)#voice vlan mode auto
Device(config-if-gigabitethernet0/1)#exit
|
#On Device, configure the OUI address of the MAC address 0001.0001.0001 of IP Phone.
|
Device(config)#voice vlan oui-mac 0001.0001.0001 mask ffff.ffff.0000 name voice-vlan
|
#On Device, view the Voice-VLAN information.
Device#show voice vlan all
Voice Vlan Global Information: Voice Vlan enable
Voice Vlan security: enable
Voice Vlan lldp-med authentication: disable
Voice Vlan VID: 2, Cos: 7
Default OUI number: 5
User config OUI number: 1
Voice vlan interface information:
Interface Mode
------------------------------------------
gi0/1 Auto-Mode
Voice Vlan OUI information: Total: 6
MacAddr Mask Name
--------------------------------------------------------
0001.0001.0000 ffff.ffff.0000 voice-vlan
0003.6b00.0000 ffff.ff00.0000 Cisco-phone default
006b.e200.0000 ffff.ff00.0000 H3C-Aolynk-phone default
00d0.1e00.0000 ffff.ff00.0000 Pingtel-phone default
00e0.7500.0000 ffff.ff00.0000 Polycom-phone default
00e0.bb00.0000 ffff.ff00.0000 3Com-phone default
Step 3: Check the result.
#The 802.1 priority of the packets that IP Phone sends to IP Network is modified to 7.
# PC cannot normally access IP Network.
Switch
.png){kind=icon}
.png){kind=logo}
