voice-vlan security enable
Function
The voice-vlan security enable command enables the secure mode of the voice VLAN.
The undo voice-vlan security enable command disables the secure mode of the voice VLAN.
By default, the secure mode of the voice VLAN is disabled.
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, 100GE interface view, MultiGE interface view, Eth-Trunk interface view, port group view, 25GE interface view
Usage Guidelines
Usage Scenario
Secure mode
A voice VLAN-enabled inbound port transmits only frames of which the source MAC addresses match OUIs configured on the device, discards the voice data not belong to the current voice VLAN and the other data can be forwarded normally.
The secure mode prevents a voice VLAN from being attacked by malicious data flows, but consumes system resources to check frames.
The secure mode takes effect only when the voice-vlan remark-mode mac-address command is configured to increase the priority of voice packets based on MAC addresses.
Normal mode
A voice VLAN-enabled inbound port transmits both voice and non-voice data. The port does not compare source MAC addresses in received frames with configured OUIs, exposing a voice VLAN to malicious attacks.
Pre-configuration Tasks
Voice VLAN has been enabled using the voice-vlan enable command.
Run the voice-vlan remark-mode mac-address command to increase the priority of voice packets based on MAC addresses.
Precautions
When a voice VLAN works in secure mode, only voice packets in the VLAN can be transmitted in the voice VLAN.
To allow both voice packets and data packets to be transmitted in the voice VLAN, configure the voice VLAN to work in normal mode.