Voice VLANs are VLANs configured specially
for voice data stream. By adding the ports with voice devices attached to voice
VLANs, you can perform QoS (quality of service)-related configuration for voice
data, ensuring the transmission priority of voice data stream and voice
quality.
S7500 series Ethernet switches determine
whether a received packet is a voice packet by checking its source MAC address.
If the source MAC addresses of packets comply with the organizationally unique
identifier (OUI) addresses configured by the system, the packets are determined
as voice packets and transmitted in voice VLAN.
You can configure an OUI address for voice
packets or specify to use the default OUI address.
An OUI address is a
globally unique identifier assigned to a vendor by IEEE. You can determine
which vendor a device belongs to according to the OUI address which forms the
first 24 bits of a MAC address.
The following table shows the five default
OUI addresses of a switch.
Table 1-1
Default OUI addresses preset by the switch
|
Number
|
OUI Address
|
Vendor
|
|
1
|
0003-6b00-0000
|
Cisco phone
|
|
2
|
000f-e200-0000
|
H3C Aolynk phone
|
|
3
|
00d0-1e00-0000
|
Pingtel phone
|
|
4
|
00e0-7500-0000
|
Polycom phone
|
|
5
|
00e0-bb00-0000
|
3com phone
|
A voice VLAN can operate in two modes:
automatic mode and manual mode. You can configure the operation mode for a
voice VLAN according to data stream passing through the ports of the voice
VLAN.
l
In automatic mode: S7500 series switches
automatically add a port connecting a IP voice device to the voice VLAN through
learning the source MAC address in the untag packet sent by the IP voice device
when it is powered on. When the aging time of a port expires, voice ports on
which the OUI addresses are not updated (no voice stream passes) will be
automatically removed from the voice VLAN; voice ports cannot be added into or
removed from the voice VLAN through manual configurations.
l
In manual mode: you need to execute related
configuration commands to add a voice port to the voice VLAN or remove a voice
port from the voice VLAN.
For tag packets sent by the IP voice
devices, processing modes in the two modes are the same. They are only
forwarded and no MAC address is learnt.
Voice VLAN packets can be forwarded by trunk
ports and hybrid ports in voice VLAN. You can enable a trunk port or a hybrid
port belonging to other VLANs to forward voice and service packets
simultaneously by enabling the voice VLAN function for it.
As multiple types of IP voice devices
exist, you need to match port mode with types of voice stream sent by IP voice
devices, as listed in Table 1-2.
Table 1-2 Matching
relationship between port modes and voice stream types
|
Port voice VLAN mode
|
Voice stream type
|
Port type
|
Supported or not
|
|
Automatic
mode
|
Tagged
voice stream
|
Access
|
Not supported
|
|
Trunk
|
Supported
Make sure the default VLAN of the port
exists and is not a Voice VLAN. And the access port permits the packets of
the default VLAN.
|
|
Hybrid
|
Supported
Make sure the default VLAN of the port
exists and is in the list of the tagged VLANs whose packets are permitted by
the access port.
|
|
Untagged
voice stream
|
Access
|
Not supported, because the default VLAN
of the port must be a voice VLAN and the access port is in the voice VLAN. To
do so, you can also add the port to the voice VLAN manually.
|
|
Trunk
|
|
Hybrid
|
|
Manual
mode
|
Tagged
voice stream
|
Access
|
Not supported
|
|
Trunk
|
Supported
Make sure the default VLAN of the port
exists and is not a voice VLAN. And the access port permits the packets of
the default VLAN.
|
|
Hybrid
|
Supported
Make sure the default VLAN of the port
exists and is in the list of the tagged VLANs whose packets are permitted by
the access port.
|
|
Untagged
voice stream
|
Access
|
Supported
Make sure the default VLAN of the port is
a voice VLAN.
|
|
Trunk
|
Supported
Make sure the default VLAN of the port is
a voice VLAN and the port permits the packets of the VLAN.
|
|
Hybrid
|
Supported
Make sure the default VLAN of the port is
a voice VLAN and is in the list of untagged VLANs whose packets are permitted
by the port.
|
Caution:
l
If the voice stream transmitted by an IP voice
device is with VLAN tag and the port which the IP voice device is attached to
is enabled with 802.1x authentication and 802.1x guest VLAN assign different
VLAN IDs for the voice VLAN, the default VLAN of the port, and the 802.1x guest
VLAN to ensure the two functions to operate properly.
l
If the voice stream transmitted by the IP voice
device is without VLAN tag, the default VLAN of the port which the IP voice
device is attached can only be configured as a voice VLAN for the voice VLAN
function to take effect. In this case, 802.1x authentication is unavailable.
l
Create the corresponding VLAN before configuring
a voice VLAN.
l
VLAN 1 is the default VLAN and do not need to be
created. But VLAN 1 does not support the voice VLAN function.
Table 1-3 Configure a voice VLAN to
operate in automatic mode
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
Required
|
|
Enable the voice VLAN function for the
port
|
voice vlan enable
|
Required
By default, the voice VLAN function is
disabled.
|
|
Set the voice VLAN operation mode to
automatic mode
|
voice vlan mode auto
|
Optional
The default voice VLAN operation mode is
automatic mode.
|
|
Quit to system view
|
quit
|
—
|
|
Set an OUI address that can be identified
by the voice VLAN
|
voice vlan mac-address oui mask oui-mask [ description text ]
|
Optional
By default, the switch uses the default
OUI address to determine the voice stream.
|
|
Enable the voice VLAN security mode
|
voice vlan security enable
|
Optional
By default, the voice VLAN security mode
is enabled.
|
|
Set the aging time for the voice VLAN
|
voice vlan aging minutes
|
Optional
The default aging time is 1,440 minutes.
|
|
Enable the voice VLAN function globally
|
voice vlan vlan-id enable
|
Required
|
When the voice VLAN
is working normally, if it meets such situation as the restart of devices, in
order to make the established voice connections work normally, the system does
not need to be triggered by the voice stream again to add the port configured
as automatic mode to the local devices but does so immediately after the
completion of the restart.
Table 1-4 Configure a voice VLAN to
operate in manual mode
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter port view
|
interface interface-type interface-number
|
Required
|
|
Enable the voice VLAN function for the
port
|
voice vlan enable
|
Required
By default, the voice VLAN function is
disabled on a port.
|
|
Set voice VLAN operation mode to manual
mode
|
undo voice vlan mode auto
|
Required
The default voice VLAN operation mode is
automatic mode.
|
|
Quit to system view
|
quit
|
—
|
|
Add a port
in manual mode to the voice VLAN
|
Access
port
|
Enter VLAN
view
|
vlan vlan-id
|
Required
|
|
Add the
port to the VLAN
|
port interface-list
|
|
Trunk or
Hybrid port
|
Enter port
view
|
interface interface-type interface-num
|
|
Add the port to the voice VLAN
|
port trunk permit vlan vlan-id
port hybrid vlan vlan-id { tagged | untagged }
|
|
Configure the voice VLAN to be the
default VLAN of the port
|
port trunk pvid vlan vlan-id
port hybrid pvid vlan vlan-id
|
Optional
Refer to Table
1-2 to determine whether or not this operation is needed.
|
|
Quit to system view
|
quit
|
—
|
|
Set an OUI address to be one that can be
identified by the voice VLAN
|
voice vlan mac-address oui mask oui-mask [ description text ]
|
Optional
If you do not set the address, the
default OUI address is used.
|
|
Enable the voice VLAN security mode
|
voice vlan security enable
|
Optional
By default, the voice VLAN security mode
is enabled.
|
|
Set aging time for the voice VLAN
|
voice vlan aging minutes
|
Optional
The default aging time is 1,440 minutes.
|
|
Enable the voice VLAN function globally
|
voice vlan vlan-id enable
|
Required
|
Caution:
l
You can enable voice VLAN feature for only one
VLAN at a moment.
l
If the Link Aggregation Control Protocol (LACP)
is enabled for a port, the voice VLAN feature can not be enabled for it.
l
Voice VLAN function can be effective only for
the static VLAN. Once a dynamic VLAN is enabled with voice VLAN function, it
automatically changes to static VLAN.
l
When a voice VLAN operates in the security mode,
the devices in it only permit packets whose source addresses are the voice OUI
addresses that can be identified. Packets whose source addresses cannot be
identified, including certain authentication packets (such as 802.1x
authentication packets), will be dropped. So, do not transmit both voice data and
service data in a voice VLAN. If you have to do so, make sure the voice VLAN do
not operate in the security mode.
After the above
configurations, you can execute the display command in any view to view
the running status and verify the configuration effect.
Table 1-5
Display configurations of a Voice VLAN
|
Operation
|
Command
|
Description
|
|
Display the voice VLAN configuration
status
|
display voice vlan status
|
You can execute the display
command in any view.
|
|
Display the currently valid OUI addresses
|
display voice vlan oui
|
|
Display the ports operating in the
current voice VLAN
|
display vlan vlan-id
|
I. Network requirements
l
Create VLAN 2 and configure it as a voice VLAN.
l
Configure Ethernet1/0/1 port as a Trunk port,
with VLAN 6 as the default port.
l
Ethernet1/0/1 port can be added to/removed from
the voice VLAN automatically according to the type of the data stream that
reaches the port.
II. Configuration
procedure
# Create VLAN 2.
<H3C> system-view
[H3C] vlan 2
# Configure Ethernet1/0/1 port to be a
Trunk port, with VLAN 6 as the default VLAN.
[H3C-vlan2] quit
[H3C] interface Ethernet 1/0/1
[H3C-Ethernet1/0/1] port link-type
trunk
[H3C-Ethernet1/0/1] port trunk pvid
vlan 6
# Enable the voice VLAN function for the
port and configure the port to operate in automatic mode.
[H3C-Ethernet1/0/1] voice vlan enable
[H3C-Ethernet1/0/1] voice vlan mode
auto
# Enable the voice VLAN function globally.
[H3C-Ethernet1/0/1] quit
[H3C] voice vlan 2 enable
I. Network requirements
l
Create VLAN 3 and configure it as a voice VLAN.
l
Configure Ethernet1/0/1 port as a Trunk port for
it to be added to/removed form the Voice VLAN.
l
Configure the OUI address to be 0011-2200-0000,
with the description string being “test”.
II. Configuration
procedure
# Create
VLAN 3.
<H3C> system-view
[H3C] vlan 3
[H3C-vlan3] quit
# Configure Ethernet1/0/3 port to be a Trunk
port and add it to VLAN 3.
[H3C] interface Ethernet1/0/3
[H3C-Ethernet1/0/3] port link-type
trunk
[H3C-Ethernet1/0/3] port trunk permit
vlan 3
# Enable the voice VLAN function for the
port and configure the port to operate in manual mode.
[H3C-Ethernet1/0/3] voice vlan enable
[H3C-Ethernet1/0/3] undo voice vlan
mode auto
[H3C-Ethernet1/0/3] quit
# Specify an OUI address.
[H3C] voice vlan mac-address
0011-2200-0000 mask ffff-ff00-0000 description test
# Enable the voice VLAN function globally.
[H3C] voice vlan 3 enable
# Display voice VLAN-related
configurations.
[H3C] display voice vlan status
Voice Vlan status: ENABLE
Voice Vlan ID: 3
Voice Vlan security mode: Security
Voice Vlan aging time: 1440 minutes
Current voice vlan enabled port mode:
PORT MODE
----------------------------------------
Ethernet1/0/3 MANUAL
# Remove Ethernet1/0/3 port from the voice
VLAN.
[H3C] interface Ethernet1/0/3
[H3C-Ethernet1/0/3] undo port trunk
permit vlan 3
isolate-user-VLAN is designed for saving
VLAN resource by means of copying MAC address entries among the MAC address
tables of VLANs in the network, which is utilizing the feature that an hybrid
port removes the VLAN tag of packets coming from multiple VLANs.
isolate-user-VLAN adopts Layer 2 VLAN
structure, you need to configure two types of VLAN, isolate-user-VLAN and
secondary VLAN.
An isolate-user-VLAN can match with
multiple secondary VLANs. By setting the hybrid attribute for a port, ports
included in all the secondary VLANs and the uplink port of a switch can all
belong to an isolate-user-VLAN. At the same time, you should configure the
uplink port to remove the VLAN tags of all the secondary VLAN packets forwarded
by it.
In this case, for the upper layer switch, all the packets received
from the lower stream are without VLAN tags. Therefore, the switch can reset
the local VLAN structure to save VLAN resource without considering the VLAN
configuration in the lower layer.
Figure 2-1 is
the diagram for isolate-user-VLAN application, the following content describes
the isolate-user-VLAN packets forwarding process based on this figure.
I. Configure Switch B
l
Configure port Ethernet1/0/4 as a hybrid port,
with the default VLAN ID being 3. At the same time, this port belongs to VLAN 3
and VLAN 5, and performs untag operation (removing of VLAN tag) on the packets
from VLAN 3 and VLAN 5.
l
Configure port Ethernet1/0/1 as a hybrid port,
with the default VLAN ID being 5. At the same time, this port belongs to VLAN 3
and VLAN 5, and performs untag operation (removing of VLAN tag) on the packets
from VLAN 3 and VLAN 5.
II. Configure Switch A
To ensure that packets sent by Switch A can
be forwarded by Switch B according to the VLAN configurations of the lower
layer devices, you need to configure the port through which Switch A connects
to Switch B to remove VLAN tags when Switch A sends packets to Switch B.
Figure 2-1 Diagram for isolate-user-VLAN
application
III. Forward packets to Switch A
1)
When packets sent by PC reached Ethernet1/0/4,
the default VLAN ID, that is, the VLAN tag of VLAN 3 is automatically added to
the packets.
2)
Switch B learns the MAC address of the PC, and
adds it to the MAC address forwarding table of VLAN 3, and at the same time
copies the entry to the MAC address forwarding table of VLAN 5.
3)
Because Ethernet1/0/1 belongs to VLAN 3, the
packets from VLAN 3 can pass through it, and Ethernet1/0/1 automatically
removes the tag of VLAN 3, so that packets reaching Switch A is without the
VLAN tag.
IV. Receive and forward packets from Switch A
1)
When packets coming from Switch A (the packets
are configured to be without VLAN tag) reach to port Ethernet1/0/1 of Switch B,
the packets are automatically added with default VLAN ID, that is, the tag of
VLAN 5.
2)
According to the MAC address forwarding table
copied in the outbound process, the system will find the egress port being
Ethernet1/0/4.
3)
Because Ethernet1/0/4 belongs to VLAN 5, packets
can pass through it normally, and at the same time, Ethernet1/0/4 removes the
VLAN tag of the packets. So that the PC receives packets without VLAN tag.
Table 2-1
isolate-user-VLAN configuration tasks
You can use
the following commands to create an isolate-user-VLAN for a switch.
Table 2-2
Configure an isolate-user-VLAN
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a VLAN and enter VLAN view
|
vlan vlan-id
|
Required
|
|
Set the VLAN type to isolate-user-VLAN
|
isolate-user-vlan
enable
|
Required
|
Caution:
l
Multiple isolate-user-VLANs can be configured
for a switch.
l
With GVRP function enabled, a switch
cannot be enabled with isolate-user-VLAN function.
l
isolate-user-VLAN does not forward multicast
services data.
l
The isolate-user-VLAN function and super VLAN
function cannot be enabled simultaneously for a VLAN. If a VLAN is specified as
an isolate-user-VLAN or a secondary VLAN, you cannot configure it as a super
VLAN or a sub VLAN additionally.
Configuring a secondary VLAN is the same
as configuring an ordinary VLAN.
Table 2-3
Configure secondary VLAN
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Create a secondary VLAN
|
vlan vlan-id
|
Required
|
In order to transmit packets normally, all ports
included in the isolate-user-VLAN and the secondary VLAN must be hybrid ports,
and all ports must perform untag operation on all VLAN packets.
Table 2-4
Add ports to isolate-user-VLAN and secondary VLAN
and configure the ports to untag packets
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type
interface-number
|
—
|
|
Configure a port as a hybrid port
|
port link-type hybrid
|
Required
|
|
Add a port to the isolate-user-VLAN and the
secondary VLAN
|
port hyrbrid vlan vlan-id untagged
|
Required
|
|
Configure the default VLAN ID of a port
|
port hybrid pvid vlan vlan-id
|
Required
|
Caution:
When you use the port
hybrid pvid vlan command to configure the default VLAN ID for a port, you
need to specify the vlan-id as a secondary VLAN for a downlink port and
specify the vlan-id an isolate-user-VLAN for an uplink port.
You can use the following command to establish
the mapping relationship between an isolate-user-VLAN and a secondary VLAN.
Table 2-5
Configure isolate-user-VLAN-to-secondary VLAN
mapping
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the mapping relationship
between an isolate-user-VLAN and a secondary VLAN
|
isolate-user-vlan vlan-id secondary vlan-list
|
Required
|
Caution:
An
isolate-user-VLAN can establish mapping relationship with multiple secondary
VLAN, however, a secondary VLAN can establish mapping relationship with only
one isolate-user-VLAN.
After the above configurations, you can
execute the display command in any view to view the running status of the
isolate-user-VLAN and verify the configuration effect.
Table 2-6
Display isolate-user-VLAN configuration
|
Operation
|
Command
|
Description
|
|
Display the mapping relationship between
the isolate-user-VLAN and the secondary VLAN
|
display isolate-user-vlan [ vlan-id ]
|
The display command can be
executed in any view.
|
I. Network requirements
l
Switch A connects with Switch B and Switch C.
For Switch A, packets from Switch B and Switch C are without VLAN tag, so that
Switch A needs not to consider the VLAN configurations of the lower layer
switches.
l
VLAN 5 on Switch B is an isolate-user-VLAN which
includes the uplink port Ethernet1/0/1 and two secondary VLANs: VLAN 2 and VLAN
3. VLAN 3 includes port Ethernet1/0/2, and VLAN 2 includes port Ethernet1/0/5.
l
VLAN 6 on Switch C is an isolate-user-VLAN which
includes the uplink port Ethernet1/0/1 and two secondary VLANs: VLAN 3 and VLAN
4. VLAN 3 includes port Ethernet1/0/3, and VLAN 4 includes port Ethernet1/0/4.
II. Network diagram
Figure 2-2 Diagram for isolate-user-VLAN
configuration
III. Configuration procedure
l
Configure Switch B
# Configure the isolate-user-VLAN
<SwitchB> system-view
[SwitchB] vlan 5
[SwitchB-vlan5] isolate-user-vlan
enable
# Configure the secondary VLAN.
[SwitchB-vlan5] quit
[SwitchB] vlan 3
[SwitchB-vlan3] quit
[SwitchB] vlan 2
# Add port Ethernet1/0/2 to the
isolate-user-VLAN and the secondary VLAN, and configure the port to untag the
VLAN packets.
[SwitchB-vlan2] quit
[SwitchB] interface Ethernet 1/0/2
[SwitchB-Ethernet1/0/2] port
link-type hybrid
