Voice VLAN Technology White paper

Voice VLAN Technology White Paper

Keywords: Voice VLAN, OUI, DHCP

Abstract: This document introduces the basic principles and features of H3C voice VLAN, and
covers the points that require special attention during voice VLAN configuration
procedures.

Acronyms

Acronym Full Spelling

OUI Organizationally Unique Identifier

Hangzhou H3C Technologies Co., Ltd. 1/16

 Voice VLAN Technology White paper

Table of Contents

1 Overview......................................................................................................................................... 3
1.1 Background.......................................................................................................................... 3
1.2 Benefits ................................................................................................................................ 3

2 Voice VLAN Implementation .......................................................................................................... 4

2.1 Concepts.............................................................................................................................. 4
2.2 Voice VLAN Mechanism ...................................................................................................... 4
2.2.1 Voice VLAN Implementation on H3C Series Switches ............................................. 4
2.2.2 Port–IP Phone Cooperation ...................................................................................... 6
2.2.3 Extended Functions of Voice VLAN ........................................................................ 12
2.3 Voice VLAN Configuration Guidelines ............................................................................... 13
2.3.1 Guidelines for Using Voice VLAN in Conjunction with Other VLAN Functions....... 13
2.3.2 Guidelines for Using Voice VLAN in Conjunction with Other Functions ................. 14

3 Technical Characteristics ............................................................................................................. 15

4 Application Scenarios ................................................................................................................... 15

4.1 Voice VLAN Networking in an Office Area ........................................................................ 15

Hangzhou H3C Technologies Co., Ltd. 2/16

 Voice VLAN Technology White paper

1 Overview

1.1 Background

With the development of voice technologies, IP phones and IAD devices have been
widely used. It is common now that voice and data are transmitted simultaneously
over the same network. This is especially true of residential broadband networks. As
voice traffic is delay and jitter sensitive, it requires higher priority over data traffic to
reduce delay and packet loss during transmission.

A traditional method to raise the priority of voice traffic is to identify voice traffic with
ACLs and use QoS to guarantee its transmission quality. To simplify configuration
procedures and better manage voice transmission policies, H3C series switches
provide the voice VLAN function. The idea is to identify voice traffic by the source
MAC addresses of packets and transmit the voice traffic in a dedicated VLAN, called
the voice VLAN.

1.2 Benefits

Compared to using ACLs to identify voice traffic and using QoS to guarantee voice
quality, voice VLAN has the following advantages in managing voice traffic:

z Simple configuration

With voice VLAN, you do not have to handle complicated Layer-2 ACLs and QoS
configuration worrying about ACL rule match order or issues accompanying applying
ACL rules to ports. What you need to do to identify and process voice traffic is making
some simple configurations globally and on the specified ports.

z Convenient maintenance

You can modify voice traffic matching rules (that is, recognizable voice device
vendors’ OUIs) globally. Thus, when a new IP voice device is attached to the network,
each port can identify the voice traffic based on the latest matching rules. This does
not require new lay-2 ACLs or QoS policies.

z Flexible implementation

Compared to ACLs/QoS configuration, which is completely manual and static, voice

Hangzhou H3C Technologies Co., Ltd. 3/16

 Voice VLAN Technology White paper

VLAN provides two global modes (security and normal) and two port-level voice
VLAN assignment modes (automatic and manual). You are allowed to combine these
modes as needed, achieving flexibility.

2 Voice VLAN Implementation

2.1 Concepts
z Voice VLAN: A VLAN dedicated to transmitting voice traffic. It also refers to an
access-layer voice traffic identification and distribution function provided by H3C.
z OUI address: An address range as the result of the AND operation of a MAC
address and an address mask, used to identify the packets sent from the voice
devices of a specific vendor.

2.2 Voice VLAN Mechanism

2.2.1 Voice VLAN Implementation on H3C Series Switches

An H3C switch determines whether a received packet is a voice packet by checking

its source MAC address. A packet whose source MAC address matches an OUI in
the OUI list maintained by the switch is regarded as a voice packet. By default, a
switch is configured with the five OUI addresses shown in Table 1 .

Table 1 Default OUI addresses preconfigured on the switch

No. OUI Address Vendor

1 0003-6b00-0000 Cisco phone

2 000f-e200-0000 H3C Aolynk phone

3 00d0-1e00-0000 Pingtel phone

4 00e0-7500-0000 Polycom phone

5 00e0-bb00-0000 3Com phone

When assigning a packet to the voice VLAN, the switch assigns a priority higher than
data traffic to the packet, thus guaranteeing voice quality.

A port can be assigned to the voice VLAN in one of the following two modes:

Hangzhou H3C Technologies Co., Ltd. 4/16

 Voice VLAN Technology White paper

z In automatic mode, the port is assigned to the voice VLAN automatically once a
voice packet is detected. As soon as the port is assigned to the voice VLAN, an
aging timer starts. If no recognizable voice traffic has been received before the
timer expires, the port is removed from the voice VLAN.
z In manual mode, you should assign the port to the voice VLAN manually.

You are recommended to use the automatic voice VLAN assignment mode on ports
providing access for both voice and data traffic, for example, on ports providing
access for serially connected IP phones and PCs, as shown in Figure 1 . Thus, when
voice traffic is received, the ports can transmit voice traffic preferentially; when there
is no voice traffic, the ports process data traffic exclusively.

Figure 1 Network where a port provides access for a serially connected IP phone and PC

You are recommended to manually assign to the voice VLAN ports dedicated to
transmitting voice traffic, for example, ports connected to IP phones only, as shown in
Figure 2 . This can avoid the impact of data traffic on the transmission of voice traffic.

Voice gateway

Switch

IP Phone IP Phone

Figure 2 Network where a port provides access for an IP phone only

When configuring the voice VLAN feature, the most important issue is to ensure that
tagged/untagged voice traffic from IP phones can be transmitted properly on different
types of ports (access, trunk, and hybrid) operating in different combined modes of
voice VLAN. The following sections will discuss in detail how to use these modes

Hangzhou H3C Technologies Co., Ltd. 5/16

 Voice VLAN Technology White paper

together.

2.2.2 Port–IP Phone Cooperation

1. How an IP phone work

Like other network devices, an IP phone requires an IP address for communicating

with other devices in the network. An IP phone obtains an IP address in one of the
following two ways:

z DHCP
z Manual configuration

When an IP phone obtains an IP address from a DHCP server, it can also request
voice VLAN information from the DHCP server. If the DHCP server returns voice
VLAN information, the IP phone sends voice traffic carrying the voice VLAN tag
(referred to as tagged voice traffic); if the DHCP server does not return voice VLAN
information, the IP phone sends voice traffic without any VLAN tag (referred to as
untagged voice traffic).

Similarly, an IP phone obtaining an IP address through manual configuration sends

tagged voice traffic or untagged voice traffic depending on whether you have
configured voice VLAN information when configuring an IP address for the IP phone
manually.

Hangzhou H3C Technologies Co., Ltd. 6/16

 Voice VLAN Technology White paper

2. How an IP phone obtains an IP address automatically

DHCP Software DHCP

IP Phone Voice gateway
server1 download server server2

DHCP
re
with op quest
tion 18
1 4

2 se with
respon ding
DHCP clu
184 in
(
option L A N ID)
Voic e V
3 Download Request
4 Download Software
5 Release IP
6 DHCP request in vo
ice VLAN

7
8 Phone registration

Figure 3 How an IP phone obtains an IP address automatically

As shown in Figure 3 , an IP phone generally obtains an IP address and the voice

VLAN information through DHCP in the following steps:

(1) The IP phone sends an untagged DHCP request with option 184 to ask for the
address of the software download server (also called the network call processor,
NCP) and voice VLAN information.
(2) When DHCP server 1 receives the request, it allocates an IP address to the IP
phone according to its own configuration, and in the meantime, replies with the
voice VLAN information, the software download server address and other
Option 184 information.
(3) The IP phone sends a download request to the software download server.
(4) The software download server responds to the download request from the IP
phone and sends the software to the IP phone.
(5) When the downloading is completed, the IP phone notifies DHCP server 1 to
release the IP address obtained earlier.
(6) With the voice VLAN information obtained from DHCP server 1, the IP phone
generates a voice VLAN-tagged DHCP request and broadcasts it within the
voice VLAN.

Hangzhou H3C Technologies Co., Ltd. 7/16

 Voice VLAN Technology White paper

(7) When DHCP server 2 in the voice VLAN receives the request, it allocates a new
IP address to the IP phone according to its own address pool configuration.
(8) The IP phone uses its new IP address to register with the voice gateway and
starts the voice communication.

Note:
The above steps describe how an IP phone obtains IP address in general. However,
IP phones from different vendors may work differently. For more details, refer to the
corresponding user guide.

3. Configuring different types of ports to handle tagged voice traffic

An IP phone can send tagged voice traffic only after it has obtained voice VLAN
information through DHCP or manual configuration. For tagged voice traffic to be
transmitted correctly in the voice VLAN without affecting other types of traffic, you
must configure different types of ports correctly.

(1) Working process of an IP phone obtaining voice VLAN information automatically

DHCP Software DHCP
Voice gateway
server1 download server server2

3
4
5
6

7
8

Figure 4 Working process of an IP phone obtaining the voice VLAN information automatically

In Figure 4 and Figure 3 , you can see:

Hangzhou H3C Technologies Co., Ltd. 8/16

 Voice VLAN Technology White paper

z The traffic represented by the red lines requires to be transmitted within the
default VLAN of the switch’s receiving port. In addition, the traffic transmitted
between the IP phone and the switch is untagged.
z The traffic represented by the blue lines requires to be transmitted within the
voice VLAN. The traffic transmitted between the IP phone and the switch is
tagged.
(2) Working process of an IP phone with manually configured voice VLAN
information

Different from an IP phone obtaining voice VLAN information automatically, an IP

phone with manually configured voice VLAN information skips the process of
requesting an IP address from DHCP server 1 in the default VLAN. It always sends
and receives voice VLAN-tagged voice traffic (represented by the blue lines in Figure
5 ). An IP phone with the manually configured IP address and voice VLAN information
skips step 1 and step 2 in Figure 5 . It registers with the voice gateway directly and
then starts the voice communication.

DHCP Software DHCP

IP Phone Voice gateway
server1 download server server2

2
3

Figure 5 Working process of an IP phone with manually configured voice VLAN information

Therefore, to handle tagged voice traffic, the port connected to an IP phone must
meet the requirements described in the following table.

Hangzhou H3C Technologies Co., Ltd. 9/16

 Voice VLAN Technology White paper

Table 2 Configuration requirements for a port to handle tagged voice traffic

VLAN
Port type Supported or not assignment Requirements
mode

Not supported. Because

the port is required to send
Access tagged traffic, it cannot be — —
configured as an access
port.

Configure the default VLAN

for the port and assign the
Automatic port to the default VLAN; the
default VLAN cannot be the
Trunk Supported voice VLAN.

In addition to the requirements

for the automatic mode, you
Manual
should assign the port to the
voice VLAN.

Configure the default VLAN

for the port and assign the
port to the default VLAN in
Auto
untagged mode. The default
VLAN cannot be the voice
Hybrid Supported VLAN.

In addition to the requirements

for the automatic mode, you
Manual
should assign the port to the
voice VLAN in tagged mode.

Note:
If you have manually configured voice VLAN information for the IP phone, whether to
assign the access port to its default VLAN depends on whether a common PC is
connected to the port. If a PC is connected, assign the port to the default VLAN for
data transmission. If not, you are not required to do that.

4. Configuring different types of ports to handle untagged voice traffic

An IP phone sends and receives untagged voice traffic under the following two
conditions:

Hangzhou H3C Technologies Co., Ltd. 10/16

 Voice VLAN Technology White paper

z The IP phone has obtained an IP address automatically but no voice VLAN

information yet.
z You have manually configured an IP address but no voice VLAN information for
the IP phone.
DHCP Software DHCP
IP Phone Voice gateway
server1 download server server2

3
4
5

Figure 6 Working process of an IP phone sending untagged voice traffic

The working processes of an IP phone under the above-mentioned two conditions are
the same except that the IP phone with a manually configured IP address does not
need to apply for an IP address by taking step 1 and step 2 described in Figure 6 .

To handle untagged voice traffic on a port connected to an IP phone, you must do the
following on the port:

z To receive untagged packets, configure the default VLAN for the receiving port
and assign the port to the default VLAN.
z To receive untagged voice traffic, configure the default VLAN as the voice
VLAN. This is the same as manually assigning a port to the voice VLAN.

Therefore, to handle untagged voice traffic on a port, you must set its voice VLAN
assignment mode to manual, as shown in the following table.

Table 3 Configuration requirements for a port to handle untagged voice traffic

Port type Supported or not Requirements

Access Supported Configure the default VLAN as the voice VLAN.

Configure the default VLAN as the voice VLAN, and

Trunk Supported
assign the port to the VLAN.

Configure the default VLAN as the voice VLAN, and

Hybrid Supported
assign the port to the VLAN in untagged mode.

Hangzhou H3C Technologies Co., Ltd. 11/16

 Voice VLAN Technology White paper

2.2.3 Extended Functions of Voice VLAN

1. Self-defining OUI address

By default, five OUI addresses are configured on a switch, as shown in Table 1 . You
can also configure OUI addresses as required and modify the mask of a pre-defined
OUI address to modify its matching scope.

2. Security mode and normal mode for voice VLAN

The automatic mode and manual mode described earlier only apply to the process of
assigning a port to the voice VLAN. After a port is assigned to the voice VLAN, the
switch receives and forwards all voice VLAN-tagged traffic without matching the
source MAC address of each received packet against its OUI list. For a port in the
manual mode with the default VLAN as the voice VLAN, any untagged packet can be
transmitted in the voice VLAN. This makes the voice VLAN vulnerable to flow attacks,
because malicious users can create a large amount of voice VLAN-tagged packets to
consume the voice VLAN bandwidth, affecting normal voice communication.

H3C series switches provide the security mode for voice VLAN to address this
problem. When the voice VLAN works in security mode, the switch checks the source
MAC address of each packet to enter the voice VLAN and drops the packets whose
source MAC addresses do not match the OUI list. However, checking packets
occupies lots of system resources. Therefore, in a relatively safe network, you can
configure the voice VLAN to operate in normal mode.

The following table presents how a packet is handled when the voice VLAN is
operating in security mode and normal mode.

Table 4 How a packet is handled when the voice VLAN is operating in different modes

Voice VLAN
Packet Type Processing Method
Mode

Untagged packet If the source MAC address of the packet

matches the OUI list, the packet is
Packet carrying the voice transmitted in the voice VLAN. Otherwise,
VLAN tag the packet is dropped.
Security
The packet is forwarded or dropped based
on whether the receiving port is assigned to
Packet carrying any other
the carried VLAN. The processing method is
VLAN tag
irrelevant to the voice VLAN mode (security
or normal).

Hangzhou H3C Technologies Co., Ltd. 12/16

 Voice VLAN Technology White paper

Voice VLAN
Packet Type Processing Method
Mode

Untagged packet The source MAC address of the packet is

not checked. All such packets can be
Packet carrying the voice
transmitted in the voice VLAN.
VLAN tag
Normal The packet is forwarded or dropped based
on whether the port is assigned to the
Packet carrying any other
carried VLAN. The processing method is
VLAN tag
irrelevant to the voice VLAN mode (security
or normal).

3. Voice VLAN legacy function

IP phones of some vendors may use methods other than DHCP to request voice
VLAN information from devices in the network. To deal with these IP phones, you can
enable the voice VLAN legacy function, which enables the switch to identify requests
from this type of IP phones and return the local voice VLAN configuration.

Note:
For information on how an IP phone obtains voice VLAN information, refer to its
accompanying user guide.

2.3 Voice VLAN Configuration Guidelines

2.3.1 Guidelines for Using Voice VLAN in Conjunction with Other VLAN
Functions

1. Cluster management VLAN or multicast VLAN

When you configure a VLAN as the voice VLAN and a cluster management VLAN at
the same time, the VLAN transmits only voice traffic if the security mode is enabled.
In this case, you should disable the security mode.

Similarly, when you configure a VLAN as the voice VLAN and a multicast VLAN at the
same time, the VLAN transmits only voice traffic when the security mode is enabled.
In this case, you should disable the security mode.

Hangzhou H3C Technologies Co., Ltd. 13/16

 Voice VLAN Technology White paper

2. Super VLAN

Do not configure a VLAN as the voice VLAN and a Super VLAN at the same time.
Otherwise, you cannot assign any port to the VLAN because you cannot assign any
port to a Super VLAN.

3. Protocol VLAN

z To use a VLAN as a protocol VLAN and the voice VLAN at the same time,
ensure that the voice VLAN assignment mode on the port to be associated with
the protocol VLAN is not automatic mode. In automatic mode, the port cannot
be assigned to the voice VLAN manually and thus can cause your attempt to
associate the protocol VLAN with the port to fail.
z Do not associate a voice VLAN-enabled port with a protocol VLAN that contains
an IP protocol template. Doing so can cause all IP traffic, including the voice
traffic to be transmitted in the protocol VLAN, if the protocol VLAN is not the
same as the voice VLAN.

4. Isolate-user-VLAN

You cannot configure a VLAN as the voice VLAN and an isolate-user VLAN at the
same time.

5. GVRP

Do not configure the GVRP registration mode as forbidden on a voice VLAN port.

If you configure GVRP on a trunk port in the voice VLAN and set the registration
mode to forbidden, the port can receive only the traffic of the default VLAN. As a
result, the voice traffic cannot be forwarded normally.

2.3.2 Guidelines for Using Voice VLAN in Conjunction with Other Functions

1. LACP

Disable the Link Aggregation Control Protocol (LACP) on the port where you want to
enable voice VLAN.

2. Manually configured MAC addresses

On a voice VLAN port, if you have configured a MAC address table entry (dynamic or

Hangzhou H3C Technologies Co., Ltd. 14/16

 Voice VLAN Technology White paper

static) for a maintained OUI in a VLAN rather than the voice VLAN, the voice traffic
from the OUI will be unable to trigger the voice VLAN port to join the voice VLAN.

3 Technical Characteristics
The voice VLAN function delivered by H3C provides a safe and convenient intra-LAN
IP voice access solution by:

z Identifying voice packets by their source MAC addresses, which is safe and
reliable. By raising the priority of the voice packets automatically, voice quality is
guaranteed.
z Providing the automatic and manual voice VLAN assignment modes to
accommodate different networking scenarios.
z Providing the security mode to strictly match voice packets, thus effectively
fending off flow attacks on the voice VLAN.

4 Application Scenarios

4.1 Voice VLAN Networking in an Office Area

Internet
XE SIP
Server

Router

Switch A
Core switch
(DHCP Server)

Office area
Switch B

Meeting room 1 Meeting room 2

Figure 7 Network diagram for voice VLAN networking in an office area

As shown in Figure 7 , you can deploy IP phones in the office area and meeting

Hangzhou H3C Technologies Co., Ltd. 15/16

 Voice VLAN Technology White paper

rooms. Serially connect each IP phone in the office area to a PC and then connect
them to an access switch, whereas each IP phone in the meeting rooms accesses a
switch independently. Use a DHCP option 184-capable H3C switch as the DHCP
server to allocate IP addresses and voice VLAN information to the IP phones.

For typical voice VLAN configuration, refer to H3C Low-End Ethernet Switches
Configuration Examples.

Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of

Hangzhou H3C Technologies Co., Ltd.

The information in this document is subject to change without notice.

Hangzhou H3C Technologies Co., Ltd. 16/16