Abstract: This document introduces the basic principles and features of H3C voice VLAN, and
covers the points that require special attention during voice VLAN configuration
procedures.
Acronyms
Table of Contents
1 Overview......................................................................................................................................... 3
1.1 Background.......................................................................................................................... 3
1.2 Benefits ................................................................................................................................ 3
1 Overview
1.1 Background
With the development of voice technologies, IP phones and IAD devices have been
widely used. It is common now that voice and data are transmitted simultaneously
over the same network. This is especially true of residential broadband networks. As
voice traffic is delay and jitter sensitive, it requires higher priority over data traffic to
reduce delay and packet loss during transmission.
A traditional method to raise the priority of voice traffic is to identify voice traffic with
ACLs and use QoS to guarantee its transmission quality. To simplify configuration
procedures and better manage voice transmission policies, H3C series switches
provide the voice VLAN function. The idea is to identify voice traffic by the source
MAC addresses of packets and transmit the voice traffic in a dedicated VLAN, called
the voice VLAN.
1.2 Benefits
Compared to using ACLs to identify voice traffic and using QoS to guarantee voice
quality, voice VLAN has the following advantages in managing voice traffic:
z Simple configuration
With voice VLAN, you do not have to handle complicated Layer-2 ACLs and QoS
configuration worrying about ACL rule match order or issues accompanying applying
ACL rules to ports. What you need to do to identify and process voice traffic is making
some simple configurations globally and on the specified ports.
z Convenient maintenance
You can modify voice traffic matching rules (that is, recognizable voice device
vendors’ OUIs) globally. Thus, when a new IP voice device is attached to the network,
each port can identify the voice traffic based on the latest matching rules. This does
not require new lay-2 ACLs or QoS policies.
z Flexible implementation
VLAN provides two global modes (security and normal) and two port-level voice
VLAN assignment modes (automatic and manual). You are allowed to combine these
modes as needed, achieving flexibility.
2.1 Concepts
z Voice VLAN: A VLAN dedicated to transmitting voice traffic. It also refers to an
access-layer voice traffic identification and distribution function provided by H3C.
z OUI address: An address range as the result of the AND operation of a MAC
address and an address mask, used to identify the packets sent from the voice
devices of a specific vendor.
When assigning a packet to the voice VLAN, the switch assigns a priority higher than
data traffic to the packet, thus guaranteeing voice quality.
A port can be assigned to the voice VLAN in one of the following two modes:
z In automatic mode, the port is assigned to the voice VLAN automatically once a
voice packet is detected. As soon as the port is assigned to the voice VLAN, an
aging timer starts. If no recognizable voice traffic has been received before the
timer expires, the port is removed from the voice VLAN.
z In manual mode, you should assign the port to the voice VLAN manually.
You are recommended to use the automatic voice VLAN assignment mode on ports
providing access for both voice and data traffic, for example, on ports providing
access for serially connected IP phones and PCs, as shown in Figure 1 . Thus, when
voice traffic is received, the ports can transmit voice traffic preferentially; when there
is no voice traffic, the ports process data traffic exclusively.
Figure 1 Network where a port provides access for a serially connected IP phone and PC
You are recommended to manually assign to the voice VLAN ports dedicated to
transmitting voice traffic, for example, ports connected to IP phones only, as shown in
Figure 2 . This can avoid the impact of data traffic on the transmission of voice traffic.
Voice gateway
Switch
IP Phone IP Phone
When configuring the voice VLAN feature, the most important issue is to ensure that
tagged/untagged voice traffic from IP phones can be transmitted properly on different
types of ports (access, trunk, and hybrid) operating in different combined modes of
voice VLAN. The following sections will discuss in detail how to use these modes
together.
z DHCP
z Manual configuration
When an IP phone obtains an IP address from a DHCP server, it can also request
voice VLAN information from the DHCP server. If the DHCP server returns voice
VLAN information, the IP phone sends voice traffic carrying the voice VLAN tag
(referred to as tagged voice traffic); if the DHCP server does not return voice VLAN
information, the IP phone sends voice traffic without any VLAN tag (referred to as
untagged voice traffic).
DHCP
re
with op quest
tion 18
1 4
2 se with
respon ding
DHCP clu
184 in
(
option L A N ID)
Voic e V
3 Download Request
4 Download Software
5 Release IP
6 DHCP request in vo
ice VLAN
7
8 Phone registration
(1) The IP phone sends an untagged DHCP request with option 184 to ask for the
address of the software download server (also called the network call processor,
NCP) and voice VLAN information.
(2) When DHCP server 1 receives the request, it allocates an IP address to the IP
phone according to its own configuration, and in the meantime, replies with the
voice VLAN information, the software download server address and other
Option 184 information.
(3) The IP phone sends a download request to the software download server.
(4) The software download server responds to the download request from the IP
phone and sends the software to the IP phone.
(5) When the downloading is completed, the IP phone notifies DHCP server 1 to
release the IP address obtained earlier.
(6) With the voice VLAN information obtained from DHCP server 1, the IP phone
generates a voice VLAN-tagged DHCP request and broadcasts it within the
voice VLAN.
(7) When DHCP server 2 in the voice VLAN receives the request, it allocates a new
IP address to the IP phone according to its own address pool configuration.
(8) The IP phone uses its new IP address to register with the voice gateway and
starts the voice communication.
Note:
The above steps describe how an IP phone obtains IP address in general. However,
IP phones from different vendors may work differently. For more details, refer to the
corresponding user guide.
An IP phone can send tagged voice traffic only after it has obtained voice VLAN
information through DHCP or manual configuration. For tagged voice traffic to be
transmitted correctly in the voice VLAN without affecting other types of traffic, you
must configure different types of ports correctly.
3
4
5
6
7
8
Figure 4 Working process of an IP phone obtaining the voice VLAN information automatically
z The traffic represented by the red lines requires to be transmitted within the
default VLAN of the switch’s receiving port. In addition, the traffic transmitted
between the IP phone and the switch is untagged.
z The traffic represented by the blue lines requires to be transmitted within the
voice VLAN. The traffic transmitted between the IP phone and the switch is
tagged.
(2) Working process of an IP phone with manually configured voice VLAN
information
2
3
Figure 5 Working process of an IP phone with manually configured voice VLAN information
Therefore, to handle tagged voice traffic, the port connected to an IP phone must
meet the requirements described in the following table.
VLAN
Port type Supported or not assignment Requirements
mode
Note:
If you have manually configured voice VLAN information for the IP phone, whether to
assign the access port to its default VLAN depends on whether a common PC is
connected to the port. If a PC is connected, assign the port to the default VLAN for
data transmission. If not, you are not required to do that.
An IP phone sends and receives untagged voice traffic under the following two
conditions:
3
4
5
The working processes of an IP phone under the above-mentioned two conditions are
the same except that the IP phone with a manually configured IP address does not
need to apply for an IP address by taking step 1 and step 2 described in Figure 6 .
To handle untagged voice traffic on a port connected to an IP phone, you must do the
following on the port:
z To receive untagged packets, configure the default VLAN for the receiving port
and assign the port to the default VLAN.
z To receive untagged voice traffic, configure the default VLAN as the voice
VLAN. This is the same as manually assigning a port to the voice VLAN.
Therefore, to handle untagged voice traffic on a port, you must set its voice VLAN
assignment mode to manual, as shown in the following table.
By default, five OUI addresses are configured on a switch, as shown in Table 1 . You
can also configure OUI addresses as required and modify the mask of a pre-defined
OUI address to modify its matching scope.
The automatic mode and manual mode described earlier only apply to the process of
assigning a port to the voice VLAN. After a port is assigned to the voice VLAN, the
switch receives and forwards all voice VLAN-tagged traffic without matching the
source MAC address of each received packet against its OUI list. For a port in the
manual mode with the default VLAN as the voice VLAN, any untagged packet can be
transmitted in the voice VLAN. This makes the voice VLAN vulnerable to flow attacks,
because malicious users can create a large amount of voice VLAN-tagged packets to
consume the voice VLAN bandwidth, affecting normal voice communication.
H3C series switches provide the security mode for voice VLAN to address this
problem. When the voice VLAN works in security mode, the switch checks the source
MAC address of each packet to enter the voice VLAN and drops the packets whose
source MAC addresses do not match the OUI list. However, checking packets
occupies lots of system resources. Therefore, in a relatively safe network, you can
configure the voice VLAN to operate in normal mode.
The following table presents how a packet is handled when the voice VLAN is
operating in security mode and normal mode.
Table 4 How a packet is handled when the voice VLAN is operating in different modes
Voice VLAN
Packet Type Processing Method
Mode
Voice VLAN
Packet Type Processing Method
Mode
IP phones of some vendors may use methods other than DHCP to request voice
VLAN information from devices in the network. To deal with these IP phones, you can
enable the voice VLAN legacy function, which enables the switch to identify requests
from this type of IP phones and return the local voice VLAN configuration.
Note:
For information on how an IP phone obtains voice VLAN information, refer to its
accompanying user guide.
2.3.1 Guidelines for Using Voice VLAN in Conjunction with Other VLAN
Functions
When you configure a VLAN as the voice VLAN and a cluster management VLAN at
the same time, the VLAN transmits only voice traffic if the security mode is enabled.
In this case, you should disable the security mode.
Similarly, when you configure a VLAN as the voice VLAN and a multicast VLAN at the
same time, the VLAN transmits only voice traffic when the security mode is enabled.
In this case, you should disable the security mode.
2. Super VLAN
Do not configure a VLAN as the voice VLAN and a Super VLAN at the same time.
Otherwise, you cannot assign any port to the VLAN because you cannot assign any
port to a Super VLAN.
3. Protocol VLAN
z To use a VLAN as a protocol VLAN and the voice VLAN at the same time,
ensure that the voice VLAN assignment mode on the port to be associated with
the protocol VLAN is not automatic mode. In automatic mode, the port cannot
be assigned to the voice VLAN manually and thus can cause your attempt to
associate the protocol VLAN with the port to fail.
z Do not associate a voice VLAN-enabled port with a protocol VLAN that contains
an IP protocol template. Doing so can cause all IP traffic, including the voice
traffic to be transmitted in the protocol VLAN, if the protocol VLAN is not the
same as the voice VLAN.
4. Isolate-user-VLAN
You cannot configure a VLAN as the voice VLAN and an isolate-user VLAN at the
same time.
5. GVRP
Do not configure the GVRP registration mode as forbidden on a voice VLAN port.
If you configure GVRP on a trunk port in the voice VLAN and set the registration
mode to forbidden, the port can receive only the traffic of the default VLAN. As a
result, the voice traffic cannot be forwarded normally.
2.3.2 Guidelines for Using Voice VLAN in Conjunction with Other Functions
1. LACP
Disable the Link Aggregation Control Protocol (LACP) on the port where you want to
enable voice VLAN.
On a voice VLAN port, if you have configured a MAC address table entry (dynamic or
static) for a maintained OUI in a VLAN rather than the voice VLAN, the voice traffic
from the OUI will be unable to trigger the voice VLAN port to join the voice VLAN.
3 Technical Characteristics
The voice VLAN function delivered by H3C provides a safe and convenient intra-LAN
IP voice access solution by:
z Identifying voice packets by their source MAC addresses, which is safe and
reliable. By raising the priority of the voice packets automatically, voice quality is
guaranteed.
z Providing the automatic and manual voice VLAN assignment modes to
accommodate different networking scenarios.
z Providing the security mode to strictly match voice packets, thus effectively
fending off flow attacks on the voice VLAN.
4 Application Scenarios
Internet
XE SIP
Server
Router
Switch A
Core switch
(DHCP Server)
Office area
Switch B
As shown in Figure 7 , you can deploy IP phones in the office area and meeting
rooms. Serially connect each IP phone in the office area to a PC and then connect
them to an access switch, whereas each IP phone in the meeting rooms accesses a
switch independently. Use a DHCP option 184-capable H3C switch as the DHCP
server to allocate IP addresses and voice VLAN information to the IP phones.
For typical voice VLAN configuration, refer to H3C Low-End Ethernet Switches
Configuration Examples.
Copyright ©2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of