Security mode and normal mode of voice VLANs

Depending on the incoming packet filtering mechanisms, a voice VLAN-enabled port can operate in one of the following modes:

In a safe network, you can configure the voice VLANs to operate in normal mode to reduce the system resource consumption in source MAC address checking.


[TIP: ]

TIP:

As a best practice, do not transmit both voice traffic and non-voice traffic in a voice VLAN. If you must transmit different traffic in a voice VLAN, make sure the voice VLAN security mode is disabled.


Table 14: Packet processing on a voice VLAN-enabled port in normal and security mode

Voice VLAN mode

Packet type

Packet processing

Normal

Untagged packets or packets with the voice VLAN tags

The port does not examine the source MAC addresses of incoming packets. Both voice traffic and non-voice traffic can be transmitted in the voice VLAN.

Packets with other VLAN tags

Forwarded or dropped depending on whether the port allows packets from these VLANs to pass through.

Security

Untagged packets or packets with the voice VLAN tags

  • If the source MAC address of a packet matches an OUI address on the device, the packet is forwarded in the voice VLAN.

  • If the source MAC address of a packet does not match an OUI address on the device, the packet is dropped.

Packets with other VLAN tags

Forwarded or dropped depending on whether the port allows packets from these VLANs to pass through.