CLI Guide

Table Of Contents
Layer 2 Switching Commands 909
Voice VLAN information is transmitted to the phone via LLDP-MED in the
Network Policy TLV (Application Type Voice, Tagged Yes, …). Voice VLAN
information is transmitted to the phone via CDP in the Appliance VLAN
TLV. The voice VLAN must be configured on the switch and must be
different than the data VLAN. The configured or default priority is sent to
the phone Class of Service (CoS) TLV. The trust status is sent to the phone
via CDP in the Extended trust TLV. The configured or default priority/DSCP
is sent to the phone via LLDP in the MED TLVs. LLDP and CDP packets are
exchanged regardless of the 802.1X authentication state.
In authentication host-mode multi-domain-multi-host, a voice packet is
switched based on the source MAC address of the IP phone. If override
authentication is enabled, voice packets received are switched regardless of
the 802.1X authentication state. Likewise, voice packets from the switch are
transmitted over the port regardless of the 802.1x authentication state when
the override option is enabled.
In authentication host-mode multi-domain-multi-host, the switch identifies
a device as a voice device when an Access-Accept is received from the AAA
service with the proprietary VSA device-traffic-class = voice.
When 802.1X authenticates a device onto the voice VLAN, the device is also
allowed access over the data VLAN for approximately thirty seconds after
authentication succeeds. This allows the device to learn the voice VLAN via
non-standard mechanism such as DHCP, HTTP or TFTP.
If trust mode is disabled, the switch remarks the priority and/or DSCP value
of received voice VLAN packets to the configured or default values (priority 5
and DSCP 46). If trust mode is enabled, voice packets are not remarked.
If trust mode is disabled, the switch classifies the voice packets into CoS
queue 2. If trust mode is enabled, voice packets are classified per the switch
configuration.
Use of the override authentication option allows packets to flow over the
voice VLAN regardless of the AAA authentication status. The switch cannot
distinguish among voice and other packets in the voice VLAN. Use of this
option should be carefully considered as it may allow malevolent users
unrestricted access to network resources, particularly if authentication host-
mode multi-domain-multi-host is not enabled.