Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
0
Helpful
4
Replies

Connecting a PC in the voice subnet

Go to solution
aminhaq
Level 1
Level 1

‎01-19-2009 08:51 AM - edited ‎03-17-2019 09:36 PM

I want to remove the data vlan from the switch port and leave only voice vlan to have the ip phone only communication from that port due to some security issue.

Can anyone still be able to connect a PC to the voice subnet and access the network?

If yes, what is the best practice to protect that unwanted PC access?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicholas Matthews
Level 9
Level 9
In response to aminhaq

‎01-19-2009 11:12 AM

Avaya has probably hijacked the CDP protocol.

If you do a sniffer, I'll bet you'll see Avaya picking up on the CDP.

This is the only way for the voice VLAN to be advertised, so it's not too much of a mystery.

hth,

nick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nicholas Matthews
Level 9
Level 9

‎01-19-2009 09:00 AM

You can give it a 'switchport access vlan x' that does not have connectivity.

By default, the access vlan will be VLAN 1.

When you configure 'switchport voice vlan', this information is communicated to the IP phone using CDP.

Unless the PC has been hacked to support CDP, it will not gain access to the voice vlan.

You can enable port security:

interface FastEthernet0/5

switchport access vlan 200

switchport mode access

switchport voice vlan 233

switchport port-security

switchport port-security mac-address sticky

spanning-tree portfast

This would be an example where VLAN 200 doesn't have an SVI (no connectivity), and 233 is the voice vlan.

This will give only the phone (whatever MAC registers first) access.

hth,

nick

0 Helpful

Go to solution
aminhaq
Level 1
Level 1
In response to Nicholas Matthews

‎01-19-2009 09:47 AM

Hi Nick,

Thanks for your answer.

This raised another question in my mind though. As the voice vlan works on CDP, how the Avaya phones are communicating the voice vlans as our phones are Avaya phones and switch is Cisco Cat 4500?

0 Helpful

Go to solution
Nicholas Matthews
Level 9
Level 9
In response to aminhaq

‎01-19-2009 11:12 AM

Avaya has probably hijacked the CDP protocol.

If you do a sniffer, I'll bet you'll see Avaya picking up on the CDP.

This is the only way for the voice VLAN to be advertised, so it's not too much of a mystery.

hth,

nick

0 Helpful

Go to solution
aminhaq
Level 1
Level 1
In response to Nicholas Matthews

‎01-19-2009 12:23 PM

Hehe, no doubt that Avaya has hijacked a lot of VoIP setup as Aruba did for Wireless.

I came to know that Avaya phones depends on DHCP for their initiation to the network, so, we can't disable the data vlan (In this case DHCP server has to be specifically configured)

0 Helpful
Customers Also Viewed These Support Documents