Users Guide
VLANs 809
console(config)#spanning-tree mode rapid-pvst
4
Create VLAN 2 for voice traffic. All switches must be configured
identically for the voice VLAN.
console(config)#vlan 2
console(config-vlan-2)#exit
5
Enable voice VLAN globally.
console(config)#voice vlan
6
Configure the VoIP phone connected port as follows:
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#switchport mode access
console(config-if-Gi2/0/11)#voice vlan 2
console(config-if-Gi2/0/11)#exit
7
Configure CoS queue 2 as strict. By default, the VoIP phone sends voice
traffic with 802.1p priority 5, which is mapped to egress queue 2 by
default.
console(config)#cos-queue strict 2
8
Configure an ACL to rate-limit the voice traffic in case of DoS attacks and
apply the ACL on the port-channel interfaces. The administrator should
consider applying this configuration to all perimeter ports.
console(config)#mac access-list extended dot1p-5-limit
console(config-mac-access-list)#1000 permit any any cos 5
console(config-mac-access-list)#rate-limit 1024 128
console(config-mac-access-list)#1010 permit any any
console(config-mac-access-list)#exit
console(config)#interface Gi2/0/11
console(config-if-Gi2/0/11)#mac access-group dot1p-5-limit in
100
console(config-if-Gi2/0/11)#exit
NOTE: Spanning-tree status is shown accurately on the MLAG primary switch
and on the partner switches. On the MLAG secondary switch, interfaces may
show as spanning-tree disabled, but will remain in and are shown in the
forwarding state.