Specifications

Engineering Guidelines

256

• It can specifically deny access to certain recognized devices, e.g. most unknown devices

might go to a guest VLAN, but certain rogue devices will be specifically blocked. In this

mode, the port may be set to simply deny access, or to shut the port down.

Shutting down a port is a good way to restrict access, but it will also affect the operation of the

phone, or any other device, attached to this port.

The MiVoice IP Phones will obtain the VLAN information via CDP, if available. In this case, the

phone will not need to use the double fetch method via DHCP; the first DHCP request will be

on the voice VLAN with tagged frames.

Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan dynamic

Switch(config-if)# switchport voice vlan 2

Switch(config-if)# mls qos trust cos

Switch(config-if)# mls qos cos 5

Switch(config-if)# wrr-queue cos-map 4 5

Switch(config-if)# priority-queue out

Switch(config-if)# spanning-tree portfast

Switch(config-if)# end

Switch#

CAUTION: Shutting down a port could be considered a form of denial of

service. Simply plugging a rogue PC into a number of network ports could

disable access to legitimate users. Be careful to select the appropriate

settings.