Hi:

I have a switch that has a data vlan configured and a voice vlan.

data vlan is 341

voice vlan is 546

Here is the config:

==================================================================================

vlan 546

name Avaya_Phone_vlan546

vlan 341

name data_vlan

vlan access-map VOICE 10

action forward

match ip address Avaya_Phones

vlan access-map VOICE 20

action forward

match ip address NETWORK_SERVICES

vlan filter VOICE vlan-list 546

vlan 546

name Avaya_Phone_vlan546

ip access-list extended Avaya_Phones

remark ACL for Avaya traffic

permit udp any range 10000 14001 any range 10000 14001

permit tcp any range 1024 65535 any range 61440 61444

permit udp any range 10000 14001 any eq 5005

permit udp any range 1024 65535 any eq 1719

permit udp any eq 1719 any range 1024 65535

permit tcp any range 1024 65525 any range 1719 1720

permit tcp any range 1719 1720 any range 1024 65525

permit udp any eq 68 any eq 67

permit udp any range 1024 5000 any eq 53

permit tcp any range 1024 5000 any eq 411

permit tcp any range 1024 5000 any eq 80

permit tcp any range 1024 5000 any eq 443

permit tcp any any eq 80

permit tcp any any eq 81

permit udp any any eq 161

permit udp any range 1024 5000 any eq 514

permit tcp any range 1024 5000 any eq 50002

permit udp any any eq 50000

permit udp any any eq 69

permit icmp any any

ip access-list extended NETWORK_SERVICES

remark PIM/HSRP/DHCP

permit pim any any

permit tcp any 10.76.160.0 0.0.31.255 eq 22

permit tcp any 10.76.192.0 0.0.31.255 eq 22

permit tcp any 10.76.160.0 0.0.31.255 eq 21874

permit tcp any 10.76.192.0 0.0.31.255 eq 21874

permit tcp 10.76.160.0 0.0.31.255 eq 22 any

permit tcp 10.76.192.0 0.0.31.255 eq 22 any

permit tcp 10.76.160.0 0.0.31.255 eq 21874 any

permit tcp 10.76.192.0 0.0.31.255 eq 21874 any

permit tcp host 10.76.171.1 any eq smtp

permit tcp host 10.76.179.1 any eq smtp

permit tcp host 10.76.171.1 any eq domain

permit tcp host 10.76.179.1 any eq domain

permit udp host 10.76.179.1 any range 1024 65525

permit udp host 10.76.171.1 any range 1024 65525

permit udp any range 1024 65525 host 10.76.179.1

permit udp any range 1024 65525 host 10.76.171.1

permit udp any eq 1985 any eq 1985

permit udp any eq bootps any eq bootpc

permit udp any eq bootps any eq bootps

permit udp any eq domain any

permit tcp any eq www any

permit icmp any 10.76.160.0 0.0.31.255 echo

permit icmp any 10.76.160.0 0.0.31.255 echo-reply

permit icmp any 10.76.192.0 0.0.31.255 echo

permit icmp any 10.76.192.0 0.0.31.255 echo-reply

permit icmp 10.76.160.0 0.0.31.255 any echo

permit icmp 10.76.160.0 0.0.31.255 any echo-reply

permit icmp 10.76.192.0 0.0.31.255 any echo

permit icmp 10.76.192.0 0.0.31.255 any echo-reply

permit icmp any any ttl-exceeded

deny ip any any log

interface vlan546

ip address 10.76.185.251 255.255.254.0

ip helper-address 10.76.171.1

no ip redirects

no ip unreachables

no ip proxy-arp

ip pim sparse-dense-mode

service-policy input user-marking

no shut

!

==================================================================================

What I dont understand is that the vlan filter (vlan access map) is applied to the Avaya phone vlan, yet the traffic its filtering is the kind of traffic that would be generated by a PC, not a phone, like http or https. Why is that?

The PC would indeed be connected to the phone and the phone to the switch. The PC would be on the data vlan and the phone on the voice, of course. So, shouldnt the vlan access map be applied to the data vlan?