Voice VLAN/DHCP server

In the course of deploying IP telephony I have run into this issue a number of times and thought that others may benefit from it. A common configuration for a switch port that is connected to a Cisco IP phone with a PC connected to the phone might look something like this:

interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 20
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast

If a DHCP server is connected to a port that has the “switchport voice VLAN xxx” command applied to it phones run the risk of obtaining their DHCP from this server instead of the intended voice DHCP server.

To correct this issue simply remove the “switchport voice VLAN xxx” command from the port connected to the DHCP server that should not be providing DHCP to the voice network.

On some older switches (i.e. Cisco 3524) it was necessary to set ports connected to IP telephones as trunked interfaces like this:

interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 10
switchport voice vlan 20
switchport priority extend cos 0
spanning-tree portfast

If a DHCP server is connected to a port configured like that broadcast traffic will still be sent to IP phones in VLAN 20. It is advisable to configure the port as an access port in the non-voice VLAN like this:

interface FastEthernet0/2
switchport mode access
switchport access vlan 10
spanning-tree portfast