Voice VLAN and Data VLAN Not Both Working on IP Phone Port
Presenting Symptom
PC connected to an IP phone cannot access the data VLAN, but the phone works fine on the voice VLAN.
Network Context
A small branch office with a Cisco Catalyst 2960 switch running IOS 15.0. The switch connects to an IP phone (Cisco 7965) and a PC behind the phone. The switch port is configured with voice VLAN 10 and data VLAN 20. The phone registers and gets an IP from the voice VLAN, but the PC cannot obtain an IP or communicate on the data VLAN.
Diagnostic Steps
Check the switch port configuration
show running-config interface GigabitEthernet0/1interface GigabitEthernet0/1 switchport mode access switchport access vlan 20 switchport voice vlan 10 spanning-tree portfast
Verify that the port is configured as an access port with both access VLAN (data) and voice VLAN. If the voice VLAN is missing or the port is in trunk mode, that could cause issues.
Verify VLANs exist and are active
show vlan briefVLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active 10 voice active 20 data active 1002 fddi-default act/unsup ...
Ensure both VLAN 10 and VLAN 20 are present and active. If a VLAN is missing or suspended, traffic will not pass.
Check the switchport interface status and CDP neighbors
show interfaces GigabitEthernet0/1 switchportName: Gi0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 20 (data) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: 10 (voice) ...
Confirm that the operational mode is access and both access VLAN and voice VLAN are set correctly. If the voice VLAN is not listed, the phone may not be receiving the correct VLAN.
Check CDP to see if the phone is detected
show cdp neighbors GigabitEthernet0/1 detailDevice ID: SEPXXXXXXXXXXXX Entry address(es): IP address: 10.0.10.2 Platform: Cisco IP Phone 7965, Capabilities: Host Phone Interface: GigabitEthernet0/1, Port ID (outgoing port): 1 ...
If the phone is not listed, CDP may be disabled or the phone is not powered. If the phone is listed, it confirms the phone is connected and communicating. The phone's IP should be in the voice VLAN subnet.
Check the PC's MAC address in the MAC address table
show mac address-table interface GigabitEthernet0/1Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 10 aaaa.bbbb.cccc DYNAMIC Gi0/1 20 dddd.eeee.ffff DYNAMIC Gi0/1
You should see two MAC addresses: one for the phone (VLAN 10) and one for the PC (VLAN 20). If only the phone's MAC appears, the PC traffic is not being tagged correctly or the phone is not forwarding the PC's traffic.
Root Cause
The IP phone is not configured to tag the PC's traffic with the data VLAN ID. By default, Cisco IP phones forward PC traffic untagged, expecting the switch port to be in access mode with the data VLAN as the native VLAN. However, if the switch port is configured with a voice VLAN, the phone must be configured to tag the PC traffic with the data VLAN (or the switch must accept untagged traffic on the access VLAN). In this case, the phone is not tagging the PC traffic, and the switch is dropping untagged frames because the port is configured with a voice VLAN and expects all traffic to be tagged.
Resolution
Verification
After applying the fix, verify the PC can obtain an IP address and communicate. Use the following commands: show mac address-table interface GigabitEthernet0/1 ! Expected output shows MAC addresses for both VLAN 10 and VLAN 20. show interfaces GigabitEthernet0/1 switchport ! Confirm operational mode and VLAN assignments. From the PC, ping the default gateway (e.g., 10.0.20.1). Should succeed.
Prevention
["Always configure both access VLAN and voice VLAN on ports connecting IP phones.","Ensure the IP phone is configured to tag PC traffic with the data VLAN (default on Cisco phones).","Use CDP or LLDP to verify phone detection and VLAN negotiation."]
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where a PC behind an IP phone cannot access the network. The exam tests understanding of voice VLAN configuration, switchport modes, and how IP phones handle data and voice traffic. Candidates must know that the access VLAN is for data and the voice VLAN is for voice, and that the phone tags voice frames with the voice VLAN and forwards data frames untagged (or tagged with the access VLAN).
Exam Tips
Remember that the switchport voice vlan command assigns a separate VLAN for voice traffic, while the access vlan is for data.
Be aware that Cisco IP phones use CDP to negotiate VLAN information; if CDP is disabled, the phone may not receive the voice VLAN.
Know that the 'show mac address-table' command can reveal whether both the phone and PC MAC addresses are learned on the correct VLANs.
Commands Used in This Scenario
show cdp neighbors detail
Displays detailed information about directly connected Cisco devices discovered via CDP, including IP addresses, IOS version, platform, and interface details, useful for verifying neighbor relationships and troubleshooting Layer 2 connectivity.
show interfaces switchport
Displays the administrative and operational status of a switch port, including VLAN membership, trunking mode, and access VLAN, used to verify VLAN configuration and port security settings.
show mac address-table
Displays the MAC address table (also known as CAM table) on a switch, showing which MAC addresses are learned on which VLAN and port, used to verify Layer 2 forwarding and detect issues like MAC flooding or incorrect port assignments.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions