what is the interface config ? post below output :

show vlan

show run Int gi0/5

Sh vlan

15 Data-SW3 active Gi0/2, Gi0/5, Gi0/7, Gi0/8
Gi0/10, Gi0/11, Gi0/13, Gi0/14
Gi0/15, Gi0/17, Gi0/18, Gi0/20
Gi0/21, Gi0/22, Gi0/24

16 Voice-SW3 active Gi0/2, Gi0/3, Gi0/21, Gi0/6

SW3#show run Int gi0/5
Building configuration...

Current configuration : 185 bytes
!
interface GigabitEthernet0/5
switchport access vlan 15
switchport mode access
switchport voice vlan 16
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end

• Absolutely Right Dan Lukes,  How could i do this for 500 + users its not acceptable.
• Even some IP phones are in 'Register IP phone' mode display , look like searching for ip. Even in our company some of IP phones are 7900 series , in this model manually i cant able to add admin vlan id.
• So many things here.. so without cdp IP phones  have issues.
         

---

@sjd2020 wrote:

• Absolutely Right Dan Lukes,  How could i do this for 500 + users its not acceptable.

---

What CDP security vulnerability are you trying to avoid?

ithink its here in below links

https://www.helpnetsecurity.com/2020/02/05/cdpwn-vulnerabilities/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos

Someone is overreacting.  Did anyone attempted to read (and understand) the Security Advisory?

What is the model of the switch we are talking about?

Judging from the output, I know what switch this is but I want to hear it. 

You are in Small Business area and you mentioned no models of phone we are speaking of, thus I assumed SMB product line - e.g. SPA3xx or SPA5xx. I have no experience with 7900 - my advice may or may not apply to them.

Virgin phone starts in data vlan asking network configuration from DHCP.

Configure DHCP server (the one running in data vlan) to respond with IP address and option 150 (tftp server with phone configuration) OR option 160 (https url with phone configuration). The configuration is static file/configuration (neither per-phone configuration nor dynamic configuration generated on the fly by script is necessary). You can place it on a TFTP/HTTP server accessible from data vlan. Configuration contains no sensitive information, so it need not to be secured. It configures just VLAN ID(following example assimes it's 123):

<flat-profile>

<VLAN_ID ua="na">123</VLAN_ID>

</flat-profile>

 New configuration causes phone reboot - but phone have vlan id configured now, so it starts into voice vlan. It will fetch IP address and configuration as usual.

Hello Mr Dan lukes,

What you want to say in short your not using Cisco, virigin and you configure as a Data vlan and for voice option 150 or 160 tftp  or https  for ip phones, and phones reboot and work properly with 123 vlan id, 
ok here i need some details what is your voice vlan id and data vlan id ... that i want to know?

looking for your response.