Yes, voice and data vlan on the same port is working - that's not the issue, I need to put a computer on the same vlan as the phones.

Our data vlan is 172.16.10.0/24 and our voice vlan is 172.16.21.0/24

When I give a computer a static IP of

172.16.10.15 255.255.255.0 172.16.10.1 and 8.8.8.8 for DNS, I'm unable to connect to the internet.  I'm able to ping the other phones and open their web configuration, but I'm unable to connect to the internet.

When I do a packet traffic capture from the Sonicwall, I don't see any traffic from the computer, but I do see traffic from the phones and the phones are able to connect to the internet.

I am puzzled. Is the computer on a port in the phone vlan? If it is in the phone vlan with an IP of the data vlan then I am not surprised that it is not working. If a device is connected in the voice vlan then it needs an IP address in the subnet that is associated with the voice vlan.

I guess I'm having trouble explaining the issue properly.

For example port 14 on the switch -  If I plug a phone into it, I get a DHCP address in the phone vlan - vlan 21.  For example 172.16.21.56.  If I plug a computer in the same port, I'll get a DHCP address in the data vlan - vlan 1. For example, 172.16.10.145.  Computers in the data vlan can't ping or see phones in the phone vlan. This is working as expected.

The phone vendor (8x8) wants me to connect a computer in the same vlan as the phones - vlan 21 to run some tests. So, for that computer in port 14, I give it the following Static IP:

172.16.21.15

255.255.255.0

172.16.21.1

DNS: 8.8.8.8

I do that and the computer can not connect to the internet at all.  It can ping other phones in the phone vlan now. But I can't ping my gateway for the phone vlan - 172.16.21.1. 

When I do a packet capture from the firewall to see any traffic from 172.16.21.15 - I don't see anything.  It's like the packets are not being sent to the firewall.  They are just stopping at the switch.

Hopefully I explained the issue a little better now.

Hello

Sounds like you have a security policy on the switch/upstream switch or FW that is only excepting certain traffic types from vlan 21 iand internet traffic isnt one of them.

This is the main switch that I'm connecting the computer to.  The Sonicwall is not seeing any traffic from the computer when I give it a static IP in the phone vlan, so the Cisco is blocking the traffic to the Sonicwall. 

I'm trying to figure out what on the Cisco switch is blocking this traffic - this is the reason of this post.

If you get chance post new configuration along with any Logs or ACL you have ?

Attached are the startup and running configuratins.

Thank you for posting the configuration. I have a few observations and suggestions. - The config for port 14 clearly sees vlan 1 as the default vlan/native vlan (using untagged frames) and sees vlan 21 using tagged frames.

- The you connect a PC to port 14 I am pretty sure that the PC is using untagged frames. So the switch mostly sees this as belonging to vlan 1. You have configured IP addressing on the PC for vlan 21. I am surprised that this allows the PC to access phone resources but if you say that this does work then I accept that it might allow the PC to access local resources of vlan 21. But when it tries to access outside resources I do not believe that the data is seen as coming from lan 21.

- is it possible to configure port 14 as an access port in vlan 21? If so that would truly put the PC into vlan 21 and I believe that this would be a better test.

- what kind of testing does the vendor want to do from the PC connected in the phone vlan?