Showing results for 
Search instead for 
Did you mean: 

When to use the different Voice VLAN configurations?

I've been reading about voice vlan and have been trying to understand when to use any of the 4 different commands when setting up a switch port to hold a VOIP phone that has a PC connected to it. The 4 commands are:


switchport voice vlan vlanid

switchport voice vlan dot1p

switchport voice vlan untagged

switchport voice vlan none


From what I understand, all the configuration is done right on the switch for the port that the phone will go on. I've learned that traditionally, there was only 1 data drop per cubicle in an office and that was meant for the computer's data. Once phones started to roll out that would work over IP, the choice was to either run an extra new drop to each cubicle to support the phone or to install a switch embedded within the phone (which is what happened). But the former situation required that the switch take up 2 ports. One for the phone and one for the PC and each port would have set up a certain VLAN. But now that the phone has a switch, the data from the PC can go through the phone, UNTAGGED as it always does, while the phone will send its traffic tagged. 


So I understand that if we set up the switch port with a vlan for data and a specific voice vlan, the switch port will be able to distinguish the data packets from the voice packets since the voice packets are tagged inside the 802.1q CoS bits, while the data isn't. 


So then what is the difference in the commands listed up above? The one I'm truly curious about is "switchport voice vlan dot1p". I understand that it will use VLAN 0 so that it can inject an 802.1q header in the frame just so it can use the Priority Code Point bits for Class of Service to prioritize the voice packets (then again the other commands do the same, except for the last command). But why use that command over the "switchport voice vlan vlanid" command? I keep finding information that says: "The VLAN ID 0 is used when a device needs to send priority-tagged frames but does not know in which particular VLAN it resides". But how could a device not know which VLAN it resides on? I don't believe the phone ever gets configured to know which VLAN it's on. Although I have read that if a trunk is created, both sides are negotiated. So maybe the phone will receive the information of the Native VLAN from the switch port. 


Any help understanding this would be appreciated!

Hall of Fame Master

Hello @granttes ,

most of implementations I have seen use a dedicated Voice vlan.

This is technically the best choice as it allows to logically separate the IP phones traffic from traffic of PCs.

in some setup a VOIP VRF is used to ensure that IP phones cannot go the internet directly the use of a dedicated Vlan allows for this.

The switchport voice vlan dot1p can be used when you don't want to deploy a separated Vlan and a separated IP subnet for IP phones but you still want to be able to give to the VOIP frames a better QoS treatment.

It may be also a sort of fallback that is supported to follow some IEEE standard thought to allow to use switches that actually are not able to support a Voice Vlan on an access port.

It can be an option to be used in a remote site if the branch router has limitations on the number of  Vlans supported at OSI layer3.

However, in all real world implementation I have seen the use of a dedicated Voice vlan for the reasons explained above.

To be noted that in this case in the past the port was called an implicit trunk or mini trunk carrying two Vlans the data Vlan untagged and the Voice Vlan tagged. Actually when the phone is powered on by POE it first boots in the data Vlan and then moves to the voice Vlan after interaction with the switch via CDP or LLDP MED.

This is something to be taken in account if using port security it is better to allow 3 MAC addresses per port.


Hope to help



Content for Community-Ad