• You should configure voice VLAN on switch access ports; voice VLAN is not supported on trunk ports. You can only configure a voice VLAN on Layer 2 ports.
Note: Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed.
• The voice VLAN should be present and active on the switch for the IP phone to correctly communicate on the voice VLAN. Use the show vlan privileged EXEC command to see if the VLAN is present (listed in the display). If the VLAN is not listed, see Chapter 12, "Configuring VLANs," for information on how to create the voice VLAN.
• Do not configure voice VLAN on private VLAN ports.
• The Power over Ethernet (PoE) switches are capable of automatically providing power to Cisco pre-standard and IEEE 802.3af-compliant powered devices if they are not being powered by an AC power source.
• Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command. If you use the auto-QoS feature, these settings are automatically configured. For more information, see "Configuring QoS."
• You must enable CDP on the switch port connected to the Cisco IP Phone to send configuration to the Cisco IP Phone. (CDP is enabled by default globally and on all switch interfaces.)
• The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.
• If the Cisco IP Phone and a device attached to the Cisco IP Phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN:
–They both use 802.1p or untagged frames.
–The Cisco IP Phone uses 802.1p frames and the device uses untagged frames.
–The Cisco IP Phone uses untagged frames and the device uses 802.1p frames.
–The Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN.
• The Cisco IP Phone and a device attached to the phone cannot communicate if they are in the same VLAN and subnet but use different frame types because traffic in the same subnet is not routed (routing would eliminate the frame type difference).
• You cannot configure static secure MAC addresses in the voice VLAN.
• Voice VLAN ports can also be these port types:
–Dynamic access port. See the "Configuring Dynamic-Access Ports on VMPS Clients" section on page 12-30 for more information.
–802.1x authenticated port. See the "Configuring 802.1x Authentication" section for more information.
Note: If you enable 802.1x on an access port on which a voice VLAN is configured and to which a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds.
–Protected port. See the "Configuring Protected Ports" section for more information.
–A source or destination port for a SPAN or RSPAN session.
–Secure port. See the "Configuring Port Security" section for more information.
Note: When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to two plus the maximum number of secure addresses allowed on the access VLAN. When the port is connected to a Cisco IP phone, the IP phone requires up to two MAC addresses. The IP phone address is learned on the voice VLAN and might also be learned on the access VLAN. Connecting a PC to the IP phone requires additional MAC addresses.
Full text here.