I want to remove the data vlan from the switch port and leave only voice vlan to have the ip phone only communication from that port due to some security issue.
Can anyone still be able to connect a PC to the voice subnet and access the network?
If yes, what is the best practice to protect that unwanted PC access?
Avaya has probably hijacked the CDP protocol.
If you do a sniffer, I'll bet you'll see Avaya picking up on the CDP.
This is the only way for the voice VLAN to be advertised, so it's not too much of a mystery.