Wrong IP's in Data network

Shouldn't you look the other way around - PCs plugged in into the phone network?
I assume VoIP and data network are physically separated, there is no connection between the switches?

How many ports are at each workstation? If just one, this is a scenario I have seen a number of phone vendors do, and somehow I have yet to see them mess it up. And none of them ever asked to access the main network.

If you know the MAC addresses of machines with phone IP addresses, you could try checking the managed switches on the data side. However, it would make more sense to check the managed switches on the phone side for those same MAC addresses.

If the equipment is physically separate, I would power down the switch(es) on the phone side one at a time. The moment computers with the issue suddenly lose connection (or end up on the data network), then you know which switch was connected to a data switch.

At the end of the day, it's your network, so you should determine how you would like for it to look. I would make the vendor come back out and set things up the way you want it to be.

Keep the two networks seperated.  Just don't connect their switch to your switch.  If the phone vendor wants internet to his phone system, than that complicates things.  You can either add a second internet source just for the phone system, or VLAN the network and join the switches.

That's the thing, some user it seems mixed a cable between the two now I'm trying to fix this...

I have many clients with VOIP phone systems, and they have a separate network with it's own internet source.  That is what the phone techs (several different companies) all required on their installs.

Are you using pass through network in phone to PC?  If so, my first option won't work.

You can use netshark to find where second dhcp is located and then on switches find what port is used to send dhcp broadcast to your network.

1) Check for daisy chaining, assuming that it isn't intentional.
2) How are the phones getting connectivity to the internet? If they don't have a separate connection, start at that point, and work your way down.

I would assume the phone system company installed another router for their equipment from the sounds of things.  I don't think that part is a mystery to Cobra25.

You don't want two DHCP servers on the same network, that is why I would move the voice network away from the data.  

"(He didnt want to use ours and VLAN everything)"
   - The separate internet sources and unconnected networks is what they were looking for.

Yes 2 diff networks, sole inet, but just competely diff paths to get there. They are completed physically separated. Again, someone plugged in a cable and now the pc's are getting dhcp addresses from the voice router.

How can i track this down asap..

Ok, i used a windows PC, and found the MAC address of the DHCP server (the PBX on voice). Now, on that port, i see 25+ mac addresses, which looks to be some sort of Netgear switch. Ill shut this port down to see what happens...

So now start at this Netgear switch and start seeing where its cables go.

By the way, another weird thing I have seen before was an improperly connected router. A user thought it was a switch. Just another thing you can be on the watch for.

Why would users be messing around with the network feeds,
It sounds as though either the ports are not clearly labled I.e. Phine, data.. Or a user piggy backed on the phones network.

If your subnets are truly separate, it is fairly simple, those who are in the wrong network. Lack access to requisite resources.

On each computer, you could run "ipconfig -all" from command prompt, and look DHCP server.  Unless they are both the same IP, this would help.  If the networks are separate, the PC's not on the data network would have trouble accessing any file shares.  

Also, As masnrock mentioned... "Look out for home wireless routers installed as switches to give someone wireless in their area.  I see this alot, and now you have introduced a second DHCP server.  This you will have to locate physically and just remove.

So i found the switch port-- it was going to upstairs and then eventually found a hidden 5 port desktop switch with cables plugged in both networks...

Still a manual process, was hoping there was a better way to track this.

In the future, i will just vlan this all out now.

I assume that you tracked through your managed switches. Also, implementing port security would be an option to prevent issues in the future. Another method would be to implement something like Cisco ISE.