fbpx

Configure VLANs, Access Ports & Trunk Ports on Cisco Switches

· >

Configure VLANs, Access Ports & Trunk Ports on Cisco Switches

Table of contents

In this lesson, we will learn how to configure VLANs on Cisco switches and their assignments to interfaces. We will also learn about Access Ports & Trunk ports and how to configure them. Before diving into the configuration part, lets review a bit of theory related to it.

Virtual LANs (VLANS) provide logical segmentation by creating multiple broadcast domains on the same network switch. VLANs provide higher utilization of switch ports because a port can be associated to the necessary broadcast domain, and multiple broadcast domains can reside on the same switch.

VLANs are identified by IEEE 802.1Q statndard, which adds 32 bits in IP packet header with following details:

Tag Protocol ID
(TPID)		Priority Code Point
(PCP)		Drop Eligibal Indicator
(DEI)		VLAN ID
IEEE 802.1Q Header Fields

By default all interfaces are active & assigned to VLAN 1, which is default VLAN. Any information received on a trunk port without 802.1Q VLAN tag is associated to Native VLAN. Native VLAN must match on both trunk ports not doing so can cause traffic to change VLANs unintentionally.

Note that VLAN information is not stored in configuration (running-config / startup-config) but in a separate file named as vlan.dat on router/switch flash memory.

Creating VLANs

VLANs are created in global configuration mode and are named in sub-global configuration mode.

switch#configure terminal
switch(config)#vlan 10
switch(config-vlan)#name IT-Department
switch(config-vlan)#vlan 20
switch(config-vlan)#name Finance

VLANs & their ports assignments can be verified with show vlan | show vlan brief & show vlan summary commands.

Access Ports

Now that we know how to configure VLANs now we will learn about Access port on Cisco switches. An access port carries traffic from specified VLAN to the device connected to it or from the device to other devices connected on same VLAN. An Access port can only be assigned to one VLAN & you can configure a switchport as an access port as follows:

switch(config)#interface fa0/1
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 10
switch(config-if)#interface fa0/2
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 20

Trunk Ports

A switchport configured as trunk port can carry multiple VLANs information and it typically used when multiple VLANs need connectivity between switch and other devices like router or firewall. To configure a switchport as trunk port.

switch#configure terminal
switch(config)#interface fa0/10
switch(config-if)#switchport mode trunk
switch(config-if)#interface fa0/11
switch(config-if)#switchport mode trunk

Trunk ports information can be seen by issuing show interfaces trunk command. This command output can be categorized into three parts.

  • First part of the output contains information regarding trunk ports, their status, their association to an Etherchannel & Native VLAN
  • Second part of the output displays list of allowed VLANs on trunk port
  • Third section displays VLANs that are in spanning tree forwarding state on that switch however ports that are in spanning tree blocking state are not displayed.

Related Articles:

Access and Trunk ports

If you intend to use VLANs in your network, you will need to configure some ports on a switch as access ports and other as trunk ports. Here is a description each port type:

  • access port – a port that can be assigned to a single VLAN. This type of interface is configured on switch ports that are connected to end devices such as workstations, printers, or access points.
  • trunk port – a port that is connected to another switch. This type of interface can carry traffic of multiple VLANs, thus enabling you to extend VLANs across your entire network. Frames are tagged by assigning a VLAN ID to each frame as they traverse between switches.

Allowed VLANs

By default all VLANs are allowed on a trunk, however we can categorically allow specific VLANs over the trunk port. Traffic can be minimized on trunk ports to restrict broadcast traffic too. Sample configuration is appended.

switch#configure terminal
switch(config)#interface fa0/10
switch(config-if)#switchport trunk allowed vlan 1, 10, 20
switch(config-if)#switchport mode trunk

Addition and Removal of VLANs

If you want to add VLANs in running trunk port it must be added using “add” or “remove” command other wise it will replace all existing VLANs with newly added/removed VLAN.

switch(config-if)#switchport trunk allowed vlan add 100
switch(config-if)#switchport trunk allowed vlan remove 20

That’s all for now, hopefully this is been informative for you and by now you know a lot more about configuring VLANs, Access Ports & Trunk Ports.

Introduction to Routers and Routing

in CCNP ENCOR 350-401
Mar 24, 2023   ·  
CCNP ENCOR Wireless Security and Connectivity Exam

CCNPv8 ENCOR – Wireless Security and Connectivity Exam Answers

in CCNP ENCOR 350-401, Cisco Systems, Networking
Oct 25, 2022   ·  

ENCOR v8 Exam Answers CCNP Enterprise (Core Networking)

in CCNP ENCOR 350-401, Cisco Systems, Networking
Oct 21, 2022   ·  
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments