Assigning VLANs to Switch Ports

After creating VLANs, the next critical step is to assign switch ports to those VLANs. Until a port is assigned, it remains in VLAN 1 by default.

1. Assign a Single Port to a VLAN

Explanation

Access ports are used to connect end devices such as PCs, printers, and IP phones. Each access port belongs to only one VLAN.

In this example, we assign FastEthernet0/1 to VLAN 10.

Cisco Prompt Commands

Configuring an Access Port for VLAN 10

NetsTuts_SW1#conf t
NetsTuts_SW1(config)#interface FastEthernet0/1
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 10
NetsTuts_SW1(config-if)#end
FastEthernet0/1 configured as an access port and assigned to VLAN 10.

The above commands configure a switch port as an access port and assign it to VLAN 10:

  • interface FastEthernet0/1
    Enters interface configuration mode for port FastEthernet 0/1, allowing you to configure settings specific to that physical port.
  • switchport mode access
    Sets the port to access mode, meaning it can carry traffic for only one VLAN. This mode is typically used when connecting end devices such as PCs, printers, or IP phones.
  • switchport access vlan 10
    Assigns the port to VLAN 10. Any device connected to this port will become part of VLAN 10, and all incoming and outgoing traffic will be associated with that VLAN.

In summary, these commands configure FastEthernet0/1 as a standard access port and place it into VLAN 10, allowing connected devices to communicate within that VLAN.

Verify with "show running-config" command

!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
!

Verify with "show vlan brief" command 

NetsTuts_SW1#sho vla bri

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/14, Fa0/15, Fa0/16, Fa0/17
                                                Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                                Fa0/22, Fa0/23, Fa0/24, Gig0/1
                                                Gig0/2
10   VLAN0010                         active    Fa0/1
20   VLAN0020                         active    
30   SALES                            active    
40   HR                               active    
50   IT                               active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active    
NetsTuts_SW1#

2. Assign Multiple Ports to a VLAN


When multiple devices belong to the same department, assigning ports individually is inefficient. Cisco IOS provides the interface range command.

This example assigns FastEthernet0/2 to FastEthernet0/10 to VLAN 20.

Cisco Prompt Commands

NetsTuts_SW1#conf t
NetsTuts_SW1(config)#interface range FastEthernet0/2 - 10
NetsTuts_SW1(config-if-range)#switchport mode access
NetsTuts_SW1(config-if-range)#switchport access vlan 20
NetsTuts_SW1(config-if-range)#end
Assigning multiple switch ports to VLAN 20 using interface range command.

Verify with "show vlan brief" command 

NetsTuts_SW1#sho vla bri

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22
                                                Fa0/23, Fa0/24, Gig0/1, Gig0/2
10   VLAN0010                         active    Fa0/1


20   VLAN0020                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10


30   SALES                            active    
40   HR                               active    
50   IT                               active    
1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

As you can see, multiple ports are assigned to a single VLAN.

3. Assign VLAN with Port Description

Explanation

Adding interface descriptions improves documentation and simplifies troubleshooting in enterprise environments.

Cisco Prompt Commands

NetsTuts_SW1#conf t
NetsTuts_SW1(config)#interface FastEthernet0/11
NetsTuts_SW1(config-if)#description SALES-PC-01
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 30
NetsTuts_SW1(config-if)#end
Assigning VLAN 30 with a descriptive label for documentation.

Verify with "show running-config" command 

!
interface FastEthernet0/11
 description SALES-PC-01
 switchport access vlan 30
 switchport mode access
!

Voice VLAN Overview

A Voice VLAN is a specialized VLAN used to separate voice traffic from data traffic on the same physical switch port. This design is commonly used in enterprise networks where an IP phone and a PC share one Ethernet connection.

Voice traffic is tagged with a dedicated VLAN ID and given higher priority, ensuring clear and uninterrupted calls. Data traffic from the connected PC remains untagged and is handled as normal access traffic. This separation improves Quality of Service (QoS), enhances security, and simplifies network cabling.

  • VLAN 40 Data
  • VLAN 100 Voice

Cisco Prompt Commands

NetsTuts_SW1#conf t
NetsTuts_SW1(config)#interface FastEthernet0/12
NetsTuts_SW1(config-if)#switchport mode access
NetsTuts_SW1(config-if)#switchport access vlan 40
NetsTuts_SW1(config-if)#switchport voice vlan 100
NetsTuts_SW1(config-if)#end
Configuring a voice VLAN for IP phone connectivity.

Verify with "show running-config" command 

!
interface FastEthernet0/12
 switchport mode access
 switchport access vlan 40
 switchport voice vlan 100
!

Verifying VLAN membership and associated switch ports. 

NetsTuts_SW1#sho vla bri

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gig0/1, Gig0/2
10   VLAN0010                         active    Fa0/1
20   VLAN0020                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10
30   SALES                            active    Fa0/11

40   HR                               active    Fa0/12
100  VLAN0100                         active    Fa0/12

1002 fddi-default                     active    
1003 token-ring-default               active    
1004 fddinet-default                  active    
1005 trnet-default                    active

Common Learner Mistakes (Highlight Section)

  • Creating VLANs but forgetting to assign switch ports to those VLANs.
  • Omitting the switchport mode access command before assigning the VLAN.
  • Failing to verify the configuration using show vlan brief.

TEST WHAT YOU LEARNED

1. What is the default VLAN that all switch ports belong to before any VLAN assignment is made?

Correct answer is C. The default VLAN that all switch ports belong to is VLAN 1.

2. Which command is required before assigning an access VLAN to a switch port?

Correct answer is B. The "switchport mode access" command is required before assigning an access VLAN to a switch port.

3. What is the purpose of configuring a port description on an interface?

Correct answer is D. Configuring a port description helps improve documentation and simplifies troubleshooting.

4. Which command allows multiple switch ports to be configured simultaneously?

Correct answer is A. The "interface range FastEthernet0/2 - 10" command allows multiple switch ports to be configured simultaneously.

5. How many VLANs can an access port belong to for data traffic?

Correct answer is B. An access port can belong to only one VLAN for data traffic.

6. What is the primary purpose of a Voice VLAN?

Correct answer is C. The primary purpose of a Voice VLAN is to separate voice traffic from data traffic on the same physical port.

7. After assigning FastEthernet0/1 to VLAN 10, which command verifies this assignment?

Correct answer is B. The "show vlan brief" command verifies the VLAN assignment for FastEthernet0/1.

8. What happens if you configure "switchport access vlan 30" without first configuring "switchport mode access"?

Correct answer is C. The configuration is incomplete and may not function correctly if you don't first configure "switchport mode access".

9. In a Voice VLAN configuration, how is voice traffic treated compared to data traffic?

Correct answer is B. Voice traffic is tagged with a dedicated VLAN ID and given higher priority compared to data traffic.

10. What common mistake do learners make when configuring VLANs on switch ports?

Correct answer is D. A common mistake is creating VLANs but forgetting to assign switch ports to them.

Back to Home