Configure Port to VLAN Interface Settings on a Switch through the CLI (2023)

Objective

A Virtual Local Area Network (VLAN) allows you to logically segment a Local Area Network (LAN) into different broadcast domains. In scenarios where sensitive data may be broadcast on a network, VLANs can be created to enhance security by designating a broadcast to a specific VLAN. Only users that belong to a VLAN are able to access and manipulate the data on that VLAN.

You can configure the ports and specify whether the port should be in access or trunk mode, and assign specific ports to VLANs. This article provides instructions on how to configure an interface VLAN as an access or trunk port on your switch through the Command Line Interface (CLI).

Introduction

VLAN is a network that is usually segmented by function or application. VLANs behave much like physical LANs, but you can group hosts even if they are not physically co-located. A switch port can belong to a VLAN. Unicast, broadcast, and multicast packets are forwarded and flooded out ports in the same VLAN.

VLANs can also be used to enhance performance by reducing the need to send broadcasts and multicasts to unnecessary destinations. It also eases network configuration by logically connecting devices without physically relocating those devices.

Note: To learn how to configure the VLAN settings on your switch through the web-based utility, click here. For CLI-based instructions, click here.

The image below displays an SG350X switch that is configured with the following VLANs:

Configure Port to VLAN Interface Settings on a Switch through the CLI (1)

  • VLAN1 - This is the default VLAN. The switch is connected to the router through this VLAN. This can be used but cannot be modified or deleted.
  • VLAN10 - Virtual network for the Admin department. The network address is 192.168.10.1 with subnet mask 255.255.255.0 or /24.
  • VLAN20 - Virtual network for the Finance department. The network address is 192.168.20.1 with subnet mask 255.255.255.0 or /24.
  • VLAN30 - Virtual network for the Operations department. The network address is 192.168.30.1 with subnet mask 255.255.255.0 or /24.

In a bigger network, the configured VLANs with interfaces assigned as access and trunk ports on switches could look like this:

Configure Port to VLAN Interface Settings on a Switch through the CLI (2)

The port modes are defined as follows:

  • Access Port - The frames received on the interface are assumed to not have a VLAN tag and are assigned to the specified VLAN. Access ports are used primarily for hosts and can only carry traffic for a single VLAN.
  • Trunk Port - The frames received on the interface are assumed to have VLAN tags. Trunk ports are for links between switches or other network devices and are capable of carrying traffic for multiple VLANs.

Note: By default, all interfaces are in trunk mode, which means they can carry traffic for all VLANs. To know how to assign an interface VLAN as an Access or Trunk port through the web-based utility of the switch, click here.

To configure VLANs, follow these guidelines:

1. Create the VLANs. To learn how to configure the VLAN settings on your switch through the web-based utility, click here. For CLI-based instructions, click here.

2. (Optional) Set the desired VLAN-related configuration for ports. For instructions on how to configure the VLAN interface settings on your switch through the web-based utility, click here. For CLI-based instructions, click here.

3. Assign interfaces to VLANs. For instructions on how to assign interfaces to VLANs through the web-based utility of your switch, click here.

4. (Optional) Configure VLAN groups on your switch. You can configure any of the following:

  • MAC-based VLAN Group Overview - For instructions on how to configure MAC-based VLAN Groups through the web-based utility of your switch, click here. For CLI-based instructions, click here.
  • Subnet-based VLAN Groups Overview - For instructions on how to configure subnet-based VLAN Groups through the web-based utility of your switch, click here. For CLI-based instructions, click here.
  • Protocol-based VLAN Groups Overview - For instructions on how to configure Protocol-based VLAN Groups through the web-based utility of your switch, click here. For CLI-based instructions, click here.

5. (Optional) Configure TV VLAN settings on your switch. You can configure any of the following:

  • Access Port Multicast TV VLAN - For instructions on how to configure Access Port Multicast TV VLAN through the web-based utility of your switch, click here.
  • Customer Port Multicast TV VLAN - For instructions on how to configure Customer Port Multicast TV VLAN through the web-based utility of your switch, click here.

Applicable Devices | Software Version

  • Sx300 Series | 1.4.7.06 (Download latest)
  • Sx350 Series | 2.2.8.04 (Download latest)
  • SG350X Series | 2.2.8.04 (Download latest)
  • Sx500 Series | 1.4.7.06 (Download latest)
  • Sx550X Series | 2.2.8.04 (Download latest)

Configure VLAN Interface Settings on the Switch through the CLI

Configure Interface as Access Port and Assign to VLAN

Step 1. Log in to the switch console. The default username and password is cisco/cisco. If you have configured a new username or password, enter the credentials instead.

(Video) Cisco Tech Talk: Configuring Port to VLAN Interface Settings via CLI on CBS250/350 Switches

Configure Port to VLAN Interface Settings on a Switch through the CLI (3)

Note: The commands may vary depending on the exact model of your switch. In this example, the SG350X switch is accessed through Telnet.

Step 2. To display the current VLAN on the switch, enter the following:

SG350X#show vlan Configure Port to VLAN Interface Settings on a Switch through the CLI (4)

Note: In this example, VLANs 1, 10, 20, and 30 are available with no manually assigned ports.

Step 3. From the Privileged EXEC mode of the switch, enter the Global Configuration mode by entering the following:

SG350X#configure terminal

Step 4. In the Global Configuration mode, enter the Interface Configuration context by entering the following:

SG350X(config)#interface [interface-id | range vlan vlan-range]

The options are:

  • interface-id - Specifies an interface ID to be configured.
  • range vlan vlan-range - Specifies a list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces. Use a hyphen to designate a range of VLANs.

Configure Port to VLAN Interface Settings on a Switch through the CLI (5)

Note: In this example, an interface range that covers ports 14 to 24 is entered.

Step 5. In the Interface Configuration context, use the switchport mode command to configure the VLAN membership mode.

SG350X(config-if-range)#switchport mode access Configure Port to VLAN Interface Settings on a Switch through the CLI (6)

Step 6. Use the switchport access vlan command to assign the port or range of ports into access ports. A port in access mode can have only one VLAN configured on the interface which can carry traffic for only one VLAN.

SG350X(config-if-range)#switchport access vlan [vlan-id | none]

The options are:

  • vlan-id - Specifies the VLAN to which the port is configured.
  • none - Specifies that the access port cannot belong to any VLAN.

Configure Port to VLAN Interface Settings on a Switch through the CLI (7)

(Video) Configuring VLANs and Assigning ports to VLANs

Note: In this example, the range of ports is assigned to VLAN 30.

Step 7. (Optional) To return the port or range of ports to the default VLAN, enter the following:

SG350X(config-if-range)#no switchport access vlan

Step 8. To exit the Interface Configuration context, enter the following:

SG350X(config-if-range)#exit Configure Port to VLAN Interface Settings on a Switch through the CLI (8)

Step 9. (Optional) Repeat steps 4 to 6 to configure more access ports and assign to the corresponding VLANs.

Configure Port to VLAN Interface Settings on a Switch through the CLI (9)

Note: In this example, interface range 26 to 36 are assigned to VLAN 10, while interface range 38 to 48 are assigned to VLAN 20.

SG350X(config-if)#end

Step 10. Enter the end command to go back to the Privileged EXEC mode:

Configure Port to VLAN Interface Settings on a Switch through the CLI (10)

Step 11. (Optional) To display the configured ports on the VLANs, enter the following:

SG350X#show vlan Configure Port to VLAN Interface Settings on a Switch through the CLI (11)

Note: The configured ports should be displayed according to the assigned VLANs. In this example, the interface range 26 to 36 are assigned in VLAN 10, 38 to 48 belong to VLAN 20, and 14 to 24 are configured to VLAN 30.

Step 12. (Optional) In the Privileged EXEC mode of the switch, save the configured settings to the startup configuration file, by entering the following:

SG350X#copy running-config startup-config > Configure Port to VLAN Interface Settings on a Switch through the CLI (12)

Step 13. (Optional) Press Y for Yes or N for No on your keyboard once the Overwrite file [startup-config]… prompt appears.

Configure Port to VLAN Interface Settings on a Switch through the CLI (13)

(Video) Cisco CBS 250 & 350 Switches | Configuring Port to VLAN Interface Settings via CLI

You should now have configured the interfaces on your switch as access ports and assigned to their corresponding VLANs.

Configure Interface as Trunk Port and Assign to VLAN

Step 1. In the Privileged EXEC mode of the switch, enter the Global Configuration mode by entering the following:

SG350X#configure terminal

Step 2. In the Global Configuration mode, enter the Interface Configuration context by entering the following:

SG350X#interface [interface-id | range vlan vlan-range]

The options are:

  • interface-id - Specifies an interface ID to be configured.
  • range vlan vlan-range - Specifies a list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces. Use a hyphen to designate a range of VLANs.

Configure Port to VLAN Interface Settings on a Switch through the CLI (14)

Note: In this example, interface ge1/0/13 is used.

Step 3. In the Interface Configuration context, use the switchport mode command to configure the VLAN membership mode.

SG350X(config-if)#switchport mode trunk Configure Port to VLAN Interface Settings on a Switch through the CLI (15)

Step 4. (Optional) To return the port to the default VLAN, enter the following:

SG350X(config-if)#no switchport mode trunk

Step 5. Use the switchport trunk allowed vlan command to specify which VLANs the port belongs to when its mode is configured as trunk.

SG350X(config-if)#switchport trunk allowed vlan [all | none | add vlan-list | remove vlan-list | except vlan-list]

The options are:

  • all - Specifies all VLANs from 1 to 4094. At any time, the port belongs to all VLANs existing at the time.
  • none - Specifies an empty VLAN list. The port does not belong to any VLAN.
  • add vlan-list - List of VLAN IDs to add to the port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.
  • remove vlan-list - List of VLAN IDs to remove from a port. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.
  • except vlan-list - List of VLAN IDs including all VLANs from range 1-4094 except VLANs belonging to vlan-list.

Note: In this example, port ge1/0/13 belongs to all VLANs except VLAN 10.

Configure Port to VLAN Interface Settings on a Switch through the CLI (16)

Step 6. To exit the Interface Configuration context, enter the following:

(Video) How to Configure VLAN via CLI (Command-Line) & Web Interface | FS

SG350X(config-if)#exit Configure Port to VLAN Interface Settings on a Switch through the CLI (17)

Step 7. (Optional) To return the port or range of ports to the default VLAN, enter the following:

SG350X(config-if)#no switchport trunk allowed vlan

Step 8. (Optional) Repeat steps 2 to 6 to configure more trunk ports and assign to the corresponding VLANs.

Configure Port to VLAN Interface Settings on a Switch through the CLI (18)

Note: In this example, interface ge1/0/25 belongs to VLAN 10 and not in VLAN 20, while interface ge1/0/27 belongs to all VLANs except VLAN 10.

Step 9. Enter the end command to go back to the Privileged EXEC mode:

SG350X(config-if)#end Configure Port to VLAN Interface Settings on a Switch through the CLI (19)

Step 10. (Optional) To display the configured ports on the VLANs, enter the following:

SG350X#show vlan Configure Port to VLAN Interface Settings on a Switch through the CLI (20)

Note: The configured ports should be displayed according to the assigned VLANs. In this example, the trunk port gi1/0/25 belongs to VLAN 10 and VLAN 30, gi1/0/13 and gi1/0/37 both belong to VLAN 20 and VLAN 30.

Step 11. (Optional) In the Privileged EXEC mode of the switch, save the configured settings to the startup configuration file, by entering the following:

SG350X#copy running-config startup-config Configure Port to VLAN Interface Settings on a Switch through the CLI (21)

Step 12. (Optional) Press Y for Yes or N for No on your keyboard once the Overwrite file [startup-config]… prompt appears.

Configure Port to VLAN Interface Settings on a Switch through the CLI (22)

You should now have configured the interfaces on your switch as trunk ports and assigned to their corresponding VLANs.

Important: To proceed with configuring the VLAN group settings on your switch, follow the guidelines above.

Other links you might find valuable

(Video) Cisco Tech Talk Configuring Port to VLAN Interface Settings via CLI on CBS250 350 Switches

  • Configure Port to Virtual Local Area Network (VLAN) Settings on a Switch
  • Configure Port Virtual Local Area Network (VLAN) Membership of an Interface on a Switch
  • Configure Private Virtual Local Area Network (VLAN) Settings on a Switch
  • Configure Private VLAN Membership Settings on a Switch through the CLI
  • Product Page that contains links to all switch related articles

Videos

1. VLANs, Access Ports, and Trunk Lines
(David Dalton)
2. Cisco Switch basic Configuration | Cisco Switch Configuration Step by Step
(Cisco Config)
3. How to Configure VLANS on a Cisco Switch
(Robert Mayer)
4. TP-LINK SWITCH VLAN CONFIGURATIONS | HOW TO MAKE NEW VLAN IN TP-LINK SWITCH | TP-LINK SWITCH SETUP
(ultimate digital solutions)
5. How to Enable port on a Cisco router or switch
(Keep Learning)
6. Quick Configs Ubiquiti - VLANs & Switch Interface (CLI)
(Ben Pin)
Top Articles
Latest Posts
Article information

Author: Delena Feil

Last Updated: 10/07/2022

Views: 6772

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Delena Feil

Birthday: 1998-08-29

Address: 747 Lubowitz Run, Sidmouth, HI 90646-5543

Phone: +99513241752844

Job: Design Supervisor

Hobby: Digital arts, Lacemaking, Air sports, Running, Scouting, Shooting, Puzzles

Introduction: My name is Delena Feil, I am a clean, splendid, calm, fancy, jolly, bright, faithful person who loves writing and wants to share my knowledge and understanding with you.