Port configurations on Cisco Catalyst switches

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN) and port-configurations in Cisco Catalyst switches.

An Ethernet-frame (packet) can be either tagged or untagged. The default is untagged. When a frame is tagged, an extra 802.1q header is placed first in each frame, containing a VLAN id, a number normally between 1 and 2004. Each VLAN is a separate broadcast domain and should use different IP network addressing. As you probably know, a switch cannot pass traffic between different VLANs.

A switch port can be configured either as an access port or as a trunk. An access port sends and receives traffic to/from one single VLAN, untagged. This is the normal thing for connecting PCs and other non trunk-aware equipment into a switch. The default configuration for a switch port is to be configured as an access port in VLAN 1. It looks like this:

Interface FastEthernet0/1
 switchport mode access (default, invisible)
 switchport access vlan 1 (default, invisible)
!

Select all Open in new window

In case of connecting non trunk-aware equipment to another VLAN than default VLAN 1, this is specified with the switch port "access vlan" command which is now visible:

Interface FastEthernet0/1
 switchport mode access (default, invisible)
 switchport access vlan 2
!

Select all Open in new window

To configure a trunk, change the switch mode to trunk. The default is to carry all VLANs.

Interface FastEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 1-2004 (default, invisible)
!

Select all Open in new window

To filter which VLANs should be available on the trunk, add the "allowed vlan" command:

Interface FastEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 1,5-7,9
!

Select all Open in new window

In case of reconfiguring a trunk port to an access port or vice versa there can be "unused" configuration lines left in the config. For example:

Interface FastEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 1,5-7,9
 switchport access vlan 2 (not in use since the port is in trunk mode)
!

Select all Open in new window

or:

Interface FastEthernet0/1
 switchport mode access (default, invisible)
 switchport trunk allowed vlan 1,5-7,9 (not in use since the port is configured as an access port)
!

Select all Open in new window

Do always first look in the port configuration if it is configured as an access port or a trunk port so that you know which of the other commands in the commands that are in use.

In case of a trunk port frames on all VLANs are sent as tagged, with the VLAN id attached to the frame. One exception for this is the "native VLAN". By default VLAN 1 is the native VLAN and is sent untagged. This can be changed with the "switch port trunk native vlan x" command. Obviously, though, there can only be one native VLAN configured on each port.

Interface FastEthernet0/1
 switchport mode trunk
 switchport trunk allowed vlan 1,5-7,9
 switchport trunk native vlan 6
!

Select all Open in new window

In the configuration above, frames from VLAN 1, 5, 7 and 9 are sent tagged with respective VLAN id while frames from VLAN 6 are sent without a tag.