asked on Identify a switch port VLAN membership
I am in front of a network port jack in the wall , I do not have access to the switch configuration ,is there a way to identify the VLAN membership of the port .
without using special tools like fluke , just by connecting my laptop ?
NetworkingCisco* Cisco Nexus
Last Comment
noci
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I hate to give simple short yes / no answers, so I'll try to expand a little on the subject,
First, let us lay down some basic terms:
in MOST cases, the switch assigned a VLAN to a client device based on the interface to which said client is connected via the keystone - meaning that moving a client from one keystone to another could mean the client device will be moved to a different VLAN, the process, however, is completely transparent to the client device - the user might see that his IP address has changed but there is no way for the client device to see what VLAN the switch assigned to it.
There are 2 special cases to consider:
First, let us lay down some basic terms:
- Keystone - That Network jack that you are standing in front of.
- Interface - the Network port on the switch to which the keystone is connected
- client device - whatever is connected to the keystone
in MOST cases, the switch assigned a VLAN to a client device based on the interface to which said client is connected via the keystone - meaning that moving a client from one keystone to another could mean the client device will be moved to a different VLAN, the process, however, is completely transparent to the client device - the user might see that his IP address has changed but there is no way for the client device to see what VLAN the switch assigned to it.
There are 2 special cases to consider:
- Advanced NAC products - Some NAC Products, especially the more advanced ones (ClearPass, Forescout, and the such) have the ability to override the VLAN that's configured on an Interface and assign a completely different VLAN based on the security policy configured on the NAT (For example, any computer that is AD-Joined and is part of the R&D OUm will get VLAN 23 regardless of which switch and or interface it might be connected to)
- An Interface on a switch might be configured as a TRUNK and not ACCESS, in this case, you might need to know thee vlan you want to connect to BEFORE you connect your client device to the keystone and configure it on the client beforehand.
Then again how useful is it to known the Native VLAN id of the connected port.
There is no need to know the untagged (native) VLAN for access to the Native VLAN.
There is no choice in the matter if CDP shows the VLAN it is nice to know, any 802.1x setting can override this so what is shown in idle might not be the same in active.
Also TAGGED Vlans are not shown.
There is no need to know the untagged (native) VLAN for access to the Native VLAN.
There is no choice in the matter if CDP shows the VLAN it is nice to know, any 802.1x setting can override this so what is shown in idle might not be the same in active.
Also TAGGED Vlans are not shown.
Also, admins often match the VLAN ID with the IP address range they use... So if admins in your company do this, then it's simple. Just connect the laptop and get the VLAN ID from the IP address. For instance, DHCP assigns the IP address 192.168.30.1, then the VLAN ID is 30.