Link to home
Start Free TrialLog in
Avatar of Hashim Nangarhari
Hashim NangarhariFlag for Saudi Arabia

asked on

Identify a switch port VLAN membership

I am in front of a network port jack in the wall , I do not have access to the switch configuration ,is there a way to identify the VLAN membership of the port .

without using special tools like fluke , just by connecting my laptop ?

Avatar of Hello There
Hello There

Get a proper tool or connect to the switch remotely (from your phone for instance).

Also, admins often match the VLAN ID with the IP address range they use... So if admins in your company do this, then it's simple. Just connect the laptop and get the VLAN ID from the IP address. For instance, DHCP assigns the IP address, then the VLAN ID is 30.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I hate to give simple short yes / no answers, so I'll try to expand a little on the subject,

First, let us lay down some basic terms:
  • Keystone - That Network jack that you are standing in front of.
  • Interface - the Network port on the switch to which the keystone is connected
  • client device - whatever is connected to the keystone
Now that we have that covered, some basic rules about VLAN assignments.
in MOST cases, the switch assigned a VLAN to a client device based on the interface to which said client is connected via the keystone - meaning that moving a client from one keystone to another could mean the client device will be moved to a different VLAN, the process, however, is completely transparent to the client device - the user might see that his IP address has changed but there is no way for the client device to see what VLAN the switch assigned to it.

There are 2 special cases to consider:
  • Advanced NAC products - Some NAC Products, especially the more advanced ones (ClearPass, Forescout, and the such) have the ability to override the VLAN that's configured on an Interface and assign a completely different VLAN based on the security policy configured on the NAT (For example, any computer that is AD-Joined and is part of the R&D OUm will get VLAN 23 regardless of which switch and or interface it might be connected to)
  • An Interface on a switch might be configured as a TRUNK and not ACCESS, in this case, you might need to know thee vlan you want to connect to BEFORE you connect your client device to the keystone and configure it on the client beforehand.
So, in general, no, if you only have a simple windows machine connected to a simple ACCESS Interface on a switch (either directly or via a keystone, it doesn't really matter), you have no way of knowing what VLAN was assigned to you without being able to access the switch.
Then again how useful is it to known the Native VLAN id of the connected port.
There is no need to know the untagged (native) VLAN for access to the Native VLAN.

There is no choice in the matter if CDP shows the VLAN it is nice to know,  any 802.1x setting can override this so what is shown in idle might not be the same in active.
Also TAGGED Vlans are not shown.