Avatar of Hashim Nangarhari
Hashim Nangarhari
Flag for Saudi Arabia asked on

Identify a switch port VLAN membership

I am in front of a network port jack in the wall , I do not have access to the switch configuration ,is there a way to identify the VLAN membership of the port .

without using special tools like fluke , just by connecting my laptop ?

NetworkingCisco* Cisco Nexus

Avatar of undefined
Last Comment

8/22/2022 - Mon
Hello There

Get a proper tool or connect to the switch remotely (from your phone for instance).

Also, admins often match the VLAN ID with the IP address range they use... So if admins in your company do this, then it's simple. Just connect the laptop and get the VLAN ID from the IP address. For instance, DHCP assigns the IP address, then the VLAN ID is 30.
David Johnson, CD

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
David Sankovsky

I hate to give simple short yes / no answers, so I'll try to expand a little on the subject,

First, let us lay down some basic terms:
  • Keystone - That Network jack that you are standing in front of.
  • Interface - the Network port on the switch to which the keystone is connected
  • client device - whatever is connected to the keystone
Now that we have that covered, some basic rules about VLAN assignments.
in MOST cases, the switch assigned a VLAN to a client device based on the interface to which said client is connected via the keystone - meaning that moving a client from one keystone to another could mean the client device will be moved to a different VLAN, the process, however, is completely transparent to the client device - the user might see that his IP address has changed but there is no way for the client device to see what VLAN the switch assigned to it.

There are 2 special cases to consider:
  • Advanced NAC products - Some NAC Products, especially the more advanced ones (ClearPass, Forescout, and the such) have the ability to override the VLAN that's configured on an Interface and assign a completely different VLAN based on the security policy configured on the NAT (For example, any computer that is AD-Joined and is part of the R&D OUm will get VLAN 23 regardless of which switch and or interface it might be connected to)
  • An Interface on a switch might be configured as a TRUNK and not ACCESS, in this case, you might need to know thee vlan you want to connect to BEFORE you connect your client device to the keystone and configure it on the client beforehand.
So, in general, no, if you only have a simple windows machine connected to a simple ACCESS Interface on a switch (either directly or via a keystone, it doesn't really matter), you have no way of knowing what VLAN was assigned to you without being able to access the switch.

Then again how useful is it to known the Native VLAN id of the connected port.
There is no need to know the untagged (native) VLAN for access to the Native VLAN.

There is no choice in the matter if CDP shows the VLAN it is nice to know,  any 802.1x setting can override this so what is shown in idle might not be the same in active.
Also TAGGED Vlans are not shown.

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy