Configure switch port VLAN modes to control how traffic is handled - access mode for single VLAN or trunk mode for multiple VLANs.

Step 1: Configure access port for single VLAN Set a port to access mode to assign it to one specific VLAN for end devices like PCs or printers.

1
2
3
4
5
6
7
8

SW1>enable
SW1#configure terminal
SW1(config)#interface gigabitEthernet 0/5
SW1(config-if)#description PC in Finance VLAN
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#no shutdown
SW1(config-if)#exit

Step 2: Configure trunk port for multiple VLANs Set a port to trunk mode to carry traffic for multiple VLANs, typically used for inter-switch links or connections to routers.

1
2
3
4
5
6
7

SW1(config)#interface gigabitEthernet 0/24
SW1(config-if)#description Trunk to SW2
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk allowed vlan 10,20,30,40
SW1(config-if)#switchport trunk native vlan 99
SW1(config-if)#no shutdown
SW1(config-if)#exit

Step 3: Configure dynamic desirable mode (optional) Allow the port to negotiate trunking with the connected device using DTP (Dynamic Trunking Protocol).

1
2
3
4
5
6
7

SW1(config)#interface gigabitEthernet 0/23
SW1(config-if)#description Auto-negotiate trunk
SW1(config-if)#switchport mode dynamic desirable
SW1(config-if)#switchport trunk allowed vlan 10,20,30
SW1(config-if)#no shutdown
SW1(config-if)#exit
SW1(config)#end

Step 4: Verify the configuration

1
2
3

SW1#show interfaces switchport
SW1#show interfaces gigabitEthernet 0/5 switchport
SW1#show interfaces trunk

Key Points:

• Access ports strip VLAN tags before sending to end devices
• Trunk ports use 802.1Q tags to identify VLAN membership
• Native VLAN traffic travels untagged on trunk links
• Use switchport nonegotiate on trunk ports to disable DTP for security
• Always verify with show interfaces switchport before putting into production