A VLAN (Virtual Local Area Network) is a logical grouping of devices that share the same broadcast domain. VLANs can improve network performance, security, and management by separating different types of traffic or users. To assign a switch port to a VLAN, you need to configure the port as either an access port or a trunk port. An access port can carry traffic for only one VLAN, while a trunk port can carry traffic for multiple VLANs.

Prerequisites

Before you begin, make sure that you have the following:

• A Cisco switch that supports VLANs and trunking.
• A console cable or a Telnet/SSH connection to the switch.
• The VLAN ID and name that you want to create and assign to the port.
• The port number and mode (access or trunk) that you want to configure.

Steps

1. Log in to the switch and enter privileged EXEC mode. You can do this by typing enable and entering the enable password if prompted.

2. Enter global configuration mode by typing configure terminal.

3. Create the VLAN that you want to use by typing vlan vlan-id, where vlan-id is a number between 1 and 4094. For example, to create VLAN 10, type vlan 10.

4. Optionally, assign a name to the VLAN by typing name vlan-name, where vlan-name is a descriptive name for the VLAN. For example, to name VLAN 10 as Sales, type name Sales.

5. Exit VLAN configuration mode by typing exit.

6. Select the interface that you want to assign to the VLAN by typing interface interface-id, where interface-id is the name of the interface. For example, to select FastEthernet 0/1, type interface fastethernet 0/1.

7. Configure the interface as an access port or a trunk port by typing switchport mode mode, where mode is either access or trunk. For example, to configure the interface as an access port, type switchport mode access.

8. If you configured the interface as an access port, assign it to the VLAN by typing switchport access vlan vlan-id, where vlan-id is the VLAN number that you created in step 3. For example, to assign the interface to VLAN 10, type switchport access vlan 10.

9. If you configured the interface as a trunk port, you can optionally specify which VLANs are allowed or not allowed on the trunk by typing switchport trunk allowed vlan {add | all | except | remove | none} vlan-list, where vlan-list is a comma-separated list of VLAN numbers or ranges. For example, to allow only VLANs 10 and 20 on the trunk, type switchport trunk allowed vlan 10,20.

10. Exit interface configuration mode by typing exit.

11. Save the configuration by typing copy running-config startup-config.

Verification

To verify that the interface is assigned to the VLAN, you can use the following commands:

• show vlan – This command displays information about the VLANs on the switch, such as the VLAN ID, name, status, and ports.
• show interfaces switchport – This command displays information about the switchport configuration of the interfaces, such as the mode, access VLAN, trunk VLANs, and encapsulation.
• show mac address-table – This command displays the MAC address table of the switch, which shows the MAC addresses and VLANs of the devices connected to the switch.

Example

The following example shows how to create VLAN 10 and VLAN 20, name them as Sales and Marketing, and assign FastEthernet 0/1 to VLAN 10 as an access port and FastEthernet 0/2 to VLAN 20 as a trunk port that allows only VLANs 10 and 20.

Switch> enable
Switch# configure terminal
Switch(config)# vlan 10
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name Marketing
Switch(config-vlan)# exit
Switch(config)# interface fastethernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# exit
Switch(config)# interface fastethernet 0/2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20
Switch(config-if)# exit
Switch(config)# copy running-config startup-config