Table of Contents
VLANs are widely used in network environments to ensure secure and efficient communications. VLANs can be configured in two modes for management. Default mode of ‘dynamic desirable’ gives less control as compared to other two custom defined modes. Switchport mode access is designed for specific use cases to have more control on switch port behaviour and use.
In today’s topic we will learn about switch port mode access and how its configuration is done on Cisco switches.
Switchport Mode Access
While configuring network switches (layer 2 devices) two types of modes are available to manage VLANs – ‘switchport access mode’ and ‘switchport trunk mode’. In Cisco switches switch ports port is configured in default mode which is ‘dynamic desirable’. This means when devices are connected it will negotiate to form a trunk. Switch ports can be set either in trunk or access mode to have more control on switch port behaviour. Using switchport access mode forces the port to be an access port and when any device is plugged into this port it will only be able to communicate with other devices which are in the same VLAN.
Switchport mode is used to connect endpoint devices to VLANs such as systems, printers, IP phones etc. this is typically used for devices which need not be aware of VLANs such as desktop computers etc.
Command to configure switchport mode in Cisco IOS
interface FastEthernet0/1
switchport mode access
switchport access vlan 10Ports configured as switchport will have VLAN tags stripped and by default an access port will carry only one VLAN.
How to Configure Switchport Mode Access on Cisco Switches
The switchport mode command allows configuring ‘trunking’ operational mode on interface (layer 2) on Cisco devices. We can configure the interface to operate in ‘access’ mode. This ensures this interface will pass traffic only for a single VLAN. In this access mode, the interface will not tag an outgoing ethernet frame with an 802.1Q VLAN ID tag. It will also discard frames which are tagged with a VLAN ID.
To set FastEthernet Fa0/2 as an Ethernet access port that carries traffic for VLAN 2 only use the below command.
Switch1# configure terminal <Enable global configuration mode>
Switch1(config)# interface Fa0/2 <specify ethernet interface>
Switch1(config-if) # switchport mode access <set switchport mode as access>
Switch1(config-if) # switchport access vlan 2 <carry traffic only for vlan 2>
Switch1(config-if) # end To verify
Switch1(config-if) # show vlan brief A system connected to this port will belong to vlan 2.
The switchport mode access command is followed by switchport access vlan command. This command is used to specify which VLAN this interface belongs to. In the absence of this command an interface is statically set to access mode and interface is assigned to default VLAN which is VLAN 1.
Related FAQs
What is switchport mode access?
Switchport mode accessis a command used to set a switch port to operate exclusively as an access port. In this mode, the port can connect to only a single VLAN (usually for end devices like computers or printers) and does not participate in VLAN trunking, meaning it will only carry traffic for one VLAN.
How do I configure a port as an access port?
- To configure a switch port as an access port, use the following commands in interface configuration mode:
switchport mode access
switchport access vlan [VLAN_ID]Replace [VLAN_ID] with the desired VLAN number. For example, switchport access vlan 10 assigns the port to VLAN 10.
What happens if I configure a switch port with both switchport mode access and switchport mode trunk?
- A switch port cannot simultaneously be configured as both access and trunk. The last command executed (either
switchport mode accessorswitchport mode trunk) will take effect, and the previous mode configuration will be overridden.
What is the difference between switchport mode access and switchport access vlan?
Switchport mode accesssets the port to only work with a single VLAN, making it an access port. Meanwhile,switchport access vlan [VLAN_ID]assigns the specified VLAN to this access port. Both commands are typically used together to set up the VLAN for an access port.
How can I verify the configuration of a switch port set to access mode?
- Use the
show running-configcommand to view the active configuration for a specific interface or theshow interfaces switchportcommand, which displays details about the port’s current mode (access or trunk) and its assigned VLAN.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
