Skip to content
TEQcloud Knowledge base

Switch Fundamentals

Basic switch port configuration for connecting devices - access ports for endpoints, trunk ports for switch-to-switch connections.

Why Configure Switch Ports?

Section titled “Why Configure Switch Ports?”

By default, all switch ports are in VLAN 1. You need to configure ports to:

  • Assign devices to specific VLANs for segmentation
  • Create trunk links to carry multiple VLANs between switches
  • Secure ports against unauthorized devices (port security)
  • Document your network (port descriptions)

Access Port

Section titled “Access Port”

When to configure: For every port connecting to an end device (PC, printer, phone, server).

Connects a single device to one VLAN.

Switch(config)# interface FastEthernet0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# no shutdown

Parameters:

  • FastEthernet0/1 - Replace with your port number.
  • 10 - VLAN number. Replace with your VLAN (create the VLAN first if it doesn’t exist).

Trunk Port

Section titled “Trunk Port”

When to configure: For ports connecting to other switches or routers. Carries traffic for multiple VLANs.

Switch(config)# interface GigabitEthernet0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,30,40
Switch(config-if)# no shutdown

Parameters:

  • GigabitEthernet0/1 - Replace with your uplink port to another switch or router.
  • 10,20,30,40 - VLAN list. Replace with your VLANs (or use all to allow all VLANs).

Allow all VLANs on trunk:

Switch(config-if)# switchport trunk allowed vlan all

Add VLANs to existing trunk (without removing others):

Switch(config-if)# switchport trunk allowed vlan add 50,60

Native VLAN

Section titled “Native VLAN”

Untagged VLAN on trunk (default is VLAN 1, change for security).

Switch(config-if)# switchport trunk native vlan 99

Port Speed and Duplex

Section titled “Port Speed and Duplex”

Manually set speed and duplex (auto-negotiation is default).

Switch(config-if)# speed 100
Switch(config-if)# duplex full

Auto-negotiation (default):

Switch(config-if)# speed auto
Switch(config-if)# duplex auto

Port Description

Section titled “Port Description”

Label ports for documentation.

Switch(config-if)# description Connection to Server Room Switch

Disable Unused Ports

Section titled “Disable Unused Ports”

Shutdown ports that aren’t in use (security best practice).

Switch(config)# interface range FastEthernet0/5-24
Switch(config-if-range)# shutdown

Port Security

Section titled “Port Security”

Limit which devices can connect to a port (prevents unauthorized access).

Basic port security (allows 1 MAC address):

Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security mac-address sticky

Violation modes:

  • shutdown - Disables port (default, most secure)
  • restrict - Drops packets and logs
  • protect - Only drops packets

Verify Configuration

Section titled “Verify Configuration”
Switch# show interfaces status
Switch# show interfaces trunk
Switch# show interfaces FastEthernet0/1 switchport
Switch# show port-security
Switch# show port-security interface FastEthernet0/1
Switch# show mac address-table