Mulitple vlan support in one single port

Unanswered Question
Jul 9th, 2009

Is it possible to have multiple vlans in single port? Current configuration what i have is "switchport access vlan2" which means if a vlan3 users wanted to connect on this same port, I will have change the configuration as "switchport access vlan3" every time & vice versa. This is required for me to have this achieve in the conference room network ports in my office where multiple users from various vlan's often connects & every time I will have to change the port settings manually

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
burleyman Thu, 07/09/2009 - 07:56

Yes and can have two vlans on one port but only one for Data and the other for VoIP, but you can't have two differnt VLAN's for data or even two different VLAN's for VoIP.

Do all your people have static IP addresses? Also are they in different VLAN for security reasons?


Anand S Thu, 07/09/2009 - 08:20

Multiple vlans YES, because for security reason as vlan 2 uses should access all vlans & vlan 3 should access only internet.

All users will get IP address from DHCP server using ip helper-address.

Joseph W. Doherty Thu, 07/09/2009 - 09:15

Some of the latest port security stuff supports access port VLAN assignment based on user authenication (non-authenicated users get a guest VLAN).

Leo Laohoo Thu, 07/09/2009 - 14:44

How about configuring the ports as Dot1Q Trunk and specifying what VLANs are allowed?

Anand S Thu, 07/09/2009 - 17:45


That was really a good thought. Lemme try this morning & will come back with the test result :-)

Anand S Fri, 07/10/2009 - 09:37

Unfortunately it never worked & ended up with unsuccessful result :-(

Anand S Sat, 07/11/2009 - 05:14

I use WS-C2960-48TT-L & the IOS is


Leo Laohoo Sat, 07/11/2009 - 16:52

Ok, now you getting my curiosity. Any switch can do Dot1Q. Can you elaborate why it's not working?

Anand S Sat, 07/11/2009 - 19:24

"switcport trunk encapsulation dot1q" & is found in my 3650 but in 2960 "switchport mode trunk" is alone found. Could that be a limitation in 2960 switch?

Leo Laohoo Sat, 07/11/2009 - 23:22

Ahhhh ... The 2950 and 2960 switch will only support Dot1Q encapsulation. This is why the command "switchport trunk encapsulation dot1q" doesn't exist on these two models.

If you enter the command "sh interface switch" you'll see the default is Dot1Q.

Anand S Sun, 07/12/2009 - 06:09


I found a better way to acheive this by implementing VMPS. But I really appreciate for your continuious suggestion :-)/

bflseanny Sun, 07/19/2009 - 06:03

Just out of curiosity: do your users bring laptops to the conference room and have to connect into your switch?

Are the clients assigned to a VLAN in the operating system?

Please describe your scenario more for the sake of wisdom. I'd like to know what to think about if I have to approach such a situation in the future.

Anand S Sun, 07/19/2009 - 09:53

We have multiple departments in the office & each department managers belows to different vlan's. They use have a meeting once in every 2 days & they all join in the conference room & connect their laptops. Some of the department managers will have access to server vlan's & some of them don't & few of them have access to all vlans. To acheive this i need to have multiple vlan support without changing the configuration on the switchport.

bflseanny Sun, 07/19/2009 - 19:31

So, their VLAN access is more of a company policy issue and not something that is configured on their laptops? Or are you using RADIUS (or some other means) to assign their specific machines to a VLAN when they connect to the switch?

Anand S Sun, 07/19/2009 - 22:06

No RADIUS is using, it is just the DHCP assigns the MAC based IP addresses to the respective department head on their respective vlan.


This Discussion