Facing a tricky VLAN issue where a device won’t get an IP? Learn the common causes, like access vs. trunk ports, and how to troubleshoot them simply.

We’ve all been there. You’re staring at a network configuration that looks perfect. It should work. All the guides and your own experience say so. Yet, here you are, stuck.

I found myself in this exact spot recently. I was setting up a simple VLAN on a switch. The goal was to isolate a specific device on its own little network segment, VLAN 600. I set up two ports as access ports for that VLAN. Simple enough.

Then came the weird part. The switch itself, through its virtual interface (SVI), could grab an IP address on VLAN 600 just fine. But the actual device I plugged into the other port? Nothing. It couldn’t get an IP address to save its life.

It’s one of those problems that makes you question everything you know. I went over the config again and again. It was so basic, it felt like I had to be missing something obvious. And, as it often turns out, I was.

If you ever find yourself in this situation, it almost always comes down to one fundamental concept: the difference between an Access Port and a Trunk Port.

The Big Question: Access or Trunk?

This is where most VLAN headaches begin. We mix up when to use which, and the network, being the logical and unforgiving thing it is, simply doesn’t work.

Think of it this way:

• An Access Port is for a single occupant. It belongs to one, and only one, VLAN. It’s like a private driveway to a house. Only traffic for that one house (VLAN) is allowed. You use access ports for your end-user devices: laptops, printers, servers, smart TVs, etc. The device itself doesn’t need to know anything about VLANs; the switch handles it.

• A Trunk Port is a highway for many. It can carry traffic for multiple VLANs at the same time. To keep things from getting mixed up, the switch adds a “tag” to each piece of data, indicating which VLAN it belongs to. It’s like a multi-lane highway where every car has a sign telling everyone which city (VLAN) it’s heading to. You use trunk ports to connect your switch to other network devices that also understand VLANs, like another switch or a router.

So, when I said I was trying to “pass a VLAN through a switch,” the real problem was hidden in that phrase. What was I connecting to?

Scenario 1: You’re Connecting to a Router or Another Switch

This is the most common reason for this specific problem.

If your setup looks something like [Router] --- [Switch] --- [My Device], the connection between your router and your switch is key. Your router is likely handling the IP address assignments (DHCP) for VLAN 600. For your switch to get that traffic from the router and pass it along to your device, it needs to understand that the traffic is for VLAN 600.

This is a job for a trunk port.

The link between the router and the switch needs to be a trunk that is configured to “allow” VLAN 600 to pass through it. Then, the port that your actual device is plugged into should be an access port set to VLAN 600.

• Router Port → Switch Port 1 (This should be a Trunk Port)
• Switch Port 2 → Your Laptop (This should be an Access Port for VLAN 600)

The switch’s own interface (SVI) could get an IP because the switch itself understands the VLAN. But it couldn’t pass that DHCP goodness along to my laptop because the connection to the router wasn’t configured to carry tagged traffic for multiple VLANs. It was likely set as an access port, creating a misconfiguration.

Scenario 2: Both Devices Are on the Same Switch

But what if your setup is simpler? What if you’re just plugging two laptops into the same switch and want them to be on VLAN 600 together? In that case, setting both ports as access ports for VLAN 600 is the correct move.

If it’s still not working, it’s time to check other things:

• Where is the DHCP server? For your device to get an IP address, something has to be giving it out. Is there a router or server on another port of this same switch? If so, that link might need to be a trunk (see Scenario 1). If the DHCP server is on VLAN 600 with them, check its configuration.
• Check for typos. I can’t tell you how many times I’ve spent an hour troubleshooting only to find I typed vlan 60 instead of vlan 600. It happens to everyone.
• Did you save the configuration? The classic mistake. On many enterprise switches, you need to explicitly save your running configuration to the startup configuration. Otherwise, a reboot could wipe your changes.
• Port Security: Is it possible there’s a port security feature enabled that’s blocking the device’s MAC address? It’s less common, but a possibility on a corporate or managed switch.

A Quick Troubleshooting Checklist

Next time you’re stuck, take a deep breath and run through these questions:

1. What is plugged into the port? Is it an end device (PC, printer) or a network device (router, switch)?
2. Use Access for End Devices: If it’s a PC, it needs an access port. switchport mode access & switchport access vlan 600.
3. Use Trunk for Network Devices: If it’s another switch or a router, it probably needs a trunk port. switchport mode trunk.
4. Verify the Trunk: If you’re using a trunk, make sure you’ve allowed the necessary VLAN. switchport trunk allowed vlan add 600.
5. Follow the Path: Trace the entire path from the DHCP server to your device. Every link in between has to be configured to carry the VLAN traffic correctly.

It’s almost never some deep, complex issue. It’s usually one simple setting, one tiny detail that’s out of place. And figuring it out is a great reminder that even with the basics, there’s always something new to learn or, more often, something simple to remember.