A trunk allows pretagged packets to passthrough without changing the tag while an access port takes the packets it receives and retags them.
Ex. To setup a trunk to allows all vlans(pretagged) traffic to flow to and from it
switchport mode trunk <------ explicitly making this port a trunk rather than allowing it to "negotiate" its role (only command needed)
Ex. To setup an access port and telling to tag the traffic as vlan 10
switchport mode access <----- explicitly making this an access port rather than allowing it to "negotiate" its role
switchport access vlan 10 <--------- tell this interface to tag any traffic entering the port as vlan 10
As to teh difference between a trunk and an access port, pull up this link https://supportforums.cisco.com/message/3542330#3542330
Actually one would expect commands to follow this convention
interface FastEthernet0/13 (specifically addresses port 13)
switchport access vlan 2 (places the previously defined port in vlan 2)
switchport mode access (defines the port as an access port)
Simply put, it places the fastethernet port f0/13 in vlan 2 and defines it as an access port.
Is a switch setup to be either a trunk port or an access port by default? Is one considered better than the other? I understand you might want to tag something to devote ports on a switch to a particular group, indicate what department eg. accounting, a communication came from. Why would you want to retag something.
I think most switches will negotiate to determine there port type by default. As for as your other questions. One isnt better than than the other, they are just used in different scenarios. You would use a trunk when connecting to another switch so you can send mutiple VLAN across the link without worrying about the packet being retagged when it gets to the other end. Access port are generally used on end devices like work PCs. The reason you would want to retag something is for added security. You wouldn't want a device to tag its own packets (just about any PC NIC can do this) with your Managent vlan when its suppose to be on your GUEST vlan. So generally an access port is tagging traffic with doesnt already have a tag but in the event that the traffic already has a tag it will retag it unlike a trunk.
You have said that if an access port receive the frame it will remove the tag and retag them.In my understanding the access port will just remove the tag before forwarding the frame ,but I'm not sure about retaging them.I may be wrong please correct me with some explaination if I'm wrong.
Yeah, I saw that comment about retagging too and thought "hold on a minute"...
My understanding is that a frame received on an access port (i.e., sent from a host) is not already VLAN tagged. It is the switch that tags the frame (with the VLAN number that is assigned to the receiving access port), if it needs to send that frame out on the trunk port. If the frame is destined for another access port, the frame is not tagged.
If a frame comes in on a trunk port it should already be tagged with a VLAN number (unless it is in the native VLAN which is not tagged). The switch then strips the VLAN tag and sends it out on the appropriate access port (or ports if broadcast) to its destination.
I think he means that if the access port configured with VLAN 20 receives traffic from a PC/device who's already tagging it (although it's not supposed to) with some other VLAN, lets say 30. In this case, the switch follows its protocol and untags VLAN 30 and retags it with VLAN 20 because ideally the access switchport can forward/receive traffic only from a single VLAN and the only VLAN it's aware of for this port is VLAN 20.