What is the difference between a trunk and access port? Does a switch do one of them by default? I read that if you want to disable trunking so that a switch will not dynamically decide to use trunking on an interface and will remain an access interface, you want to use the switchport mode access interface subcommand. Does anyone have an example of all commands that need to be entered if you have just logged into the switch and need to get to an interface and put in this command?
Also, what does the following command do, I dont understand what the last two lines do and the difference between the last two lines.
switchport access vlan 2
switchport mode access
A trunk allows pretagged packets to passthrough without changing the tag while an access port takes the packets it receives and retags them.
Ex. To setup a trunk to allows all vlans(pretagged) traffic to flow to and from it
switchport mode trunk <------ explicitly making this port a trunk rather than allowing it to "negotiate" its role (only command needed)
Ex. To setup an access port and telling to tag the traffic as vlan 10
switchport mode access <----- explicitly making this an access port rather than allowing it to "negotiate" its role
switchport access vlan 10 <--------- tell this interface to tag any traffic entering the port as vlan 10
As to teh difference between a trunk and an access port, pull up this link https://supportforums.cisco.com/message/3542330#3542330
Actually one would expect commands to follow this convention
interface FastEthernet0/13 (specifically addresses port 13)
switchport access vlan 2 (places the previously defined port in vlan 2)
switchport mode access (defines the port as an access port)
Simply put, it places the fastethernet port f0/13 in vlan 2 and defines it as an access port.
Is a switch setup to be either a trunk port or an access port by default? Is one considered better than the other? I understand you might want to tag something to devote ports on a switch to a particular group, indicate what department eg. accounting, a communication came from. Why would you want to retag something.
I think most switches will negotiate to determine there port type by default. As for as your other questions. One isnt better than than the other, they are just used in different scenarios. You would use a trunk when connecting to another switch so you can send mutiple VLAN across the link without worrying about the packet being retagged when it gets to the other end. Access port are generally used on end devices like work PCs. The reason you would want to retag something is for added security. You wouldn't want a device to tag its own packets (just about any PC NIC can do this) with your Managent vlan when its suppose to be on your GUEST vlan. So generally an access port is tagging traffic with doesnt already have a tag but in the event that the traffic already has a tag it will retag it unlike a trunk.
I appreciate it, I got confused between switchport access and swtichport mode access. But as I see from your explanation, it can reference either the port mode or the vlan placement of the port, depending on the usage. Thanks
You have said that if an access port receive the frame it will remove the tag and retag them.In my understanding the access port will just remove the tag before forwarding the frame ,but I'm not sure about retaging them.I may be wrong please correct me with some explaination if I'm wrong.
Yeah, I saw that comment about retagging too and thought "hold on a minute"...
My understanding is that a frame received on an access port (i.e., sent from a host) is not already VLAN tagged. It is the switch that tags the frame (with the VLAN number that is assigned to the receiving access port), if it needs to send that frame out on the trunk port. If the frame is destined for another access port, the frame is not tagged.
If a frame comes in on a trunk port it should already be tagged with a VLAN number (unless it is in the native VLAN which is not tagged). The switch then strips the VLAN tag and sends it out on the appropriate access port (or ports if broadcast) to its destination.