    trunk port access mode


      Morning  people


      Just wondering what is the purpose of trunk port access mode i just don;t get it. i get the part of normal switch

      access port been assigned to certain vlan but for trunk port assigned to other vlans as well just not understanding it.



          Hi Jazz,


          Are you sure that command is "trunk port access mode" ?? I have not seen any command like that before :-(





            Hi Jazz!

            Do you mean somethink like the following config:

            interface FastEthernet0/1

            switchport access vlan 150

            switchport mode trunk

            switchport trunk native vlan 200

            If yes, then that config is needed when you connect your IP telephone directly to Fa0/1, and connect your pc to the phone. Assume that your voip vlan is 150 (ip telephones frames are tagged) and your regular vlan for pc is 200 (untagged). Thus we need a trunk port, passing all voip traffic with a tag 150, and regular traffic 200 untagged, i.e. native vlan. Obviously "switchport mode access" will not work, because only single vlan information will pass, but we need two.

              I got consfused with your question :-)


              If your requirment is to connect IP phone to a switch port you dont necessarly need a trunk port. A typical configuration for ip phone would be as below.


              interface FastEthernet5/48

              switchport access vlan 120

              switchport voice vlan 111

              speed 100

              duplex full

              auto qos voip trust

              spanning-tree portfast

              spanning-tree bpduguard enable


              Here we use switchport voice vlan which will tag the voice traffic with VLAN  id of 111 and the data vlan is untagged.Cisco calls this a Multi-Vlan access port, and NOT a trunk port. if it were a trunk port, according to Cisco, it would flood all vlans configured on the switch out to the phone. A port configured for voice Vlan does not flood out all Vlans to the phone, just the voice vlan frames (tagged) and the data frames ( untagged )


                Elvin Arias

                When you need to place an IP Phone on your network you normally separate the Voice VLAN from the Data VLAN in order to have more security, but with normal access mode on the switchport it's not recommended to do this. Because of that you can configure the switchport with the normal Data VLAN and at the same time associate the switchport to the Voice VLAN creating a special case trunk link. This allows the switchport to maintain both VLANs on the same switchport.



                  Patrick Geschwindner - CCIE R&S, CCSI

                  I guess you are referring to the existence of the switchport access vlan statement if you have a trunk defined at the same time. In ILKIN's reply the "switchport access vlan 120" has no effect and is ignored because it is a simple trunk. If you change the trunk mode to  "switchport mode dot1q-tunnel" then this will be changed into a Q-in-Q trunk and the "switchport access vlan 150" will define the outer dot1q encapsulation. This is used in cases you want to tunnel multiple complete trunks separately through a single trunk and keep the trunks identified by the outer tag.



                    i meant the command on a switch " show  interface e.g fastethernet 0/2 switchport",  the info given will show a section

                    access mode eg vlan 1 ,

                    trunking  native vlan mode e.g vlan 1


                    what i meant what the use of putting a trunk port to into a different vlan like 20 which when  you do

                    the command show interface fastethernet 0/2 for the trunk link which show access mode vlan 20.

                      jazz, the trunk port is defined as a port that can and probably will handle traffic coming from multiple, different VLAN. So you can't really 'put a trunk port into a different vlan', you can only add traffic from a particular vlan to the overall traffic handled by the trunk port. And as others have pointed out already, the 'switchport access vlan x' command is ignored on the trunk port the port is doing QinQ tunnel, which is a whole different story.