Switch port type -- access and trunk

Published on by dellpe

Question:

I seem to need some help in vlans. I am getting little confused.

If I have got it right, the behaviour of access port is:

- Tag untagged frames passing it inbound (from the connected host).

- Allow frames holding the default vlan tag to pass it outbound (towards the host) after srtipping off the tag.

- Dropping tagged frames that hold tags other than port default vlan tag.

In a similar logic. I know about trunk port:

- If it received tagged frames with tags from port's allowed list it will pass those frames unchanged (the is retained).

- If it received tagged frames with tags not allowed in the trunk, it will drop them.

But I need to know what will happen if it received untagged frames? does a trunk just pass them? or it depends on whether vlan 1 is allowed in the trunk? am I right saying that untagged frames are considered part of vlan1 and the trunk will allow them only if vlan1 is in its allowed list?

The last piece of my question, is there somethin like "hybrid" switch port? if yes, how does it behave?

Answer:

1. Let's have a change of scene for a while.

2. The tags we are going to restrict ourselves to are the "trunking protocol tags", i.e. 802.1q & ISL tags.

3. Now, access ports - no tags.

4. Accordingly:

If I have got it right, the behaviour of access port is:

- Tag untagged frames passing it inbound (from the connected host).

- Allow frames holding the default vlan tag to pass it outbound (towards the host) after srtipping off the tag.

- Dropping tagged frames that hold tags other than port default vlan tag.

5. Explanation:

- Tag untagged frames passing it inbound (from the connected host).

Let the switching engine decide if the frame needs to be tagged.

The switching engine will decide to tag the frame if the frame is to leave the switch out of a trunk port.

As a very naive example, if the frame is not leaving the switch at all, why burden the processor by adding a tag to all the incoming frames ?

In continuation with this naive example, what kind of tag to add, dot1Q or ISL ? Shall the switch toss a coin to decide that ?

- Allow frames holding the default vlan tag to pass it outbound (towards the host) after stripping off the tag.

I can't think of any naive examples over here.

- Dropping tagged frames that hold tags other than port default vlan tag.

A port is member of a particular Vlan.

This is indicated in the running configuration.

If a "normal" frame enters the port it is assigned Vlan membership based on the running config and tagged by the switching engine if needed.

Also, a normal access port cannot "read" tagged frames of any kind (exception Voice Vlans. But ignore this over here)

So a frame that cannot be accepted as a frame will be dropped in any case.

6. So, no to tags at access ports for simpler understanding. Vlan membership ? Look at the running configuration to decide which ports the frame should be sent to. All the ports having the same Vlan membership.

7. Trunk ports:

In a similar logic. I know about trunk port:

- If it received tagged frames with tags from port's allowed list it will pass those frames unchanged (the is retained).

  • No.
  • Accept the frames.
  • Read the tag.
  • Remove the tag.
  • Forward the frame out of access ports having the Vlan number in running configuration, as indicated by the tag.

- If it received tagged frames with tags not allowed in the trunk, it will drop them.

All right. That's correct.

-But I need to know what will happen if it received untagged frames? does a trunk just pass them? or it depends on whether vlan 1 is allowed in the trunk?

The phrase in red color is not-inter related to the phrase in blue color. Let me explain.

A trunk port has a "native vlan" configured on to it. By default this is Vlan 1.

So. Case 1 - native Vlan is 1 and is allowed on the trunk.

Incoming untagged frames will be sent to ports in Vlan 1.

Case 2 - native Vlan is 2 and allowed on the trunk

Incoming untagged frames will be sent to ports in Vlan 2.

-am I right saying that untagged frames are considered part of vlan1 and the trunk will allow them only if vlan1 is in its allowed list?

The statement above.

8.

-The last piece of my question, is there something like "hybrid" switch port? if yes, how does it behave?

Yes.

If a port is configured with the commands as follows in cisco WS-C2960S-24TS-L:

switch(config-if)#switchport access vlan 10

switch(config-if)#switchport voice vlan 20

  • Then this port will act as a limited trunk port with association with two Vlans.
  • Data frames will be directed to Vlan 10.
  • Voice frames will be directed to Vlan 20

9. Regarding point number 8, it is normal that you would like more details. However, I would suggest that you wait for a while and look for those details after you have completed the CCNA. ( I am assuming that you are yet to complete the CCNA as you have posted this question in CCENT forum. )

The reason for my suggestion is that at this stage you may need to focus on building the solid understanding of core concepts rather than analysing the finer details.

10. There is a lengthy discussion to this effect somewhere on CLN that I had participated in. I will try to find the link and post it here.

You also can see some more network knowledge in these blogs:

http://cisco3750x.weebly.com

http://huaweis3700.weebly.com

Published on cisco 2960 switch

To be informed of the latest articles, subscribe:
You might also like:
What is the difference between router and L3 switching
What is the difference between router and L3 switching
DTP on VTP domain null
DTP on VTP domain null
How to upgrade an IOS file on a 2950 or 2960 Catalyst switch?
How to upgrade an IOS file on a 2950 or 2960 Catalyst switch?
ACL blocks ping or telnet both ways
ACL blocks ping or telnet both ways
Multilayer switching
Cisco NAT Question and Answer
Comment on this post