Access port and Trunk port

There are two types of switch ports in the vlan configuration, namely, Access port and Trunk port. Different between Access port and Trunk port.

Access port
Trunk port
Access ports are usually reserved for the ports which connect to end devices like PCs, laptops or servers.
Trunk ports can be another switch or a router, but cannot be an end device.
Access ports are configured to accept a finite number of MAC addresses to avoid attacks
Trunk ports carry multiple VLANs through the link by tagging packets using VLAN Ids.
This is usually also termed as ‘port security’
The native VLAN number is the one in which the switches exchanged management or control traffic (BPDU). Hence only the native VLAN will remain unchanged
Access ports are members of VLAN
Trunk ports are not members of VLAN
Access ports are designed to forward the Ethernet frames.
The trunk ports are designed to forward one or more VLAN IDs.

Configure Trunking

Observe the following command for configuring Trunking:

Switch1#configure terminal
Switch1(config)#interface f 0/23
Switch1(config-if)#switchport mode trunk
Switch1#show interface trunk

 Access port does not get tagged as the receiver (host) since the LAN card does not understand the tag.
The native VLAN is not tagged in a trunk port since the purpose of a tag is to identify the frame. The BPDU is for the management of traffic. It is also meant for switches. Since the switches do not connect to the access port, the traffic in the native VLAN category is not tagged for avoiding extra identification.
Some key points about the trunk port are as follows:

  • By default, traffic from all the VLANs is allowed on a trunk. Still, you can specify whether a particular VLAN is to be permitted or not.
  • Switches are always connected using a cross-over cable and not by using a straight-through cable.

Cisco catalyst “2960” has an Auto-MDIX port that will auto-detected a crossed connection where you can use a straight-through cable.
While configuring a trunk port, the trunking protocol adds a VLAN tag to the frames coming into the switch. These VLAN tagged frames are forwarded across the trunk ports. The frame is identified and forwarded to the same VLAN on the other switch and not to different VLANs.
There are two types of trunking protocols.

 Inter Switch Link – ISL

Inter Switch Link is a Cisco proprietary protocol which provides trunking of multiple VLANs between two switches where a single port will carry traffic for more than one VLAN.

ISL completely encapsulates the original Ethernet frame by adding new 26-byte header and a new 4 byte FCS.

IEEE 802.1Q (dot1q)

This now a standard protocol for trunking multiple VLANs between cross-platform switches.

802.1Q is the IEEE standard for the frame tagging on a trunk and support up to 4096 VLANs. It does not re-encapsulate the original frame. Instead, it inserts a 4 bytes tag into the original frame and re-computes the frame check sequence (FCS) before the device sends the frame over the trunk link. At the receiving end, the tag is detached and the frame is promoted to the assigned VLAN. Most modern NICs will not reject these frames if they mistakenly receive it. The size of it is 1522 bytes.

    6 bytes                   6 bytes             4 bytes                   2 bytes           46 to 1500 bytes          4 bytes
E type
DTP (Dynamic Trunking Protocol) is a Cisco proprietary. This automatically consults whether the port should be placed into the access or trunk mode. It also considers out the trunking protocol (802.1Q or ISL) that should be used.
Presently, the default and the only option for trunking between switches is 802.1q.

Also Read: