DOWNDLOAD

Unicorn Network Threat Analyzer

  • Capture network traffic
  • Troubleshoot Wired & Wireless Network
  • Analyze network threats
Read More…
Free Downlaod

Switch Port Configuration: Access, Hybrid, and Trunk Explained

AndyHuang

Contents hide
Introduction to Switch Port Configuration
Switch Port Modes Configuration: Access Port Mode
Switch Port Modes Configuration: Hybrid Port Mode
Switch Port Modes Configuration: Trunk Port Mode
Comparing Switch Port Modes Configuration: Access, Hybrid, and Trunk
Related posts:

Introduction to Switch Port Configuration

In a Local Area Network (LAN), Switch Port Configuration is essential as the switch serves as the central device. It not only facilitates the connection of various network devices but also enhances network performance and security by segmenting traffic through Virtual Local Area Networks (VLANs).

In a switch, the configuration of the port mode is one of the key factors to ensure the normal operation of the network. The port mode configuration of the switch determines how the port handles VLAN tags.

Correctly configuring the port mode can help us achieve goals such as traffic isolation, improving bandwidth utilization, and enhancing network security at work .

Today, let’s talk about these three port modes: Access, Hybrid and Trunk . They each have their own characteristics and are suitable for different network environments and needs.

Switch Port Modes Configuration: Access Port Mode

An Access port is a type of port that can only belong to one VLAN . This type of port does not pass data frames with VLAN tags. When a device (such as a computer) is connected to an Access port, the device automatically becomes part of the VLAN associated with the port.

01 Features

  • Single VLAN: Access ports can only be assigned to one VLAN.
  • Untagged data frames: The data frames sent and received by the Access port do not contain VLAN tags.
  • Default VLAN: Access ports are usually assigned to the default VLAN (usually VLAN 1) if not explicitly specified.

02 Configuration Example

  1. Enter interface configuration mode: Select the port to be configured.
  2. Set the port mode to Access: Use the switchport mode access command.
  3. Specify VLAN: Use the switchport access vlan <vlan-id> command to specify the VLAN to which the port should belong.

03 Application Scenarios

Workstation connection: The Access port is typically used to connect to a user’s workstation or server.

Printers and Phones: IP printers and IP phones are also often connected to the network through the Access port.

Security devices : Firewalls or other security devices can also access specific VLANs through access ports.

04 Actual Case

Assuming we have an office network where all employees are in the same VLAN, we can configure an Access port to connect their computers in the following way:

Switch(config)# interface GigabitEthernet0/1 // Enter port configuration mode
Switch(config-if)# switchport mode access // Set the port mode to Access
Switch(config-if)# switchport access vlan 10 // Assign the port to VLAN 10

This way, all devices connected to this port will automatically become part of VLAN 10.

05 Notes

Consider enabling port security to limit the number of devices connected to the access port.

Avoid using the default VLAN (usually VLAN 1) because it is usually used for management purposes.

For critical equipment, consider using multiple ports to provide redundant connections.

Switch Port Modes Configuration: Hybrid Port Mode

A hybrid port is a port type that can belong to multiple VLANs at the same time . Unlike an access port, a hybrid port can be configured to send untagged data frames on some VLANs and tagged data frames on other VLANs.

This means that the Hybrid port can flexibly handle different types of traffic, making it ideal for connecting devices that need access to multiple VLANs.

01 Features

  • Multi-VLAN support : Hybrid ports can be assigned to multiple VLANs.
  • Optional Tagging : A hybrid port can be configured to send untagged frames to some VLANs and tagged frames to other VLANs.
  • Flexibility : Hybrid ports provide greater configuration flexibility and can adjust the traffic marking behavior as needed.

02 Configuration Example

  1. Enter interface configuration mode: Select the port to be configured.
  2. Set the port mode to Hybrid: Use the switchport mode hybrid command.
  3. Specify untagged VLAN: Use the switchport hybrid untagged vlan <vlan-id> command to specify the VLANs whose data frames should be sent as untagged.
  4. Specify tagged VLAN: Use the switchport hybrid tagged vlan <vlan-id> command to specify the VLANs whose data frames should be sent with tags.

03 Application Scenarios

Multi-purpose servers: For servers that need to access multiple VLANs simultaneously, Hybrid ports can provide the necessary flexibility.

Border router: A border router or firewall may need to be connected to multiple VLANs at the same time. In this case, using a hybrid port can simplify the configuration.

Access layer devices: Switch ports at the access layer may need to support multiple types of connections, such as supporting both user workstations and IP phones.

04 Actual Case

Assume we have a server that needs to access two VLANs at the same time: VLAN 20 (office network) and VLAN 30 (backup network). We can configure a hybrid port as follows:

Switch(config)# interface GigabitEthernet0/2 // Enter port configuration mode
Switch(config-if)# switchport mode hybrid // Set the port mode to Hybrid
Switch(config-if)# switchport hybrid untagged vlan 20 // Untagged VLAN 20
Switch(config-if)# switchport hybrid tagged vlan 30 // Tagged VLAN 30

In this way, the server can access VLAN 20 through untagged data frames and access VLAN 30 through tagged data frames.

05 Notes

Make sure to properly configure which VLANs should be tagged and which should not be tagged.

Check whether the device connected to the Hybrid port supports tagged data frames.

Ensure that only authorized devices can access specific VLANs.

Switch Port Modes Configuration: Trunk Port Mode

A Trunk port is a port type that can carry multiple VLAN data flows . Different from Access and Hybrid ports, a Trunk port always sends data frames with VLAN tags.

Trunk ports are mainly used to connect two switches or to connect a switch to a router and other devices to achieve cross-device VLAN communication.

01 Features

  • Multi-VLAN communication: Trunk ports can carry data from multiple VLANs.
  • Tag data frames: All data frames passing through the Trunk port will be added with VLAN tags.
  • High bandwidth utilization: Trunk ports allow traffic from multiple VLANs to be carried on a single physical link, improving bandwidth utilization.

02 Configuration Example

  1. Enter interface configuration mode: Select the port to be configured.
  2. Set the port mode to Trunk: Use the command switchport mode trunk.
  3. Allowed VLAN: Use the switchport trunk allowed vlan <vlan-id> command to specify which VLAN data frames can pass through the Trunk port.

03 Application Scenarios

Inter-switch connections: Trunk ports are most commonly used to connect two switches so that they can share traffic for multiple VLANs.

Connecting to a router: When a switch needs to communicate with a router, a Trunk port enables the router to access multiple VLANs.

Data Center: In data center environments, Trunk ports are widely used to build highly available network architectures.

04 Actual Case

Assume that we need to connect two switches Switch1 and Switch2 so that they can share the traffic of VLAN 10 and VLAN 20. We can configure the Trunk port by following the steps below:

Switch1(config)# interface GigabitEthernet0/24 // Enter port configuration mode
Switch1(config-if)# switchport mode trunk // Set the port mode to Trunk
Switch1(config-if)# switchport trunk allowed vlan add 10,20 // Allow VLAN 10 and VLAN 20 to pass
Switch2(config)# interface GigabitEthernet0/24 // Enter port configuration mode
Switch2(config-if)# switchport mode trunk // Set the port mode to Trunk
Switch2(config-if)# switchport trunk allowed vlan add 10,20 // Allow VLAN 10 and VLAN 20 to pass

05 Notes

Make sure that the devices at both ends support the same trunk protocol (such as IEEE 802.1Q or Cisco ISL).

Make sure only the required VLANs are allowed through the trunk port to prevent unnecessary traffic.

Consider enabling port security measures , such as restricting access control lists (ACLs) on trunk ports.

Comparing Switch Port Modes Configuration: Access, Hybrid, and Trunk

01 Features comparison

Access Port

  • Features: Can only belong to one VLAN; sends untagged data frames.
  • Advantages: Easy to use, suitable for single VLAN connection.
  • Disadvantages: Lack of flexibility and cannot support multiple VLANs at the same time.

Hybrid Port

  • Features: Can belong to multiple VLANs; can selectively mark or unmark data frames.
  • Advantages: Highly flexible and suitable for devices that need to access multiple VLANs.
  • Disadvantages: The configuration is relatively complex.

Trunk Port

  • Features: Carry traffic from multiple VLANs; send tagged data frames.
  • Advantages: Efficient use of bandwidth, suitable for connections between switches.
  • Disadvantage: The devices at both ends need to support the same Trunk protocol.

02 Selection suggestions

For simple terminal device connection : Access port is recommended.

For devices that need to access multiple VLANs : Consider using a Hybrid port.

For connections between switches or VLAN communication across devices : Use Trunk ports.

Related posts:

  1. Troubleshooting Asymmetric Network Path and Packet Loss with Wireshark
  2. Network Video App Packet Loss Troubleshooting
  3. How to Solve the TCP SYN-SYN/ACK-RST Problem Due to Mismatched Timestamps
  4. Analyze TCP Data Transmission Delay: Causes and Solutions