Switch ports are Layer 2 interfaces that are used to carry layer 2 traffic. A single switch port can carry single VLAN traffic. Frames are handled differently according to the type of link they are traversing.
Note: All switch ports are assigned VLAN 1 by default (VLAN 1 cannot be modified or deleted).
There are 2 different types of ports in a switched environment:
These switch ports belong to carry the traffic of only one VLAN. By default, it will carry the traffic of native VLAN (VLAN 1) . If the switch ports are assigned as access ports then they can be considered as the switch ports belongs to a single broadcast domain. Any traffic arriving on these switch ports is considered as it belongs to the VLAN assigned to the port.
Here is a simple topology in which 2 switches are connected and only the default VLAN (VLAN 1)is configured on both switches i.e all the switch ports of both switches belong to a single broadcast domain.
Now, note that the link between the switches has to be configured as an access port because only a single VLAN (VLAN 1) data has to be exchanged. Now after assigning an IP address to PC1-192.168.1.1/24, PC2-192.168.1.2/24, PC3-192.168.1.3/24, PC3-192.168.1.4/24, the user shall configure the link between the 2 switches as an access port.
Switch1(config-if)#switchport mode access
Here, there is no need to assign VLAN to the ports as all the switch ports on both switches are configured as VLAN 1 by default.
- Access ports are used to connect end devices, such as PCs, printers, and servers, to the switch. These ports are simple to configure and provide a direct connection to the network.
- Access ports are typically configured to carry traffic for a single VLAN, which provides a layer of security by segregating traffic between different VLANs.
- Access ports are less complex than trunk ports, which makes them easier to configure and troubleshoot.
- Access ports can only carry traffic for a single VLAN, which can limit network flexibility and scalability. If a device needs to communicate with devices on another VLAN, it must go through a router or Layer 3 switch.
- Access ports are susceptible to VLAN hopping attacks, where an attacker can gain access to another VLAN by exploiting weaknesses in the network.
Trunk portsAccess Port:
These switch ports belong to and carry the traffic of more than one VLAN. This is a great advantage as to carry the traffic of a group of VLAN, a single switch port can be used. These are of great use if the user wants to exchange traffic between more than one switch having more than one VLAN configured. To identify traffic belongs to VLAN, the VLAN identification method (802.1q or ISL) is used. Also, to carry traffic between more than one VLAN, then inter VLAN routing is required, in which the link between router and switch is configured as trunk as the link has to carry the traffic of more than one VLAN (in case of a router on a stick configuration not in inter VLAN routing by layer 3 switches).
Note: Trunk links can carry the traffic of different VLANs across them but by default, if the links between switches are not trunk then only information from the configured access VLAN will be exchanged.
Here is a simple topology in which 2 switches are connected and VLANs 2 and 3 are configured on both switches as shown.
Note – A user has not assigned any VLANs to other ports of switches, therefore, the other ports will be in VLAN 1 by default.
Now, note that the link between the switches has to be configured as a trunk port because here more than one VLAN (VLAN 1, 2, 3) frame has to be exchanged between the switches. Now assigning IP address to PC1-126.96.36.199/24, PC2-192.168.2.1/24, PC3-192.168.1.2/24, PC3-192.168.2.2/24.
Now, the first user has to make VLANs on both switches.
Now, a user has more than one VLAN configured on both switches. Therefore, users have to assign the VLANs to their respective ports on Switch1.
Switch1(config-if)#switchport access vlan 2
Switch1(config-if)#switchport access vlan 3
Now, configure VLANs on their respective ports on Switch2.
Switch2(config-if)#switchport access vlan 2
Switch2(config-if)#switchport access vlan 3
Now, configure the link between 2 switches as a trunk port.
Switch1#switchport trunk encapsulation dot1q
Switch1#switchport mode trunk
As a result of this, now the user can carry more than one VLAN traffic from one switch to another switch (here, only configuration of switch ports are shown not the configuration of the router is shown. To perform inter VLAN routing, a configuration of the router is also needed).
- Trunk ports are used to connect switches to each other, which allows for the creation of a larger, more flexible network.
- Trunk ports can carry traffic for multiple VLANs, which provides greater flexibility and scalability. This allows devices on different VLANs to communicate with each other without the need for a router or Layer 3 switch.
- Trunk ports provide a more efficient use of bandwidth by allowing multiple VLANs to share the same physical link.
- Trunk ports are more complex to configure than access ports, which can make them more difficult to troubleshoot.
- Trunk ports are more susceptible to security threats, such as VLAN hopping and misconfiguration, which can potentially compromise the entire network.