Differences between switch ports untaged, taged, trunk, and access

First, the switch types are divided into low-end (SOHO-level) and high-end (enterprise-level ). An important difference between the two is the low-end switch. Each physical port is a logical port, while the high-end switch binds multiple physical ports into one logical port for configuration. In a cisco Network, the switch is eventually stable in the LAN

First, the switch types are divided into low-end (SOHO-level) and high-end (enterprise-level ). An important difference between the two is the low-end switch. Each physical port is a logical port, while the high-end switch binds multiple physical ports into one logical port for configuration. In a cisco Network, the switch is eventually stable in the LAN

First, the switch types are divided into low-end (SOHO-level) and high-end (enterprise-level ).
An important difference between the two is the low-end switch. Each physical port is a logical port, while the high-end switch binds multiple physical ports into one logical port for configuration.

In cisco networks, there are four main types of interfaces in which switches are eventually stable in the LAN: access/trunk/multi/dot1q-tunnel.

1. access: it is mainly used to access terminal devices, such as PCs, servers, and print servers.
2. trunk: it is mainly used to connect to other switches, so that multiple VLANs can be carried online.

4. dot1q-tunnel: Used in the Q-in-Q tunnel configuration.

The Cisco network device supports dynamic negotiation of the working status of the port, which provides some convenience for the implementation of the network device (but dynamic mode is not recommended ). The cisco dynamic negotiation protocol evolved from the initial DISL (Cisco private Protocol) to DTP (Public protocol ). According to the Implementation of Dynamic protocols, Cisco network device interfaces are divided into the following modes:
1. switchport mode access: forces an interface to become an access interface, and can negotiate with the other party to induce the other party to become an access mode.
2. switchport mode dynamic desirable: It is possible to negotiate with the peer interface to become a Trunk interface. If the neighbor interface mode is one of Trunk/desirable/auto, the interface will become a trunk interface. If the trunk mode cannot be formed, it works in access mode. This mode is the default mode of the current switch.
3. switchport mode dynamic auto: the Trunk interface is changed only when the neighbor switch actively negotiates with itself. Therefore, it is a passive mode. When the neighbor interface is Trunk/desirable, to be a Trunk. If the trunk mode cannot be formed, it works in access mode.
4. switchport mode trunk: forces the interface to become the Trunk interface and actively induces the other party to become the Trunk mode. Therefore, when the neighbor switch interface is trunk/desirable/auto, it will become the Trunk interface.
5. switchport nonegotiate: strictly speaking, this is not an interface mode. Its function is to prevent the switch interface from sending DTP data packets. It must be used with switchport mode trunk or switchport mode access.
6. switchport mode dot1q-tunnel: configure the switch interface as a tunnel interface (non-Trunk) to form an asymmetric link with the Trunk interface of the User Switch.

What is the link type?
Vlan link types can be divided into access links and trunk links.
(1) An access link refers to the link from a switch to a user's device, that is, the link from a switch to a user. Because most computers cannot send frames with vlan tags, this link can be understood as a link without vlan tags.
(2) trunk link refers to the link from a vswitch to an upper-layer device, such as a router. It can be understood as a link to a wan. Because vlan is used to differentiate users and services, vlan tags are usually used for this link.

What is the port type?
In the past, port types were mainly divided into two types: access and trunk.
(1) access Port: it is a port used to connect to the user's computer on a vswitch and is only used for access links. For example, when a port belongs to vlan 10, the data frame with vlan 10 will be sent to the port of the switch. When the data frame passes through this port, the vlan 10 tag will be removed. When it reaches the user's computer, it is an Ethernet frame. When the user's computer sends an Ethernet frame through this port up, this port will add a vlan 10 tag to this frame. Frames of other vlan tags cannot be sent from the port to or from the computer.
(2) trunk port: This port is the communication port between the switch or between the switch and the upper-layer device, used for trunk links. A trunk port can have one primary vlan and multiple secondary VLANs. This concept can be understood as follows: when a trunk port has 10 active VLANs and multiple secondary vlan11, 12, and 30, the data frame with vlan 30 can pass through this port, and vlan 30 will not be stripped out; data frames with vlan 10 can also pass through this port. If a data frame without a vlan passes through, the port is tagged with vlan 10. The existence of such ports is to transfer multiple VLANs across vswitches.
It can also be seen that the two link modes exactly correspond to the two port modes, which is not difficult to understand. The principle is understood. When you see the switch, the configuration will be completely understood several times.

Access and truck are used to differentiate the port types of switches in VLANs.
The truck port is the VLAN aggregation port connected to other switch ports, and the access port is the port connecting the switch to the host in the VLAN domain.
Generally, a trunk is tagged with a tag. Generally, only the vlan marked with the tag can pass through. Therefore, the port can allow multiple tagged VLANs to pass through, the access port is generally an untagged port, and an access vlan port only allows one access vlan to pass through.
Access, trunk, and hybid are three port attributes;
An access port can belong to only one vlan and is not tagged;
A port of the trunk type can belong to multiple VLANs, and all ports are tagged;
A hybid-based port can belong to multiple VLANs. The user determines whether the port is tagged in the vlan based on the actual situation;

Understanding of three port modes: Access, Hybrid, and Trunk

Tag, untag, and various port modes of A vswitch are the concepts most frequently used by network engineers when debugging A vswitch. However, in actual work, technicians often seem to be confused about these concepts, based on my own understanding, I combined another case to try to clarify these concepts. untag is a common ethernet packet, and the NIC of a general PC can identify such packets for communication;
The structure of the tag packet is changed after the source mac address and the target mac address, with the 4-bytes vlan information added, that is, the vlan tag header. Generally, the NIC of a common PC cannot be identified.
A frame with 802.1Q is a four-byte mark inserted on a standard Ethernet frame. Including:
Two-byte protocol identifier (TPID). When the prefix 0 x is fixed, it indicates that the frame carries the mark information of 802.1Q.
Two bytes of tag control information (TCI), including three fields.
Priority domain, which occupies 3 bits, indicates the Priority of the message. values 0 to 7 are the highest Priority, and 0 is the lowest Priority. This domain is used by 802.1p.
Standard Format Indicator (CFI) domain, 1bit, 0 indicates standard format, used in Ethernet; 1 indicates non-standard format, used in Token Ring.
The vlan id field, which occupies 12 bits and is used to indicate the VLAN's attribution.

There are three types of Ethernet ports: Access, Hybrid, and Trunk.
An Access port can only belong to one VLAN and is generally used to connect to a computer;
A Trunk port allows multiple VLANs to pass through. It can receive and send packets from multiple VLANs. It is generally used for ports connected between switches;
A Hybrid port allows multiple VLANs to pass through. It can receive and send packets from multiple VLANs. It can be used to connect switches or to users' computers.

First, we need to clarify the concept of port default VLAN.
The Access port only belongs to one VLAN. Therefore, its default VLAN is the VLAN where it is located. You do not need to set it;
The Hybrid and Trunk ports belong to multiple VLANs, so you need to set the default vlan id. By default, the default VLAN of the Hybrid and Trunk ports is VLAN 1.
If the default vlan id is set for the port, when the port receives a packet without a VLAN Tag, the packet is forwarded to the port of the default VLAN; when a port sends a packet with a VLAN Tag, if the vlan id of the packet is the same as the default vlan id of the port, the system removes the VLAN Tag of the packet and then sends the packet.

The process of data processing for incoming and outgoing vswitch interfaces is as follows:
Acess port receipt:
When a packet is received, determine whether there is VLAN information: If there is no VLAN information, add the PVID of the port and perform exchange and forwarding. If yes, discard the packet directly (default)
Acess port sends messages:
Remove the VLAN information of the packets and send them directly.
Trunk port receipt:
When a packet is received, determine whether there is VLAN information: If there is no VLAN information, add the PVID of the port and perform exchange and forwarding. If so, determine whether the trunk port allows the data of the VLAN to enter: if yes, it will be forwarded; otherwise, it will be discarded.
Trunk port sends messages:
Compare the PVID of the port with the VLAN information of the packet to be sent. If the two are the same, the VLAN information is stripped and then sent. If the two are not the same, the packets are directly sent.
Hybrid port receipt:
When a packet is received, determine whether there is VLAN information: If there is no VLAN information, set the PVID of the port and perform exchange and forwarding. If yes, determine whether the hybrid port allows data of the VLAN to enter: if yes, the forwarding will be done; otherwise, it will be discarded (the untag configuration on the port does not need to be considered at this time, and the untag configuration only takes effect when sending packets)
Hybrid port sends messages:
1. Determine the attributes of the VLAN on the current port (The disp interface can see which VLANs are untags and which VLANs are tags)
2. If it is an untag, the VLAN information is stripped and then sent. If it is a tag, it is directly sent.

[Switch-Ethernet0/1] int e0/1
[Switch-Ethernet0/1] port link-type hybrid
[Switch-Ethernet0/1] port hybrid pvid vlan 10
[Switch-Ethernet0/1] port hybrid vlan 10 20 untagged
[Switch-Ethernet0/1] int e0/2
[Switch-Ethernet0/2] port link-type hybrid
[Switch-Ethernet0/2] port hybrid pvid vlan 20
[Switch-Ethernet0/2] port hybrid vlan 10 20 untagged
In this case, the connected pcs under inter e0/1 and inter e0/2 can communicate with each other, but the round-trip VLANs used for data communication are different.
The following example describes the pc2 connected to inter e0/1 to access inter e0/2.
The data sent by pc1 is sent to the switch by marking vlan10 in the pvid vlan10 of inter0/1. The switch finds that inter e0/2 allows vlan
10 data passes, so the data is forwarded to inter e0/2, because the inter e0/2 vlan
10 is untagged, so the switch removes the vlan10 mark on the data packet and sends it to pc2 as a normal package. In this case, pc1-> p2 follows vlan10.
Next, we analyze the process of pc2 returning packets to pc1. The data sent by pc2 is identified by the pvid of inter0/2.
Vlan20 encapsulates the vlan20 tag and sends it to the switch. The switch finds that inter e0/1 allows the data of vlan 20 to pass, so the data is forwarded to the inter.
E0/1, because the inter e0/1 on vlan
20 is untagged, so the switch removes the vlan20 mark on the data packet and sends it to pc1 in the form of a normal package. In this case, pc2-> pc1 follows vlan20.

How to process access, trunk, and hybrid ports of Cisco switches
Processes access, trunk, and hybrid ports on the switch device. Note: When data frames are processed inside the switch, vlan tags are included.
A) access Port
Send (from inside the switch ):
With vlan tag: After deleting the tag, send
No vlan tag: Impossible
Receive:
With vlan tag: If the tag is equal to the pvid of the access port, it can be received and entered inside the switch.
Without vlan tag: add the pvid of the access port to the switch.
B) trunk port (native VLAN data can be sent without tags)
Send (from inside the switch ):
With vlan tag: If the tag is equal to the pvid of the trunk port, the tag is deleted and sent; otherwise, the tag is retained for direct sending.
No vlan tag: Impossible
Receive:
With vlan tag: Keep this tag and enter the switch.
Without vlan tag: add the pvid of the trunk port to the switch.
C) hybrid port (no tag can be added when multiple VLAN data can be sent)
Send (from inside the switch ):
With vlan tag: whether to send with tags depends on user configuration (you can configure tagged list and untagged list)
No vlan tag: Impossible
Receive:
With vlan tag: Keep this tag and enter the switch.
Without vlan tag: add the pvid of the hybrid port to the switch.

Allow both the trunk and hybrid ports to exist on the device, but you cannot change the hybrid port directly to the trunk port (hybrid -- "access ---" trunk), and vice versa (in the early days, I don't know whether to change it ). The id port allows data of multiple VLANs without tags, while the 802.1q trunk can only be data of vlan corresponding to native vlan (I .e. pvid) Without tags, it should be said that hybrid can implement the characteristics of the trunk port. You can use the hybrid port instead of the trunk.