As we all know, the vswitch ports are both layer-2 interfaces, and these interfaces are connected to physical ports. In a Vlan, these interfaces can be divided into access interfaces and relay ports. If the port of a vswitch uses an access port, it can only belong to a specific Vlan. If the port of a vswitch uses a relay port, it can belong to any Vlan. So when should we use access ports and when should we use relay ports? This is what the network administrator needs to pay attention.
I. Access Port features
The biggest feature of an access port is that it can only belong to a specific Vlan, and it can only carry the traffic of one Vlan. In essence, the traffic on the access port is received and sent only in the local format, that is, it does not carry any Vlan tags. That is to say, the data that arrives at an access port is simply assumed to belong to the Vlan allocated by that port. Jimo considers it to be the same Vlan. Therefore, the network administrator must remember that the data in the access port does not have any Vlan tags.
Now, let's take a look at this question. Suppose there is an access port that receives a labeled packet. What kind of action will the switch take? The switch does not hesitate to discard this packet. Because the access port does not view the source address (and does not have this function ). For this reason, labeled data packets can only be forwarded and received by the relay port. It can be seen from this that the access port and the relay port are incompatible.
In order to better understand the characteristics of the access port, I believe that you should put the access port and the access link together. This may be more helpful for actual work. In general, we can compare the access link to the Vlan configured on the port. What does this mean? Any device connected to the access link does not know the Vlan membership relationship, that is, the number of VLANs in the network and their respective relationships. The access link uses the default working mechanism. That is, assume that it is part of the same broadcast domain. Or, the access link does not care about the physical topology of the network. Before a frame is forwarded to a connected device, the switch deletes all Vlan information from the frame. In this case, devices connected to the access link are usually unable to communicate with devices outside the Vlan (except that data packets can be forwarded through routes ). It can be seen that this is the same as the access port. Only the access link is an exception when processing data packets. Generally, it does not communicate with external VLANs. However, if a packet is forwarded through a route, it runs. By combining the access port with the relay port, you can have a more comprehensive understanding of the characteristics of the access port.
Ii. Relay port features
The biggest difference between a relay port and an access port is that a relay port can send traffic to multiple VLANs at the same time. Make an image comparison. This is like the difference between a network cable and a telephone line. Connect another network cable from one network cable. At this time, only one host can access the Internet. Telephone lines are different. Multiple telephone lines can be mounted on a telephone line. When the phone rings, all the extension calls will ring and can be answered. In this image, you will have an intuitive impression on the relay port.
From a professional perspective, the relay port belongs to all VLANs. In order to better understand the relay port, I will also explain it in combination with the relay link. A relay link is generally a point-to-point link between two switches, or a link between a vswitch and a vro, or between a vswitch and a server. Compared with the access link, the relay link is capable of carrying the traffic of multiple VLANs. By default, up to 4094 VLANs can be created simultaneously. Of course, in actual work, it is generally not used so much. If you can use 10, the enterprise's network is already relatively large.
Whether it is a relay port or a relay link, there is also a notable feature that can make a single port a part of multiple different VLANs at the same time. In practice, this feature is very practical. With this technology, you can set the same server to be used in both broadcast domains. Therefore, when an end user accesses it, it is not necessary to access it across the third-layer device. Reducing intermediate links can improve network access efficiency. The second feature of relay is that during the connection to a vswitch, the relay link can transmit various Vlan messages across links.