Switching Networking Theory

Interfaces

Understanding switchport modes including access, trunk, and voice VLAN configurations for proper port operation

Switchport

Not a physical interface, a mode in the CLI to determine what kind of mode a port is set to.

Access Port

An interface used for end hosts, printers, desktops, etc. It allows access to the network.

Trunk Port

Allows multiple VLAN traffic over single interface.

Unlike pure VLAN trunks, a port configured to support a data VLAN and a voice VLAN is listed as being associated with both VLANs

Switchport Modes

  • Switchport: Configuration mode that determines how a port handles VLAN traffic (not a physical interface type)
  • Cisco switches operate in two primary modes: access and trunk
  • Default behavior varies by switch model (most modern switches default to dynamic auto)

Access Ports

  • Single VLAN membership - carries traffic for only one VLAN
  • Used for end devices: desktops, printers, servers, IP phones (data VLAN)
  • Strips VLAN tags from frames before forwarding to connected device
  • For example, PC connected to access port in VLAN 10 receives untagged frames
  • Command: switchport mode access + switchport access vlan <vlan-id>

Trunk Ports

  • Multiple VLAN support - carries traffic for multiple VLANs simultaneously
  • Used between switches, routers, and other network infrastructure
  • Maintains VLAN tags (802.1Q encapsulation) to identify traffic from different VLANs
  • Requires VLAN database synchronization between connected devices
  • Command: switchport mode trunk + switchport trunk allowed vlan <vlan-list>

Special Interface Configurations

Voice VLAN Ports

  • Hybrid configuration supporting both data and voice VLANs
  • Data VLAN: untagged traffic (like standard access port)
  • Voice VLAN: tagged traffic for IP phones using 802.1Q
  • Why this matters: IP phones often have built-in switches requiring both VLANs
  • Command: switchport voice vlan <voice-vlan-id>

Dynamic Trunking Protocol (DTP)

  • Cisco proprietary protocol for automatic trunk negotiation
  • Dynamic Auto: waits for other side to initiate trunking
  • Dynamic Desirable: actively attempts to form trunk
  • Security best practice: manually configure ports to avoid unintended trunking

Interface Comparison Table

Port Type VLAN Support Tag Handling Typical Use Case
Access Single VLAN Strips tags End devices
Trunk Multiple VLANs Preserves tags Inter-switch links
Voice Data + Voice VLAN Mixed (untagged data, tagged voice) IP phones

Vocabulary

  • 802.1Q: IEEE standard for VLAN tagging on trunk links
  • Native VLAN: Untagged VLAN on trunk ports (default VLAN 1)
  • VLAN Tagging: Process of adding VLAN ID to Ethernet frames
  • DTP: Dynamic Trunking Protocol for automatic trunk negotiation

Notes

  • Always verify VLAN assignments after configuring switchports (show vlan brief)
  • Voice VLAN configuration appears in both data and voice VLAN associations
  • Trunk ports should have matching allowed VLAN lists on both ends
  • Native VLAN mismatch between trunk ends causes connectivity issues
  • Use show interfaces switchport to verify current port configuration
  • Security consideration: disable unused ports and set them to access mode in unused VLAN