Table of Contents
Advertisement
Chapter 11
Configuring Interface Characteristics
For detailed information about configuring access port and trunk port characteristics, see
"Configuring VLANs."
802.1Q and Layer 2 Protocol Tunneling."
Access Ports
An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice
VLAN port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on
an access port is assumed to belong to the VLAN assigned to the port. If an access port receives an IEEE
802.1Q tagged packet), the packet is dropped, and the source address is not learned.
Two types of access ports are supported:
•
•
You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic
and another VLAN for data traffic from a device attached to the phone. For more information about voice
VLAN ports, see
Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN
database. An IEEE 802.1Q trunk port supports simultaneous tagged and untagged traffic. An IEEE
802.1Q trunk port is assigned a default port VLAN ID (PVID), and all untagged traffic travels on the
port default PVID. All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to belong
to the port default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent
untagged. All other traffic is sent with a VLAN tag.
Although by default, a trunk port is a member of every VLAN known to the VTP, you can limit VLAN
membership by configuring an allowed list of VLANs for each trunk port. The list of allowed VLANs
does not affect any other port but the associated trunk port. By default, all possible VLANs (VLAN ID 1
to 4094) are in the allowed list. A trunk port can become a member of a VLAN only if VTP knows of
the VLAN and if the VLAN is in the enabled state. If VTP learns of a new, enabled VLAN and the VLAN
is in the allowed list for a trunk port, the trunk port automatically becomes a member of that VLAN and
traffic is forwarded to and from the trunk port for that VLAN. If VTP learns of a new, enabled VLAN
that is not in the allowed list for a trunk port, the port does not become a member of the VLAN, and no
traffic for the VLAN is forwarded to or from the port.
For more information about trunk ports, see
Tunnel Ports
Tunnel ports are used in IEEE 802.1Q tunneling to segregate the traffic of customers in a
service-provider network from other customers who are using the same VLAN number. You configure
an asymmetric link from a tunnel port on a service-provider edge switch to an IEEE 802.1Q trunk port
on the customer switch. Packets entering the tunnel port on the edge switch, already
IEEE 802.1Q-tagged with the customer VLANs, are encapsulated with another layer of an IEEE 802.1Q
OL-13270-06
For more information about tunnel ports, see
Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with
IEEE 802.1x. For more information, see the
section on page
9-16.)
VLAN membership of dynamic access ports is learned through incoming packets. By default, a
dynamic access port is not a member of any VLAN, and forwarding to and from the port is enabled
only when the VLAN membership of the port is discovered. Dynamic access ports on the switch are
assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a
Catalyst 6500 series switch; the switch cannot be a VMPS server.
Chapter 15, "Configuring Voice VLAN."
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Chapter 17, "Configuring IEEE
"802.1x Authentication with VLAN Assignment"
Chapter 13, "Configuring VLANs."
Understanding Interface Types
Chapter 13,
11-3
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
