Page Content

Tutorials

Load more

Access Port vs Trunk Port And Access Port Disadvantages

CCNA
Agarapu Geetha
Author: Agarapu Geetha
5 min.read

Access Port

Access Port
Access Port

A switch port type known as an access port is set up to belong to and transport traffic for a single Virtual Local Area Network (VLAN). Its main objective is to link end-user devices, including PCs, laptops, servers, printers, and IP phones, to a network. It are crucial for VLAN management since they assist divide traffic and enhance network configuration security.

Characteristics and Functionality

Single VLAN Membership: Only a single VLAN is assigned to an access port. It is isolated from other VLANs on the network by assigning all traffic from that port to its chosen VLAN. It-connected devices can only speak with other devices in the same VLAN unless inter-VLAN routing is set up using a Layer 3 switch or router.

Untagged Traffic Handling: Access ports allow untagged data packets to be used for communication. Normally, endpoints that are connected to an access port send and receive standard Ethernet frames devoid of VLAN tags. The final gadget is not aware of VLANs.

VLAN Tagging and De-tagging

  • Ingress (into the switch): In order to determine which VLAN the traffic belongs to, the switch automatically appends the corresponding VLAN ID (tag) to an untagged frame when it enters into it from a connected device.
  • Egress (out of the switch): The switch removes the VLAN tag before sending the untagged frame to the final device when a tagged frame from inside the VLAN is sent out through an access port to a destination device. This guarantees that the endpoint device will never view the VLAN data.
  • It is presumed that any untagged traffic that arrives on an access port is part of the single VLAN that has been assigned to that port.

How a Access Port Works

How a Access Port Works
How a Access Port Works

Device Connection: An end-user device, such as a PC, is connected to a network switch’s access port.

Untagged Frame: The switch receives an untagged data frame from the PC.

VLAN Tagging: The switch updates the frame with the relevant VLAN ID. A VLAN tag is added by the switch if the frame must pass via a trunk link.

Forwarding: A trunk port for inter-VLAN communication or another access port within the same VLAN could be the destination of the switch’s subsequent forwarding of the tagged packet.

VLAN De-tagging: If the destination device is on an access port, the switch removes the VLAN tag and sends the untagged frame to it when the tagged frame reaches another port.

Applications

These are frequently used in many different contexts.

End-User Device Connections: In office settings, they are the conventional setup for linking workstations, VoIP phones, desktop and laptop computers, and printers.

Access Layer Role: In a campus LAN design, end users are connected directly to access switches, which are located at the LAN’s edge and include access ports.

Isolated Traffic Segments: Access ports are essential for keeping sensitive information, like financial or HR papers, within its designated VLAN and isolated from the rest of the company network.

Wi-Fi Access Points: They can be used to link Wi-Fi access points so that various user groups (such as visitors, staff members, and Internet of Things devices) have access to VLAN-based wireless networks.

Special Cases:

  • IP Telephony ports: An Ethernet port that connects to an IP phone can function as an access port for data traffic and also transport tagged voice communication via 802.1Q. Show interfaces switchport commands still report it as “Operational Mode: static access” even if it is carrying tagged voice traffic, proving it is not a real trunk port.
  • Wireless LAN Controller (WLC) Service Ports: The service port of a WLC is always linked to a switch port that is set up in access mode because it can only handle one VLAN for system recovery and out-of-band management.
  • Multi VLAN Access Ports (MVAP): MVAPs enable communication between the PC and phone via a single switch port, which would otherwise be necessary when an end host is connected to a VoIP device.

Configuration

When configuring an it, the switchport mode is usually set to “access” and the port is given a specific VLAN ID.

  • To set the port mode: switchport mode access.
  • To assign a VLAN: switchport access vlan <VLAN-ID>.
  • For IP telephony ports, an additional command switchport voice vlan <vlan> is used to define the voice VLAN.
  • To activate the port: no shutdown.

Security Considerations

These are frequently set up with security measures and offer a certain level of protection:

Port Security:  An interface is restricted by this Cisco switch feature so that only devices that are expected to utilize it identified by their MAC addresses can. For port security to be configured, the port must first be an access port. This helps keep unauthorized devices from connecting to the network.

Disabling Dynamic Trunking Protocol (DTP): It is a security best practice to disable DTP negotiation on it. DTP is implicitly off on the port when the switchport mode access command is used.

Shutting Down Unused Ports: For increased security, it is advised to disable all idle ports on network devices and move them to an unused VLAN.

Traffic Segregation: It prevent unwanted communication and possible dangers by limiting devices to their designated VLANs, particularly for sensitive data. They make it less likely that a rogue attacker will get inside the network.

Benefits and Limitations

Access Port Advantages

Access Port Advantages
Access Port Advantages

Simplified VLAN Configuration: Device association with a single VLAN eliminates the need for complicated tagging, making VLAN management simpler.

Enhanced Security: By limiting devices to designated VLANs, unwanted communication is reduced.

Predictable Performance: Streamlined troubleshooting and predictable patterns are made possible by organized traffic within VLANs.

Cost-Effectiveness: Sufficient to prevent the requirement for complex trunking arrangements for the majority of end-device connections.

Access Port Disadvantages

Access Port Disadvantages
Access Port Disadvantages

Single VLAN Only: Because they can only manage a single VLAN, access ports are less adaptable than trunk ports for some applications.

Risk of Mistakes: Problems with connectivity may arise if an access port is assigned to the incorrect VLAN.

Limited Flexibility: In bigger networks, when devices might need to connect to many VLANs, they are less appropriate.

Access Port vs Trunk Port

Access Port vs Trunk Port
Access Port vs Trunk Port
FeatureAccess PortTrunk Port
VLANs carriedOnly one VLANMultiple VLANs
Traffic typeUntagged (no VLAN info in frame)Tagged (802.1Q VLAN ID added)
Connected devicesEnd devices (PCs, printers, IP phones)Network devices (switch-to-switch, switch-to-router, switch-to-server)
ConfigurationSimple (assign port to one VLAN)More complex (define allowed VLANs, native VLAN, tagging)
Default mode on switchesUsually defaulted to access modeMust be configured as trunk
Native VLANNot relevant (carries only one VLAN)Required (frames of the native VLAN are sent untagged)
Use caseTo connect hosts/endpoints into a single VLANTo carry multiple VLANs across a single link

In short:

  • Access Port = one VLAN, untagged, for end devices.
  • Trunk Port = multiple VLANs, tagged, for inter-switch or switch-router links.
Previous article
Basic Data Types in PostgreSQL With Code Example
Next article
What are the Date Types in Oracle?
Agarapu Geetha
Agarapu Geetha
My name is Agarapu Geetha, a B.Com graduate with a strong passion for technology and innovation. I work as a content writer at Govindhtech, where I dedicate myself to exploring and publishing the latest updates in the world of tech.

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index