The primary difference between access and trunk ports lies in their handling of VLANs: Access ports carry traffic for only one VLAN (untagged), while trunk ports can carry traffic for multiple VLANs simultaneously using VLAN tagging (802.1Q), with one VLAN often remaining untagged.
Here's a more detailed breakdown:
Access Ports
- Single VLAN: An access port is configured to belong to a single VLAN. All traffic entering or exiting the port is assumed to be for that VLAN.
- Untagged Traffic: Frames transmitted on an access port are not tagged with VLAN information (802.1Q tag). The receiving device assumes the traffic belongs to the VLAN configured on that port.
- Typically used for end-user devices: Access ports are commonly used to connect devices like computers, printers, and IP phones to the network.
- Simplified Configuration: Access ports are simpler to configure than trunk ports because they only deal with one VLAN.
Trunk Ports
- Multiple VLANs: A trunk port can carry traffic for multiple VLANs over the same physical link. This allows you to extend VLANs across multiple switches.
- Tagged Traffic (802.1Q): Frames transmitted on a trunk port are tagged with VLAN information (802.1Q tag). This tag identifies which VLAN the traffic belongs to.
- Native VLAN: A trunk port can be configured with a native VLAN. Traffic belonging to the native VLAN is sent untagged across the trunk link. Best practice is to make the native VLAN an unused VLAN for security purposes.
- Inter-Switch Connectivity: Trunk ports are used to connect switches together, allowing VLANs to span across the network.
- More Complex Configuration: Trunk ports require more configuration than access ports, as you need to specify which VLANs are allowed on the trunk and the native VLAN.
Comparison Table
| Feature | Access Port | Trunk Port |
|---|---|---|
| VLAN Support | Single VLAN | Multiple VLANs |
| Tagging | Untagged traffic | Tagged traffic (802.1Q) for most VLANs, untagged for the native VLAN |
| Use Case | End-user devices | Inter-switch connectivity |
| Configuration | Simpler | More Complex |
| Purpose | Connects device to a specific VLAN | Carries traffic for multiple VLANs across a link |
Example Scenario
Imagine you have two VLANs: VLAN 10 (for employees) and VLAN 20 (for guests).
- Access Port: A computer in the employee VLAN (VLAN 10) would connect to a switch port configured as an access port in VLAN 10. The switch would forward all traffic from that computer without any VLAN tags.
- Trunk Port: To connect two switches and allow both VLAN 10 and VLAN 20 traffic to pass between them, you would configure the ports connecting the switches as trunk ports. Traffic from VLAN 10 and VLAN 20 would be tagged accordingly as it traverses the trunk link.
In summary, access ports provide single-VLAN connectivity for end-user devices, while trunk ports facilitate multi-VLAN connectivity between network devices, typically switches. Trunking enables efficient use of network links by consolidating traffic from multiple VLANs.
