Configuring access & trunk ports

To configure an interface to be an access interface, the switchport mode acess interface command is used. This type of interface can be assigned only to a single VLAN.

To configure a trunk interface, the switchport mode trunk interface command is used. This type of interface can carry traffic of multiple VLANs.

An example will help you understand the concept.

access trunk port configuration

Host A and host B are in different VLANs, VLAN 1 and VLAN 2. These ports need to be configured as access ports and assigned to their respective VLANs by using the following sequence of commands:

SW1(config-if)#interface fastEthernet 0/1
SW1(config-if)#switchport mode access
SW1(config)#vlan 2
SW1(config-vlan)#interface fastEthernet 0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 2

Because the link between SW1 and SW2 needs to carry traffic of multiple VLANs, it needs to be configured as a trunk interface. This is done by using the following commands on both SW1 and SW2:

On SW1:

SW1(config)#interface fastEthernet 0/3
SW1(config-if)#switchport mode trunk

On SW2:

SW2(config)#interface fastEthernet 0/1
SW2(config-if)#switchport mode trunk


Now the link between SW1 and SW2 can carry traffic from both the VLAN1 and VLAN2. You can verify that an interface is indeed a trunk interface by using the show interface Fa0/3 switchport command on SW1:

SW1#show interfaces fastEthernet 0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none


VLAN 1 doesn’t have to be created, it exists by default. Also, by default, all ports are in the VLAN 1, so Fa0/1 doesn’t need the switchport access vlan 1 command.

