What is VLAN Switchport Membership Modes?
VLAN (Virtual Local Area Network) switchport membership modes are network switch configurations that determine how a port on a switch behaves in relation to VLAN traffic. Understanding these modes is significant for network design and security.
Here are the primary VLAN switchport membership modes:
Access Mode:
In access mode, a switchport can belong to only one VLAN, and it does not tag any frames with VLAN information.
Use Case: Switchport access mode is normally used for end devices like computers, printers, or servers that are not VLAN-aware. The switch takes care of VLAN assignments.
Trunk Mode:
A trunk port can carry traffic for multiple VLANs simultaneously, using VLAN tags to differentiate traffic from different VLANs.
Use Case: Ideal configured for inter-switch connections and for links to devices that can process VLAN tags, such as routers, other switches, or VLAN-aware servers. The standard protocol used for tagging VLAN traffic on trunk ports is IEEE 802.1Q.
General Mode (also known as Hybrid Mode in some vendors):
This mode is a combination of trunk and access modes. A general port can carry traffic for multiple VLANs and can handle both tagged and untagged traffic.
Use Case: Useful in complex network setups where there is a need for a port to connect to multiple VLANs while also serving a device that is not VLAN-aware.
Private VLAN (PVLAN) Modes:
This mode acts as a trunk for private VLANs, carrying traffic for both primary and secondary VLANs.
Isolated PVLAN: Ports can only communicate with the primary VLAN. This isolates all devices connected to these ports from each other.
Community PVLAN: Ports can communicate with each other and with the primary VLAN, but not with isolated PVLANs.
Dynamic Desirable and Dynamic Auto Modes (used with Cisco switches):
When port are configured in this mode; it actively attempts to convert the link to a trunk link. The port negotiates with the connected device to determine if the link can become a trunk.
Dynamic Auto: The port can become a trunk port if the connected device is set to trunk or dynamic desirable mode. However, it does not actively seek to convert the link.
Each of these modes plays a crucial role in network segmentation, traffic management, and security. Proper configuration of these modes ensures efficient network traffic flow and enhances security by segregating traffic based on organizational needs and policies. It’s a critical aspect of network design and management, especially in environments with complex networking requirements.
Other modes a port can be configured to support these VLAN types:
Static VLAN
This is when Ports on a switch are manually assigned to a VLAN. Static VLANs are configured using the Cisco CLI. This can also be accomplished with GUI management applications, such as the Cisco Network Assistant. However, a convenient feature of the CLI is that if you assign an interface to a VLAN that does not exist, the new VLAN is created for you.
Static Port Mode Configuration
Switch#config t
Switch(config)#interface fastEthernet0/15
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end
Dynamic VLAN
A dynamic port VLAN membership is configured using a special server called a VLAN Membership Policy Server (VMPS). With the VMPS, you assign switch ports to VLANs dynamically, based on the source MAC address of the device connected to the port.
The benefit comes when you move a host from a port on one switch in the network to a port on another switch in the network; the switch dynamically assigns the new port to the proper VLAN for that host.
Voice VLAN
A port is configured to be in voice mode so that it can support an IP phone attached to it. Before you configure a voice VLAN on the port, you need to first configure a VLAN for voice and a VLAN for data.
Voice mode Configuration
Switch#config t
Switch(config)#interface fastEthernet 0/15
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan 99
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#end
The configuration command mls qos trust cos ensures that voice traffic is identified and given priority traffic. Remember that the entire network must be set up to prioritize voice traffic. You cannot just configure the port with this command.
The switch port voice VLAN 99 commands identify VLAN 99 as the voice VLAN.
You can verify this by using the show interfaces fa0/15 switchport command:
Switch1#show interfaces fa0/15 switchport
Name: Fa0/15
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: off
Access mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1(default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 99 (VLAN099)
The switchport access VLAN 10 command configures VLAN 10 as the access mode (data) VLAN. You can see this verified in the bottom screen capture: Access Mode VLAN: 10 (VLAN0010).
In Summary.
VLAN switchport membership modes define how switch ports handle VLAN traffic and interact with connected devices within a VLAN environment. The primary modes are access and trunk modes.
Access mode ports are designated to a single VLAN, and all incoming and outgoing traffic is automatically assumed to belong to that VLAN. This mode is typically used for end devices such as computers or printers.
Trunk mode ports, on the other hand, can carry traffic for multiple VLANs simultaneously, using VLAN tagging (typically IEEE 802.1Q) to keep traffic for different VLANs segregated as it travels between switches and routers. Trunk ports are essential for inter-switch connections and for links to network devices that need to access multiple VLANs.
Some switches also support a hybrid mode which allows ports to carry traffic for multiple VLANs without tagging some traffic (native VLAN) and tagging others, suitable for devices that understand VLAN tags and those that do not.
Additionally, there’s a Dynamic Desirable and Dynamic Auto mode, utilized in Cisco switches, where ports negotiate with connected devices to determine whether to use trunk or access mode using Dynamic Trunking Protocol (DTP). These modes are integral for creating flexible and scalable network designs that support efficient traffic management and security policies.
Inter-VLAN Routing Types of VLAN VLAN Trunking
How a Root Port is Selected on a Switch How a Switch forward Frames
How a Root Bridge and Ports are Selected on a Switch
VLAN Switchport Membership mode VLAN Configuration on a Switch
