industrial ethernet switch

Good afternoon, my network engineer friends. Switches play a crucial role as the core devices in local area networks (LANs). They not only connect different network devices but also optimize network performance and security by segmenting virtual LANs (VLANs).

In switches, the configuration of port modes is one of the key factors to ensure the normal operation of the network. The port mode configuration in switches determines how ports handle VLAN tags.

Properly configuring port modes can help us achieve traffic isolation, improve bandwidth utilization, and enhance network security in our work.

Today, let’s discuss these three port modes—Access, Hybrid, and Trunk. Each has its own characteristics and is suitable for different network environments and needs.

01 Access Port Mode

An Access port is a type of port that can only belong to one VLAN. This type of port does not transmit data frames with VLAN tags. When a device (such as a computer) is connected to an Access port, the device automatically becomes part of the VLAN associated with that port.

01 Characteristics

• Single VLAN: An Access port can only be assigned to one VLAN.
• Untagged Data Frames: Data frames sent and received by an Access port do not contain VLAN tags.
• Default VLAN: If not explicitly specified, an Access port is usually assigned to the default VLAN (typically VLAN 1).

02 Configuration Example

• Enter Interface Configuration Mode: Select the port to be configured.
• Set Port Mode to Access: Use the command switchport mode access.
• Specify VLAN: Use the command switchport access vlan <vlan-id> to specify which VLAN the port should belong to.

03 Application Scenarios

• Workstation Connections: Access ports are commonly used to connect user workstations or servers.
• Printers and Phones: IP printers and IP phones also often connect to the network via Access ports.
• Security Devices: Firewalls or other security devices can also connect to specific VLANs via Access ports.

04 Practical Case

Suppose we have an office network where all employees are in the same VLAN. We can configure an Access port to connect their computers as follows:

Switch(config)# interface GigabitEthernet0/1  // Enter port configuration mode
Switch(config-if)# switchport mode access   // Set port mode to Access
Switch(config-if)# switchport access vlan 10  // Assign the port to VLAN 10

All devices connected to this port will automatically become part of VLAN 10.

05 Considerations

• Consider enabling port security features to limit the number of devices connected to the Access port.
• Avoid using the default VLAN (typically VLAN 1), as it is usually used for management purposes.
• For critical devices, consider using multiple ports to provide redundant connections.

02 Hybrid Port Mode

A Hybrid port is a type of port that can belong to multiple VLANs. Unlike Access ports, Hybrid ports can be configured to send untagged data frames on some VLANs and tagged data frames on other VLANs.

This means Hybrid ports can flexibly handle different types of traffic, making them an ideal choice for connecting devices that need access to multiple VLANs.

01 Characteristics

• Multi-VLAN Support: A Hybrid port can be assigned to multiple VLANs.
• Optional Tagging: Hybrid ports can be configured to send untagged data frames on certain VLANs and tagged data frames on others.
• Flexibility: Hybrid ports provide higher configuration flexibility, allowing adjustments to the tagging behavior of traffic as needed.

02 Configuration Example

• Enter Interface Configuration Mode: Select the port to be configured.
• Set Port Mode to Hybrid: Use the command switchport mode hybrid.
• Specify Untagged VLANs: Use the command switchport hybrid untagged vlan <vlan-id> to specify which VLANs’ data frames should be sent untagged.
• Specify Tagged VLANs: Use the command switchport hybrid tagged vlan <vlan-id> to specify which VLANs’ data frames should be sent tagged.

03 Application Scenarios

• Multi-Purpose Servers: For servers that need to access multiple VLANs simultaneously, Hybrid ports can provide the necessary flexibility.
• Border Routers: Border routers or firewalls may need to connect to multiple VLANs simultaneously, and using Hybrid ports can simplify configuration.
• Access Layer Devices: Access layer switch ports may need to support various types of connections, such as simultaneously supporting user workstations and IP phones.

04 Practical Case

Suppose we have a server that needs to access two VLANs: VLAN 20 (office network) and VLAN 30 (backup network). We can configure a Hybrid port as follows:

Switch(config)# interface GigabitEthernet0/2  // Enter port configuration mode
Switch(config-if)# switchport mode hybrid   // Set port mode to Hybrid
Switch(config-if)# switchport hybrid untagged vlan 20  // Untagged VLAN 20
Switch(config-if)# switchport hybrid tagged vlan 30  // Tagged VLAN 30

The server can access VLAN 20 via untagged data frames and VLAN 30 via tagged data frames.

05 Considerations

• Ensure correct configuration of which VLANs should be tagged and which should not.
• Check if devices connected to Hybrid ports support tagged data frames.
• Ensure only authorized devices can access specific VLANs.

03 Trunk Port Mode

A Trunk port is a type of port that can carry data streams from multiple VLANs. Unlike Access and Hybrid ports, Trunk ports always send data frames with VLAN tags.

Trunk ports are mainly used to connect two switches or connect switches with routers and other devices to enable VLAN communication across devices.

01 Characteristics

• Multi-VLAN Communication: Trunk ports can carry data from multiple VLANs.
• Tagged Data Frames: All data frames passing through Trunk ports are tagged with VLAN tags.
• High Bandwidth Utilization: Trunk ports allow multiple VLANs’ traffic to be carried on a single physical link, improving bandwidth utilization.

02 Configuration Example

• Enter Interface Configuration Mode: Select the port to be configured.
• Set Port Mode to Trunk: Use the command switchport mode trunk.
• Allowed VLANs: Use the command switchport trunk allowed vlan <vlan-id> to specify which VLANs’ data frames can pass through the Trunk port.

03 Application Scenarios

• Switch-to-Switch Connections: Trunk ports are most commonly used to connect two switches so they can share traffic from multiple VLANs.
• Router Connections: When a switch needs to communicate with a router, Trunk ports enable the router to access multiple VLANs.
• Data Centers: In data center environments, Trunk ports are widely used to build highly available network architectures.

04 Practical Case

Suppose we need to connect two switches, Switch1 and Switch2, so they can share traffic from VLAN 10 and VLAN 20. We can configure Trunk ports as follows:

Switch1(config)# interface GigabitEthernet0/24  // Enter port configuration mode
Switch1(config-if)# switchport mode trunk   // Set port mode to Trunk
Switch1(config-if)# switchport trunk allowed vlan add 10,20  // Allow VLAN 10 and VLAN 20 to pass
Switch2(config)# interface GigabitEthernet0/24  // Enter port configuration mode
Switch2(config-if)# switchport mode trunk   // Set port mode to Trunk
Switch2(config-if)# switchport trunk allowed vlan add 10,20  // Allow VLAN 10 and VLAN 20 to pass

05 Considerations

• Ensure both ends of the devices support the same Trunk protocol (e.g., IEEE 802.1Q or Cisco ISL).
• Ensure only necessary VLANs are allowed through the Trunk port to prevent unnecessary traffic.
• Consider enabling port security measures, such as restricting access control lists (ACLs) on Trunk ports.

04 Comparative Analysis

01 Characteristics Comparison

• Access Port
  • Characteristics: Belongs to only one VLAN; sends untagged data frames.
  • Advantages: Simple and easy to use, suitable for single VLAN connections.
  • Disadvantages: Lack of flexibility, cannot support multiple VLANs simultaneously.
• Hybrid Port
  • Characteristics: Can belong to multiple VLANs; can selectively tag or untag data frames.
  • Advantages: Highly flexible, suitable for devices needing access to multiple VLANs.
  • Disadvantages: Relatively complex configuration.
• Trunk Port
  • Characteristics: Carries traffic from multiple VLANs; sends tagged data frames.
  • Advantages: Efficient bandwidth utilization, suitable for switch-to-switch connections.
  • Disadvantages: Requires both ends of the devices to support the same Trunk protocol.

02 Selection Recommendations

• For simple terminal device connections: Recommend using Access ports.
• For devices needing access to multiple VLANs: Consider using Hybrid ports.
• For switch-to-switch connections or cross-device VLAN communication: Use Trunk ports.