cisco switchport mode access

[ilyas001]

hello my question is ; what's switchport access mode is used for when created a port security system ? i mean i always forget them and it never seem to fail so i don't really understand there use because from what i was reading it can change from dynamic to access static or trunk , but the thing is that it changed on it's own from dynamic to static when i configured the switch port security so i'm quit lost 

[Lurick]

Manually setting a switchport as access can prevent another switch from being plugged in and having all the vlans and all the traffic trunked out that port. You also need it to define a single vlan that hosts are allowed to access.

[ilyas001]

1 minute ago, Lurick said:

Manually setting a switchport as access can prevent another switch from being plugged in and having all the vlans and all the traffic sent out that port. You also need it to define a single vlan that hosts are allowed to access, since they can't be trunks.

i still don't get the concept of trunks but from what you said is that putting switchport mode access only say that this port will be only used by pc's and not another switch right ? because i just got to vlans in my ccna 2 if there are more to come i will not bother you until a finis hthe third chapter that is totally dedicated to vlans . so i use access for pc's ports on vlans right ? byt when is the use of access obligatory except for the switch thing does it have any other use , i mean if everything is connected perfectly even without that commend everything should work just fine in a simple vlan ?  also port are by default dynamic why did they become static if i didn't change the by my self the switchport mode , i hust remeber that i use a sticky mac address security 

[LAwLz]

You're talking about multiple things here.

 

Access port - A port which belongs to a specific VLAN. All untagged traffic that goes into this port will be tagged to a specific VLAN, and any traffic which doesn't match the VLAN specified will be blocked. So if the port is set to VLAN 10 then hosts connected to that port will belong to VLAN 10, and traffic from VLAN 20 that wants to come out though that port will be blocked.

 

Trunk port - A port which allows multiple VLANs to pass though it. Usually used when you connect multiple switches together.

 

Switchport mode access - A command in IOS which manually sets a port to be an access port. By default, most switch ports are "dynamic desirable" or "dynamic auto", which means they might become trunks and they might become access ports, depending on what you connect in the other end.

 

Switchport mode trunk - A command in IOS which manually sets a port to be a trunk port.

 

Port security - a range of commands related to how to handle multiple MAC addresses connecting to the same interface. This should only be used on an access port because 1) on a trunk port you will have lots of MAC addresses connected and it would be bad if the port all of a sudden shut down and 2) it serves no purpose on a trunk port.

[Brightglaive]

LAwLz has it perfectly correct.

 

I want to explain a little more about 802.1Q trunks.

 

A Trunk can carry traffic from multiple VLANs as LAwLz explained. This is most important when you want to route from one VLAN to another. For example: an accountant wants to send an e-mail from his computer on the accounting VLAN to a Marketing manager on a computer in the Marketing VLAN. Without a router or layer 3 switch the traffic would never reach the marketing VLAN. Originally you had to have a physical port on the router connected to a switch port that was assigned to the Accounting VLAN and another different physical port on the router connected to a switchport that was assigned to the Marketing VLAN. 

 

802.1Q VLAN trunking allows both the traffic from the marketing VLAN and the traffic from the accounting VLAN to travel across the SAME physical cable from the switch to the router. You then set up sub-interfaces on the router port that correspond to the VLANs and IP addresses of the accounting  and marketing VLANs. The idea is the same as the separate physical ports but allows you to use ONE port on the router connected to ONE port on the switch. 

 

Additionally if you connect a trunk port on a switch (switch1) to a trunk port on another switch (switch2) [non layer-3 switches specifically] , you can extend a vlan from switch1 to switch2. This comes into play where you need the same VLANs in different buildings or on different floors or you have run out of available switchports on an existing switch. 

 

Now if you have 24 ports of 10/100 on the marketing VLAN and 24 10/100 ports on the accounting VLAN. At full duplex that's 4800 Mbits/sec of traffic potentially per VLAN. Or 9600Mbits/sec potentially going up one trunk port. If the trunk port speed is only 100Mbits/sec (200 Mbps full duplex) you are oversubscribed by 48-to-1 and SERIOUSLY congested. This is why trunk ports are normally higher speed ports like 1-Gbps or 10-Gbps ports. 

 

 

[ilyas001]

thanks i should just had waited a little , i just got into learning trunking and now get it very well thanks