Understanding Interface Types
VLAN partitions provide hard firewalls for traffic in the VLAN, and each VLAN has its own MAC
address table. A VLAN comes into existence when a local port is configured to be associated with the
VLAN, when the VLAN Trunking Protocol (VTP) learns of its existence from a neighbor on a trunk, or
when a user adds a VLAN to the local VTP database.
To configure normal-range VLANs (VLAN IDs 1 to 1005), use the vlan vlan-id global configuration
command to enter config-vlan mode or the vlan database privileged EXEC command to enter VLAN
configuration mode. The VLAN configurations for VLAN IDs 1 to 1005 are saved in the VLAN
database. To configure extended-range VLANs (VLAN IDs 1006 to 4094) when the enhanced software
image is installed, you must use config-vlan mode with VTP mode set to transparent. Extended-range
VLANs are not added to the VLAN database. When VTP mode is transparent, the VTP and VLAN
configuration is saved in the switch running configuration, and you can save it in the switch startup
configuration file by entering the copy running-config startup-config privileged EXEC command.
Add ports to a VLAN by using the switchport interface configuration commands:
•
•
•
Switch Ports
Switch ports are Layer 2 only interfaces associated with a physical port. A switch port can be either an
access port or a trunk port. You can configure a port as an access port or trunk port or let the Dynamic
Trunking Protocol (DTP) operate on a per-port basis to determine if a switch port should be an access
port or a trunk port by negotiating with the port on the other end of the link.
Configure switch ports (access ports and trunk ports) by using the switchport interface configuration
commands. For detailed information about configuring access ports and trunk ports, see
"Configuring VLANs."
Access Ports
An access port belongs to and carries the traffic of only one VLAN. Traffic is received and sent in native
formats with no VLAN tagging. Traffic arriving on an access port is assumed to belong to the VLAN
assigned to the port. An access port can forward a tagged packet (802.1P and 802.1Q).
Two types of access ports are supported:
•
•
Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN
database. Only IEEE 802.1Q trunk ports are supported. An IEEE 802.1Q trunk port supports
simultaneous tagged and untagged traffic. An 802.1Q trunk port is assigned a default Port VLAN ID
Catalyst 2950 Desktop Switch Software Configuration Guide
9-2
Identify the interface.
For a trunk port, set trunk characteristics, and if desired, define the VLANs to which it can belong.
For an access port, set and define the VLAN to which it belongs.
Static access ports are manually assigned to a VLAN.
VLAN membership of dynamic access ports is learned through incoming packets. By default, a
dynamic access port is a member of no VLAN, and forwarding to and from the port is enabled only
when the VLAN membership of the port is discovered. In the Catalyst 2950 switch, dynamic access
ports are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be
a Catalyst 6000 series switch; the Catalyst 2950 switch does not support the function of a VMPS.
Chapter 9
Configuring Interface Characteristics
Chapter 13,
78-11380-04