12-3
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter12 Configuring Interface Characteristics
Understanding Interface Types
Note When you change a Layer 3 interface into Layer 2 mode, the configuration information related to the
affected interface might be lost, and the interface is returned to its default configuration.
For detailed information about configuring access port and trunk port characteristics, see Chapter13,
“Configuring VLANs.” For more information about tunnel ports, see Chapter17, “Configuring IEEE
802.1Q and Layer 2 Protocol Tunneling.”
Access Ports
An access port belongs to and carries the traffic of only one VLAN (unless it is configured as a voice
VLAN port). Traffic is received and sent in native formats with no VLAN tagging. Traffic arriving on
an access port is assumed to belong to the VLAN assigned to the port.
If an access port receives a tagged packet (Inter-Switch Link [ISL] or IEEE 802.1Q tagged), the packet
is dropped, and the source address is not learned.
Supported access ports:
Static access ports are manually assigned to a VLAN (or through a RADIUS server for use with
IEEE 802.1x). For more information, see the “802.1x Authentication with VLAN Assignment”
section on page 10-18.
VLAN membership of dynamic access ports is learned through incoming packets. By default, a
dynamic access port is not a member of any VLAN. Traffic forwarding to and from the port is
enabled only when the port VLAN membership is discovered. Dynamic access ports on the switch
are assigned to a VLAN by a VLAN Membership Policy Server (VMPS). The VMPS can be a
Catalyst 6500 series switch. The Catalyst 3750 switch cannot be a VMPS server.
You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic
and another VLAN for data traffic from a device attached to the phone. For more information about voice
VLAN ports, see Chapter 15, “Configuring Voice VLAN.”
Trunk Ports
A trunk port carries the traffic of multiple VLANs and by default is a member of all VLANs in the VLAN
database.
These trunk port types are supported:
In an ISL trunk port, all received packets are expected to be encapsulated with an ISL header, and
all transmitted packets are sent with an ISL header. Native (non-tagged) frames received from an
ISL trunk port are dropped.
An 802.1Q trunk port supports simultaneous tagged and untagged traffic. An 802.1Q trunk port is
assigned a default port VLAN ID (PVID), and all untagged traffic travels on the port default PVID.
All untagged traffic and tagged traffic with a NULL VLAN ID are assumed to belong to the port
default PVID. A packet with a VLAN ID equal to the outgoing port default PVID is sent untagged.
All other traffic is sent with a VLAN tag.
Although by default, a trunk port is a member of every VLAN known to the VTP, you can limit VLAN
membership by configuring an allowed list of VLANs for each trunk port. The list of allowed VLANs
affects only the associated trunk port. By default, all possible VLANs (VLANID 1 to 4094) are in the
allowed list. A trunk port can become a member of a VLAN only if VTP knows of the VLAN and if the
VLAN is enabled. If VTP learns of a new, enabled VLAN and the VLAN is in the allowed list, the trunk