VLAN link type configuration

VLAN port link type configuration values may be

ACCESS, GENERAL, TRUNK

These designations refer to the handling of tagged and untagged frames, espescially when multiple tags are used in a mixed environment.

Counter intuitively, General mode should hardly ever be used.  General mode offers a quick fix or workaround to an otherwise flawed VLAN design.

Access mode is for client devices, like normal desktops, printers, etc, An access mode port only sends and accepts untagged frames. The association of the traffic on this port to a VLAN happens through configuration on the switch. An access mode port in VLAN 5 belongs to VLAN 5 and no other VLAN. It will only send and receive traffic on VLAN 5.

Trunk mode uses tagged and untagged frames. The fact that it uses 802.1q tagged frames implies that it is connected to a device which is capable of dealing with 802.1q frames. Managed VLAN switches are one example. But very often ethernet cards in server machines can be configured for 802.1q as well, i.e. you can run a trunk mode port to a server connecting it directly into multiple VLANs.

You can specify which VLANs are carried on a trunk mode port and which not. Thus you are also able to exclude some VLANs from a trunk port. Using tagging the switch sends 802.1q tagged frames for all VLANs on which it is tagged member. The "tag" contains the number of the VLAN to which this particular frame belongs to. Due to that, the receiving side is able to correctly assign each received frame to the correct VLAN. If the switch send a VLAN 5 tagged frame through a trunk port the receiving side knows that this frame belongs to VLAN 5 and thus can forward it correctly to the next hop maintaining separation of VLANs etc.

The untagged VLAN on a trunk port is the "default" native VLAN for all frames on a trunk port which are send or received untagged. All untagged frames only belong to this native VLAN. If you configured both ends of the trunk connection identically that both ends use the same VLAN for each frame received and send, tagged or untagged. It is highly recommended that the configuration on both ends of a trunk connection is identical, i.e. the native VLAN is the same and both ends use the same set of tagged VLANs or accept any possible tagged VLAN.

As mentioned before, General mode is more flexible in that you can choose any native VLAN you want or even multiple untagged VLANs. However, this is usually not what you want. For instance, if you configure a general mode port to be untagged member of VLANs 2 and 3 the switch will send any frame from VLAN 2 or VLAN 3 untagged through the general mode port. The receiver on the other side is not able to distinguish which VLAN the frame belongs to: it could be VLAN 2 or VLAN 3.

Some people think they could use general mode to connect a "shared" device to multiple VLANs. This again, is not true. The problem is the reverse direction, i.e. untagged frames received on the general mode port. You have to configure a single VLAN on the general port for all untagged frames. Otherwise the switch would not know exactly to which VLAN it should assign an untagged frame received. Thus, although you can send the frames for multiple VLANs untagged through a general mode port you can only receive untagged frames for a single VLAN on that same port.