Access and trunk ports are fundamental concepts in network switching that play crucial roles in WLAN deployments. An access port is a switch port that belongs to a single VLAN and typically connects to end devices such as computers, printers, or wireless access points. When a frame enters an access…Access and trunk ports are fundamental concepts in network switching that play crucial roles in WLAN deployments. An access port is a switch port that belongs to a single VLAN and typically connects to end devices such as computers, printers, or wireless access points. When a frame enters an access port, the switch associates it with the configured VLAN and strips any VLAN tags before forwarding to the connected device. Access ports are ideal for connecting lightweight access points or devices that do not need to handle multiple VLANs. In WLAN environments, access ports connect access points that serve a single SSID mapped to one VLAN. A trunk port, in contrast, carries traffic for multiple VLANs simultaneously between switches, routers, or wireless LAN controllers. Trunk ports use tagging protocols, primarily IEEE 802.1Q, to identify which VLAN each frame belongs to as it traverses the link. The 802.1Q protocol inserts a four-byte tag into the Ethernet frame header containing the VLAN ID. Trunk ports are essential in enterprise WLAN deployments where wireless controllers manage multiple SSIDs, each mapped to different VLANs for guest networks, employee networks, and voice networks. When configuring trunk ports for WLAN infrastructure, administrators must specify allowed VLANs and configure the native VLAN, which carries untagged traffic. The native VLAN should match on both ends of the trunk to prevent VLAN hopping attacks and connectivity issues. For autonomous access points supporting multiple SSIDs on different VLANs, trunk connections enable the AP to handle traffic separation. Modern WLAN deployments commonly use trunk ports between wireless controllers and distribution switches, ensuring that client traffic from various SSIDs reaches the appropriate network segments while maintaining security boundaries and traffic isolation across the wireless infrastructure.
Access and Trunk Ports for WLAN - Complete Study Guide
Why This Topic Is Important
Understanding access and trunk ports in the context of WLANs is essential for the CCNA exam because wireless networks must integrate seamlessly with wired infrastructure. Access points connect to switches, and the proper port configuration determines how wireless traffic flows through your network. Misconfigurations can lead to connectivity issues, security vulnerabilities, and VLAN isolation problems.
What Are Access and Trunk Ports?
Access Ports: An access port belongs to a single VLAN and carries traffic for only that VLAN. When a frame enters an access port, it is untagged. Access ports are typically used when connecting end devices like computers, printers, or autonomous access points that serve a single SSID/VLAN.
Trunk Ports: A trunk port carries traffic for multiple VLANs simultaneously using 802.1Q tagging. Each frame is tagged with a VLAN ID so the receiving device knows which VLAN the traffic belongs to. Trunk ports are essential when connecting lightweight access points or autonomous APs that serve multiple SSIDs mapped to different VLANs.
How It Works in WLAN Deployments
Scenario 1: Single SSID with Access Port When an access point broadcasts only one SSID mapped to one VLAN, the switch port can be configured as an access port. All wireless client traffic enters the switch untagged and is placed into the configured VLAN.
Scenario 2: Multiple SSIDs with Trunk Port When an access point broadcasts multiple SSIDs, each mapped to different VLANs, the switch port must be configured as a trunk. The AP tags each frame with the appropriate VLAN ID based on which SSID the client is connected to. Common examples include separating corporate traffic from guest traffic.
Lightweight vs Autonomous APs: - Lightweight APs with WLC: Traffic can be tunneled back to the WLC using CAPWAP, meaning the switch port connecting to the AP may only need to be an access port for management traffic, while user traffic is handled at the WLC. - Autonomous APs: Traffic exits locally from the AP, requiring trunk ports when multiple VLANs are in use.
Configuration Considerations
For trunk ports connected to APs: - Configure allowed VLANs to include only necessary VLANs - Set the native VLAN appropriately for management traffic - Enable PortFast for faster convergence when APs connect
Exam Tips: Answering Questions on Access and Trunk Ports for WLAN
1. Identify the number of VLANs: If the question mentions multiple SSIDs or VLANs, think trunk port. Single SSID scenarios often use access ports.
2. Look for keywords: Terms like 802.1Q tagging, multiple VLANs, or VLAN separation indicate trunk port requirements.
3. Consider the AP type: Lightweight APs with centralized switching may have different requirements than autonomous APs with local switching.
4. Native VLAN matters: Questions may test your knowledge of native VLAN configuration on trunk ports, which carries untagged traffic.
5. Remember FlexConnect: In FlexConnect local switching mode, trunk ports are needed at the AP switch port because traffic exits locally.
6. Elimination strategy: If an answer suggests using an access port for multiple VLANs, eliminate it as incorrect.
7. Watch for security contexts: Guest networks on separate VLANs from corporate networks require trunk ports to maintain isolation.
8. Understand CAPWAP: When traffic is tunneled to the WLC, the local switch port requirements differ from local switching scenarios.