Knowledge Search


×
 

[EX/SRX] What are the two switch port modes in VLAN tagging for EX Series switches and SRX firewalls?

  [KB11234] Show Article Properties


Summary:

This article provides information about the two switch port modes in VLAN tagging for EX Series switches and SRX firewalls.

Symptoms:
  • A VLAN is a collection of network nodes that are logically grouped together to form separate broadcast domains.

  • A VLAN has the same general attributes as a physical LAN, but it allows all nodes for a particular VLAN to be grouped together, regardless of the physical location.

  • Connectivity within a VLAN is established and maintained through software configuration, which makes VLANs such a dynamic and flexible option in today’s networking environments.

  • The ports or interfaces on a switch operate in either the access or trunk mode.

  • The information below describes the Access and Trunk port modes and the differences between them.

Solution:

The VLAN tag is a 4-byte tag inserted into Ethernet frames with a maximum size of 1522 bytes, and is used to consistently associate traffic with a particular VLAN. The individual frames must be tagged as they are passed throughout a network.

When assigning a VLAN to a switching port on the switch/firewall, users can assign either of the following modes:

  • Access Mode

  • Trunk Mode

Access mode - also known as untagged mode:

  • This mode is used to connect network devices, such as desktop computers, IP telephones, printer, and file servers.

  • The port receives and transmits untagged Ethernet frames from the network devices.

  • The port that belongs to a single VLAN is also known as native VLAN.

  • This mode is the default mode for all switching ports.

  • Example of switch port configuration in the access mode:

}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members blue;
            }
        }
    }
}

Trunk mode - also known as tagged mode:

  • This mode is used to connect to other switches or routers.

  • The port transmits and receives Ethernet frames with VLAN tags for multiple VLANs.

  • The port must be explicitly configured in trunk mode.

  • Example of a switch port configured in trunk mode:

ge-0/0/12 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members [ blue yellow ];
            }
        }
    }
}        

Example of a VLAN configuration:   

vlans {
    blue {
        vlan-id 30;
    }
    green {
        vlan-id 10;
    }
    red {
        vlan-id 40;
    }
    yellow {
        vlan-id 20;
    }
}
Modification History:

2019-10-09: Minor, non-technical updates made; SRX firewall information included because the article applies to SRX firewalls as well.

Related Links: