Introduction

Port-based VLANs group VLAN members by port. A port forwards packets from a VLAN only after it is assigned to the VLAN.

Port link type

You can set the link type of a port to access, trunk, or hybrid. The port link type determines whether the port can be assigned to multiple VLANs. The link types use the following VLAN tag handling methods:

Access—An access port can forward packets only from one VLAN and send these packets untagged. An access port is typically used in the following conditions:
- Connecting to a terminal device that does not support VLAN packets.
- In scenarios that do not distinguish VLANs.
Trunk—A trunk port can forward packets from multiple VLANs. Except packets from the port VLAN ID (PVID), packets sent out of a trunk port are VLAN-tagged. Ports connecting network devices are typically configured as trunk ports.
Hybrid—A hybrid port can forward packets from multiple VLANs. The tagging status of the packets forwarded by a hybrid port depends on the port configuration.

PVID

The PVID identifies the default VLAN of a port. Untagged packets received on a port are considered as the packets from the port PVID.

When you set the PVID for a port, follow these restrictions and guidelines:

An access port can join only one VLAN. The VLAN to which the access port belongs is the PVID of the port.
A trunk or hybrid port supports multiple VLANs and the PVID configuration.
When you use the undo vlan command to delete the PVID of a port, either of the following events occurs depending on the port link type:
- For an access port, the PVID of the port changes to VLAN 1.
- For a hybrid or trunk port, the PVID setting of the port does not change.
You can use a nonexistent VLAN as the PVID for a hybrid or trunk port, but not for an access port.
As a best practice, set the same PVID for a local port and its peer.
To prevent a port from dropping untagged packets or PVID-tagged packets, assign the port to its PVID.

How ports of different link types handle frames

Actions	Access	Trunk
In the inbound direction for an untagged frame	Tags the frame with the PVID tag.	If the PVID is permitted on the port, tags the frame with the PVID tag. If not, drops the frame.
In the inbound direction for a tagged frame	Receives the frame if its VLAN ID is the same as the PVID. Drops the frame if its VLAN ID is different from the PVID.	Receives the frame if its VLAN is permitted on the port. Drops the frame if its VLAN is not permitted on the port.
In the outbound direction	Removes the VLAN tag and sends the frame.	Removes the tag and sends the frame if the frame carries the PVID tag and the port belongs to the PVID. Sends the frame without removing the tag if its VLAN is carried on the port but is different from the PVID.	Sends the frame if its VLAN is permitted on the port. The tagging status of the frame depends on the port hybrid vlan command configuration.

In a VLAN-aware network, the default processing order for untagged packets is as follows, in descending order of priority:

MAC-based VLANs.
IP subnet-based VLANs.
Protocol-based VLANs.
Port-based VLANs.

prev	up	next
Configuring port-based VLANs	home	Assigning an access port to a VLAN