A trunk will allow multiple VLANs to transport between switches. Trunk ports can be configured in two ways, the Cisco proprietary Inter-Switch Link, ISL, or with the standard IEEE 802.1Q
Personally, I don’t use ISL and you shouldn’t either. But lets understand its differences with 802.1Q.
Inter-Switch Link (ISL)
ISL is Cisco proprietary in how it adds the VLAN tag to a frame. It will encapsulate a whole frame, adding a 26-byte header and a 4-byte trailer. The VLAN number is placed in the header.
802.1Q
With 802.1Q, it adds a 4-byte tag after the source address field in the frame. The last 12 bits of that tag are used to identify the VLAN.
Now that we got that uber nerdy stuff out of the way.. let’s get back to the regular nerdy stuff, trunking.
Configuring Trunks
A trunk between a switch can be configured manually or negotiated automatically — using Dynamic Trunking Protocol. I’m not a fan of DTP because I like to know what’s going on in my network. Additionally, a user can plug in a switch into the network and your network switches will automatically create a trunk with the unknown switch causing other problems which I will not describe here. So lets dive straight into configuring a trunk port.
Identify the interface that is connected to the other switch and enter interface configuration mode.
SW1# conf t SW1(config)#interface f0/24
On SW1 I will specify the trunk encapsulation. On the lower end switches you don’t have to specify this. Some of the higher end switches will allow you to specify the encapsulation in case you have to support ISL.
SW1(config-if)#switchport trunk encapsulation dot1q
switchport trunk encapsulation dot1q command sets the encapsulation to the industry standard.
Now we specify the trunking mode. The options are trunk, dynamic desirable or dynamic auto. I specify my trunk ports as switchport mode trunk. It’s statically set and I know that it will never automatically change to an access port.
Dynamic desirable means the switchport desires to be a trunk but it won’t be a trunk if the other end is not a trunk or willing to become a trunk.
Dynamic auto means the switchport is willing to become a trunk but it will not desire to unless the other end initiates the conversation of becoming a trunk.
Best bet is to always statically configure your trunks as trunks. DTP frames are sent out every 30 seconds if dynamic mode is configured. This is the default option.
Since we don’t want our trunk ports to use DTP we can disable it with switchport no negotiate
SW1(config-if)#switchport mode trunk SW1(config-if)#switchport nonegotiate
Configure the far end the same way
SW2#conf t SW2(config)#interface f0/24 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#switchport nonegotiate
Verification
Let’s view the interfaces and their associated VLANs.
SW1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Gi0/1, Gi0/2 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Notice our interface is not listed anywhere. That’s because only access ports are listed in show vlan
Let’s view the configuration of the interface with show interface f0/24 switchport:
SW1#show interface f0/24 switchport Name: Fa0/24 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
Notice the administrative mode for the interface, its operation mode, and the encapsulation being used.
Another command to verify your trunk interfaces is show interface f0/24 trunk
SW1#show interface f0/24 trunk Port Mode Encapsulation Status Native vlan Fa0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/24 1-4094 Port Vlans allowed and active in management domain Fa0/24 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/24 none
If you want to find out about DTP use the command, show dtp interface f0/24:
SW1#show dtp interface f0/24 DTP information for FastEthernet0/24: TOS/TAS/TNS: TRUNK/NONEGOTIATE/TRUNK TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q Neighbor address 1: 000AB7055158 Neighbor address 2: 000000000000 Hello timer expiration (sec/state): never/STOPPED Access timer expiration (sec/state): never/STOPPED Negotiation timer expiration (sec/state): never/STOPPED Multidrop timer expiration (sec/state): never/STOPPED FSM state: S6:TRUNK # times multi & trunk 0 Enabled: yes In STP: no Statistics ---------- 246 packets received (238 good) 8 packets dropped 8 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other 243 packets output (243 good) 240 native, 3 software encap isl, 0 isl hardware native 0 output errors 0 trunk timeouts 1 link ups, last link up on Mon Mar 01 1993, 00:01:01 0 link downs
To view what is configured in the running config issue show running-config interface f0/24
SW1#sh running-config interface f0/24 Building configuration... Current configuration : 119 bytes ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate end
The far end has very similar configuration. All VLANs are allowed to be carried over this trunk. SW1 and SW2 can now transport multiple VLANs over the trunked interfaces.
Summary of Commands
switchport trunk encapsulation dot1q sets the encapsulation mode of the trunk interface to the industry standard 802.1Q.
switchport trunk encapsulation isl sets the encapsulation mode of the trunk interface to proprietary ISL.
switchport trunk encapsulation negotiate sets the trunk interface to negotiate the encapsulation with the port on the other end. I stay away from this command and statically assign an encapsulation.
switchport mode trunk administratively configures the port as a trunk.
switchport mode dynamic desirable administratively configures the port as an interface that desires to become a trunk.
switchport mode dynamic auto administratively configures the port as an interface that is willing to become a trunk if the far side is set to switchport mode trunk or switchport mode dynamic desirable
