loader-logo

Configuring Trunks on Cisco Switches

A trunk will allow multiple VLANs to transport between switches. Trunk ports can be configured in two ways, the Cisco proprietary Inter-Switch Link, ISL, or with the standard IEEE 802.1Q

Personally, I don’t use ISL and you shouldn’t either. But lets understand its differences with 802.1Q.

Inter-Switch Link (ISL)

ISL is Cisco proprietary in how it adds the VLAN tag to a frame. It will encapsulate a whole frame, adding a 26-byte header and a 4-byte trailer. The VLAN number is placed in the header.

ISL Header

ISL Header

802.1Q

With 802.1Q, it adds a 4-byte tag after the source address field in the frame. The last 12 bits of that tag are used to identify the VLAN.

The 802.1Q frame

802.1Q Frame

Now that we got that uber nerdy stuff out of the way.. let’s get back to the regular nerdy stuff, trunking.

Configuring Trunks

Cisco Trunk Ports

A trunk between a switch can be configured manually or negotiated automatically — using Dynamic Trunking Protocol. I’m not a fan of DTP because I like to know what’s going on in my network. Additionally, a user can plug in a switch into the network and your network switches will automatically create a trunk with the unknown switch causing other problems which I will not describe here. So lets dive straight into configuring a trunk port.

Identify the interface that is connected to the other switch and enter interface configuration mode.

SW1# conf t
SW1(config)#interface f0/24

On SW1 I will specify the trunk encapsulation. On the lower end switches you don’t have to specify this. Some of the higher end switches will allow you to specify the encapsulation in case you have to support ISL.

SW1(config-if)#switchport trunk encapsulation dot1q

switchport trunk encapsulation dot1q command sets the encapsulation to the industry standard.

Now we specify the trunking mode. The options are trunk, dynamic desirable or dynamic auto. I specify my trunk ports as switchport mode trunk. It’s statically set and I know that it will never automatically change to an access port.

Dynamic desirable means the switchport desires to be a trunk but it won’t be a trunk if the other end is not a trunk or willing to become a trunk.

Dynamic auto means the switchport is willing to become a trunk but it will not desire to unless the other end initiates the conversation of becoming a trunk.

Best bet is to always statically configure your trunks as trunks. DTP frames are sent out every 30 seconds if dynamic mode is configured. This is the default option.

Since we don’t want our trunk ports to use DTP we can disable it with switchport no negotiate

SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport nonegotiate

Configure the far end the same way

SW2#conf t
SW2(config)#interface f0/24
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport nonegotiate

Verification

Let’s view the interfaces and their associated VLANs.

SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
 Fa0/5, Fa0/6, Fa0/7, Fa0/8
 Fa0/9, Fa0/10, Fa0/11, Fa0/12
 Fa0/13, Fa0/14, Fa0/15, Fa0/16
 Fa0/17, Fa0/18, Fa0/19, Fa0/20
 Fa0/21, Gi0/1, Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Notice our interface is not listed anywhere. That’s because only access ports are listed in show vlan

Let’s view the configuration of the interface with show interface f0/24 switchport:

SW1#show interface f0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Notice the administrative mode for the interface, its operation mode, and the encapsulation being used.

Another command to verify your trunk interfaces is show interface f0/24 trunk

SW1#show interface f0/24 trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 none

If you want to find out about DTP use the command, show dtp interface f0/24:

SW1#show dtp interface f0/24
DTP information for FastEthernet0/24:
 TOS/TAS/TNS: TRUNK/NONEGOTIATE/TRUNK
 TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
 Neighbor address 1: 000AB7055158
 Neighbor address 2: 000000000000
 Hello timer expiration (sec/state): never/STOPPED
 Access timer expiration (sec/state): never/STOPPED
 Negotiation timer expiration (sec/state): never/STOPPED
 Multidrop timer expiration (sec/state): never/STOPPED
 FSM state: S6:TRUNK
 # times multi & trunk 0
 Enabled: yes
 In STP: no
Statistics
 ----------
 246 packets received (238 good)
 8 packets dropped
 8 nonegotiate, 0 bad version, 0 domain mismatches,
 0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
 243 packets output (243 good)
 240 native, 3 software encap isl, 0 isl hardware native
 0 output errors
 0 trunk timeouts
 1 link ups, last link up on Mon Mar 01 1993, 00:01:01
 0 link downs

To view what is configured in the running config issue show running-config interface f0/24

SW1#sh running-config interface f0/24
Building configuration...
Current configuration : 119 bytes
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
end

The far end has very similar configuration. All VLANs are allowed to be carried over this trunk. SW1 and SW2 can now transport multiple VLANs over the trunked interfaces.

Summary of Commands

switchport trunk encapsulation dot1q sets the encapsulation mode of the trunk interface to the industry standard 802.1Q.

switchport trunk encapsulation isl sets the encapsulation mode of the trunk interface to proprietary ISL.

switchport trunk encapsulation negotiate sets the trunk interface to negotiate the encapsulation with the port on the other end. I stay away from this command and statically assign an encapsulation.

switchport mode trunk administratively configures the port as a trunk.

switchport mode dynamic desirable administratively configures the port as an interface that desires to become a trunk.

switchport mode dynamic auto administratively configures the port as an interface that is willing to become a trunk if the far side is set to switchport mode trunk or switchport mode dynamic desirable

Previous Article

VLANs replicating from a VTP server to VTP client
Next Article


2 thoughts on “Configuring Trunks on Cisco Switches”

  1. Eric Barb says:

    Nice article. One thing I was trying to figure out was why I had to configure encapsulation all the sudden (3750) when I hadn’t on other switches (2960). I guess the older models support ISL and 802.1q so you had to set it, while newer models default to 802.1q so you don’t have to set it. Sound about right?

    1. Hi Eric,

      You are exactly right.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.