Trunk ports can carry two or more VLANs over a single switch port and are helpful when switches are connected to other switches, routers, or firewalls over a single port.
For a frame to be transported over a trunk link, it is necessary to add the vlan id to treat it correctly; vlan identification can be made using two protocols, each using a different frame identification mechanism.
VLAN encapsulation methods:
- Inter-Switch Link (ISL) protocol
- IEEE 802.1Q protocol
Inter-Switch Link ( ISL ):
- Cisco proprietary protocol
- It encapsulates the frame with a header (26 bytes) and a trailer (4 bytes). The source VLAN is identified with a 15 bits field used for the VID (VLAN ID) in the ISL header. 30 bytes in total
- The range of VLANs that can use is from 1 to 4094 (Initially, ISL supported only the normal range of vlans).
- The trailer contains a CRC check to ensure the data integrity of the newly encapsulated ISL frame.
ISL is not available on all Catalyst platforms.
IEEE 802.1Q Protocol
- IEEE open standard that enables multi-vendor interoperability.
- Unlike ISL, it only adds one tag to the original frame.
- The tag is 4 bytes (12 bits used for VID) and is located after the Source Address field.
802.1Q introduces the concept of native vlan; the frames that belong to the native vlan are the only ones that are not tagged on the trunk link. By default, the native vlan is vlan 1, which is also the default access vlan.
Cisco Discovery Protocol (CDP) can detect and report a native vlan discrepancy. By default, the native vlan is vlan 1. As a best practice, it is recommended to change the native vlan to a different id, and this vlan should not be used for any other purpose, only as a native vlan.
If an end device is connected to a switch trunk port, it could receive frames from the native vlan as if it were an access port. By default, switch ports operate in access mode.
Note: ISL does not use the native vlan.
Configuring a trunk link
The following commands are for configuring a static trunk link:
jmcristobal# configure terminal jmcristobal(config)# interface interface-id jmcristobal(config-if)# switchport trunk encapsulation dot1q | isl | negotiate jmcristobal(config-if)# switchport mode trunk jmcristobal(config-if)# exit
To configure a static trunk link with the switchport mode trunk command, it is necessary first to configure the type of encapsulation to use. Otherwise, we will receive a message like the following:
jmcristobal(config-if)#switchport mode trunk Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
By default, a trunk link allows the transport of all vlans (1-4094). To perform filtering of the vlans that we want to enable by the trunk port is with the following command:
jmcristobal(config-if)# switchport trunk allowed vlan <vlan_list>
We can also add, delete, or except vlans:
jmcristobal(config-if)# switchport trunk allowed vlan [ add | except | remove ] <vlan_list>
With the above command, we must be careful to add the keywords add, except, remove to work with point vlans; if these keywords are not specified, we would be overwriting the vlans we allow on the trunk port.
The native vlan is modified with the following command:
jmcristobal(config-if)# switchport trunk native vlan vlan-id
Let’s see an example of configuring a trunk vlan:
Switch(config)# interface GigabitEthernet0/0 Switch(config-if)# Switchport trunk native vlan 100 Switch(config-if)# Switchport trunk allowed vlan 10,20,100 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# Switchport mode trunk
We validate the trunk interfaces of the switch with the show interfaces trunk command as shown below:
Switch# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/0 on 802.1q trunking 100 Port Vlans allowed on trunk Gi0/0 10,20,100 Port Vlans allowed and active in management domain Gi0/0 10,20,100 Port Vlans in spanning tree forwarding state and not pruned Gi0/0 10,20,100 Switch#
Currently, only 802.1Q is used because it is a standard that works with equipment from all manufacturers; older networks used ISL.
We saw how to configure a trunk link statically in the last lines, the most common configuration. However, cisco switches bring with them the DTP protocol that gives you the functionality of negotiating the establishment of a trunk link. In the following article, we will talk about this protocol.
For more information: