One of the most remarkable features of VLANs is that they can span multiple interconnected switches. VLAN traffic is carried from switch to switch over interfaces called trunks. These trunk links must be at least 100Mbps because the traffic must carry all the VLAN traffic from the access ports.
Just as access ports have a single VLAN assigned to them, trunk ports essentially have all VLANs assigned to them. As frames traverse a trunk link, the VLAN identifier is added to the ethernet frame. The receiving switch uses the VLAN identifier and sends the frames out only the access ports that have that VLAN assigned to them. As the frame is sent out the interface, the VLAN identifier is removed, which gives the illusion to the end devices that the entire process is transparent.
Remember that a trunk carries traffic for all the VLANs that are present on the switch by default.
All VLAN traffic traverses a trunk link by default; however, it is possible to configure a trunk link to allow only traffic from certain VLANs.
Similar to VLANs in a single switch, traffic is contained to only those devices that are members of the same VLAN. For example, Figure 15.3 displays a typical scenario in which VLANs span multiple switches over a trunk link. Tagged frames from VLANs 1 and 3 are multiplexed (multiple messages combined over a single channel) over the trunk between the switches. However, traffic from VLAN 3 goes out to only those access interfaces that have VLAN 3 assigned to them; likewise, traffic from VLAN 1 is passed out only to the ports with VLAN 1 assigned.
Be prepared to identify which devices can communicate with each other given a VLAN configuration in one or several switches.
The VLAN identification is added to Layer 2 ethernet frames differently, depending on the type of trunk that is configured. Cisco’s proprietary method of adding VLAN IDs to an ethernet frame is called Inter Switch Link (ISL). ISL trunking entails the original ethernet frame being encapsulated by ASIC chips with the VLAN information. The ISL encapsulation has a 26-byte header and an additional 4-byte CRC trailer at the end. Because an additional 30 bytes are added to the ethernet frame, the size of the frame can exceed a typical ethernet frame size of 1518 bytes. If the interface isn’t configured as an ISL trunk, it drops the giant frame because it violates the MTU limit of a typical ethernet frame. For this reason, ISL requires a direct point-to-point (no intermediate devices) trunk connection between the switches.
The IEEE created its own standard VLAN tagging method standardized as 802.1q. 802.1q differs from ISL because the VLAN ID is not encapsulated, but actually inserted in the originally ethernet frame. The VLAN identifier is contained within the four extra bytes inserted in the ethernet frame after the source address. Because the original frame size is manipulated when these four bytes are added to the frame, a new CRC must be calculated for the original ethernet Frame Check Sequence (FCS) field. Because only four bytes are added to the ethernet frame, these frames are known as baby giant frames and may be passed by other intermediary Layer 2 devices that are not configured as a trunk.
Another unique feature of 802.1q trunks is the concept of a native VLAN. Traffic originating from access ports that shares the same VLAN as the trunk’s native VLAN goes untagged over the trunk link. Similarly, any untagged frame that is received on an 802.1q trunk port is considered destined for the native VLAN assigned to the trunk port. For this reason, it is imperative that each side of the IEEE 802.1q link be configured with the same native VLAN, or the traffic from one VLAN leaks into another VLAN as illustrated in Figure 15.4. By default, the native VLAN for trunk ports is the same as the management VLAN, VLAN 1.
Configuring and Verifying ISL and 802.1Q Trunks
- Configure, verify, and troubleshoot trunking on Cisco switches
The first step to configuring a trunk link is deciding which type of trunk you want to use. For instance, if you are connecting to a non-Cisco switch, you have to use a standard trunk VLAN tagging method such as IEEE 802.1q. In addition, certain models of Cisco switches (such as the Catalyst 2950 and 2960) support only 802.1q trunking, so make sure you research the capabilities of your switch model before configuring the interfaces.
To configure a trunk port, navigate to the interface that is connected to the other switch. On models that support ISL and 802.1q trunking, you must first specify which VLAN tagging you want to use with the switchport trunk encapsulation command, as shown here:
Switch(config)#interface FastEthernet 0/24 Switch(config-if)#switchport trunk encapsulation dot1q
Notice the syntax starts with switchport trunk instead of switchport access (from the VLAN configurations) because this interface is being configured as a trunk to carry all VLANs. With the trunk encapsulation configured, you are ready to enable the interface to begin forwarding all VLAN traffic. The port, however, is still operating as an access port until you specifically configure the interface to switch to trunking mode. To set this interface into a permanent trunking state, you must also type the following command:
Switch(config-if)#switchport mode trunk
Be prepared to configure an interface as a trunk port.
Dynamic Trunking with DTP
Cisco switches can dynamically enable trunking on an interface through the use of a Cisco proprietary protocol called Dynamic Trunking Protocol (DTP). For instance, the default dynamic trunking state is called desirable, which actively tries to negotiate trunking as long as the other side of the trunk uses a compatible DTP condition. The possible trunking modes are as follows:
- Access—The port does not trunk because it is an access port with a single VLAN.
- Trunk—The port permanently trunks and tries to negotiate the far-end to trunk with DTP.
- Dynamic Desirable—The port negotiates to trunk if the other side is set to trunk, desirable, or auto.
- Dynamic Auto—The port negotiates to trunk if the other side is set to trunk or desirable.
- Nonegotiate—The port permanently trunks, but disables DTP negotiation (for connecting to non-Cisco switches).
To verify the trunk configuration and status, use the show interface trunk command:
Switch>show interface trunk Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1 Port Vlans allowed on trunk Fa0/24 1-4094 Port Vlans allowed and active in management domain Fa0/24 1-4 Port Vlans in spanning tree forwarding state and not pruned Fa0/24 1-4
The output lists the ports that are configured to trunk and the encapsulation and VLANs that are allowed to traverse the trunk (all VLANs by default). In addition, because the interface is now set up as a trunk, you no longer see interface Fast Ethernet 0/24 listed in the show vlan output because it is no longer an access port.
If the output of the show vlan command is displayed, know that missing interfaces are set up as a VLAN trunk and are not listed.