Configure VLANs Trunk

Configuring VLAN Trunks

These sections describe how VLAN trunks function on the switch:

•Trunking Overview

•802.1Q Configuration Considerations

•Default Layer 2 Ethernet Interface VLAN Configuration

Trunking Overview

A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Fast Ethernet and Gigabit Ethernet trunks carry the traffic of multiple VLANs over a single link, and you can extend the VLANs across an entire network.

Figure 13-2 shows a network of switches that are connected by 802.1Q trunks.

Figure 13-2 Catalyst 2950, 2900 XL, and 3500 XL Switches in a 802.1Q Trunking Environment

You can configure a trunk on a single Ethernet interface or on an EtherChannel bundle. For more information about EtherChannel,

Ethernet trunk interfaces support different trunking modes (see Table 13-5). You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain.

Trunk negotiation is managed by the Dynamic Trunking Protocol (DTP), which is a Point-to-Point Protocol. However, some internetworking devices might forward DTP frames improperly, which could cause misconfigurations.

To avoid this, you should configure interfaces connected to devices that do not support DTP to not forward DTP frames, that is, to turn off DTP.

•If you do not intend to trunk across those links, use the switchport mode access interface configuration command to disable trunking.

•To enable trunking to a device that does not support DTP, use the switchport mode trunk and switchport nonegotiate interface configuration commands to cause the interface to become a trunk but to not generate DTP frames.

Table 13-5 Layer 2 Interface Modes 

Mode	Function
switchport mode access	Puts the interface (access port) into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighboring interface is not a trunk interface.
switchport mode dynamic desirable	Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. The default switch-port mode for all Ethernet interfaces is dynamic desirable.
switchport mode dynamic auto	Makes the interface able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode.
switchport mode trunk	Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface.
switchport nonegotiate	Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.

802.1Q Configuration Considerations

802.1Q trunks impose these limitations on the trunking strategy for a network:

•In a network of Cisco switches connected through 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs.

When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco 802.1Q switch. However, spanning-tree information for each VLAN is maintained by Cisco switches separated by a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches.

•Make sure the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.

•Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can potentially cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk or disable spanning tree on every VLAN in the network. Make sure your network is loop-free before disabling spanning tree.

Default Layer 2 Ethernet Interface VLAN Configuration

Table 13-6 shows the default Layer 2 Ethernet interface VLAN configuration.

Table 13-6 Default Layer 2 Ethernet Interface VLAN Configuration

Feature	Default Setting
Interface mode	switchport mode dynamic desirable
Allowed VLAN range	VLANs 1-4094 when the enhanced software image is installed and 1 to 1005 when the standard software image is installed
VLAN range eligible for pruning	VLANs 2-1001
Default VLAN (for access ports)	VLAN 1
Native VLAN (for 802.1Q trunks)	VLAN 1

Configuring an Ethernet Interface as a Trunk Port

Because trunk ports send and receive VTP advertisements, to use VTP you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. Otherwise, the switch cannot receive any VTP advertisements.

This section includes these procedures for configuring an Ethernet interface as a trunk port on the switch:

•Interaction with Other Features

•Defining the Allowed VLANs on a Trunk

•Changing the Pruning-Eligible List

•Configuring the Native VLAN for Untagged Traffic

         The default mode for Layer 2 interfaces is switchport mode dynamic desirable. If the neighboring interface supports trunking and is configured to allow trunking, the link is a Layer 2 trunk.

         Interaction with Other Features

Trunking interacts with other features in these ways:

•A trunk port cannot be a secure port.

•Trunk ports can be grouped into EtherChannel port groups, but all trunks in the group must have the same configuration. When a group is first created, all ports follow the parameters set for the first port to be added to the group. If you change the configuration of one of these parameters, the switch propagates the setting you entered to all ports in the group:

–allowed-VLAN list

–STP port priority for each VLAN

–STP Port Fast setting

–trunk status: if one port in a port group ceases to be a trunk, all ports cease to be trunks.

•If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.

•A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.

Configuring a Trunk Port

Beginning in privileged EXEC mode, follow these steps to configure a port as 802.1Q trunk port:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter the interface configuration mode and the port to be configured for trunking.
Step 3	switchport mode{dynamic {auto |desirable} | trunk}	Configure the interface as a Layer 2 trunk (required only if the interface is a Layer 2 access port or to specify the trunking mode). •dynamic auto—Set the interface to a trunk link if the neighboring interface is set to trunk or desirable mode. •dynamic desirable—Set the interface to a trunk link if the neighboring interface is set to trunk, desirable, or auto mode. •trunk—Set the interface in permanent trunking mode and negotiate to convert the link to a trunk link even if the neighboring interface is not a trunk interface.
Step 4	switchport access vlanvlan-id	(Optional) Specify the default VLAN, which is used if the interface stops trunking.
Step 5	switchport trunk native vlan vlan-id	Specify the native VLAN.
Step 6	end	Return to privileged EXEC mode.
Step 7	show interfacesinterface-id switchport	Display the switchport configuration of the interface in the Administrative Mode and the Administrative Trunking Encapsulation fields of the display.
Step 8	show interfacesinterface-id trunk	Display the trunk configuration of the interface.
Step 9	copy running-config startup-config	(Optional) Save your entries in the configuration file.

To return an interface to its default configuration, use the default interface interface-id interface configuration command. To reset all trunking characteristics of a trunking interface to the defaults, use the no switchport trunk interface configuration command. To disable trunking, use theswitchport mode access interface configuration commands to configure the port as a static-access port.

This example shows how to configure the Fast Ethernet interface 0/4 as an 802.1Q trunk and shows several ways to verify the configuration. The example assumes that the neighbor interface is configured to support 802.1Q trunking.

Switch# configure terminal 

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# interface fastethernet0/4 

Switch(config-if)# switchport mode dynamic desirable 

Switch(config-if)# end 

Switch# show running-config interface fastethernet0/4 

Building configuration...

Current configuration : 112 bytes

!

interface FastEthernet0/4

 switchport trunk encapsulation dot1q

 no ip address

 snmp trap link-status

end 

Switch# show interfaces fastethernet0/4 switchport 

Name: Fa0/4

Switchport: Enabled

Administrative Mode: dynamic desirable

Operational Mode: down

Administrative Trunking Encapsulation: dot1q

Negotiation of Trunking: On

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Protected: false

Defining the Allowed VLANs on a Trunk

By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs, 1 to 4094 when the enhanced software image is installed, and 1 to 1005 when the standard software image is installed, are allowed on each trunk. However, you can remove VLANs from the allowed list, preventing traffic from those VLANs from passing over the trunk. To restrict the traffic a trunk carries, use the switchport trunk allowed vlan remove vlan-list interface configuration command to remove specific VLANs from the allowed list.

A trunk port can become a member of a VLAN if the VLAN is enabled, if VTP knows of the VLAN, and if the VLAN is in the allowed list for the port. When VTP detects a newly enabled VLAN and the VLAN is in the allowed list for a trunk port, the trunk port automatically becomes a member of the enabled VLAN. When VTP detects a new VLAN and the VLAN is not in the allowed list for a trunk port, the trunk port does not become a member of the new VLAN.

Beginning in privileged EXEC mode, follow these steps to modify the allowed list of an 802.1Q trunk:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter interface configuration mode and the port to be configured.
Step 3	switchport mode trunk	Configure the interface as a VLAN trunk port.
Step 4	switchport trunk allowed vlan {add |except | none |remove} vlan-list	(Optional) Configure the list of VLANs allowed on the trunk. For explanations about using the add, except, none, and remove keywords, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. The vlan-list parameter is either a single VLAN number from 1 to 4094 or a range of VLANs described by two VLAN numbers, the lower one first, separated by a hyphen. Do not enter any spaces between comma-separated VLAN parameters or in hyphen-specified ranges. All VLANs are allowed by default. You cannot remove any of the default VLANs (1 or 1002 to 1005) from a trunk.
Step 5	end	Return to privileged EXEC mode.
Step 6	show interfacesinterface-idswitchport	Verify your entries in the Trunking VLANs Enabled field of the display.
Step 7	copy running-config startup-config	(Optional) Save your entries in the configuration file.

To return to the default allowed VLAN list of all VLANs, use the no switchport trunk allowed vlan interface configuration command.

This example shows how to remove VLAN 2 from the allowed VLAN list:

Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport trunk allowed vlan remove 2

Switch(config-if)# end

Switch# 

Changing the Pruning-Eligible List

The pruning-eligible list applies only to trunk ports. Each trunk port has its own eligibility list. VTP pruning must be enabled for this procedure to take effect.

Beginning in privileged EXEC mode, follow these steps to remove VLANs from the pruning-eligible list on a trunk port:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Enter interface configuration mode, and select the trunk port for which VLANs should be pruned.
Step 3	switchport trunk pruning vlan {add | except | none |remove} vlan-list[,vlan[,vlan[,,,]]	Configure the list of VLANs allowed to be pruned from the trunk.  For explanations about using the add, except, none, and removekeywords, refer to the Catalyst 2950 Desktop Switch Command Reference for this release. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. Valid IDs are from 2 to 1001. Extended-range VLANs (VLAN IDs 1006 to 4094) cannot be pruned. VLANs that are pruning-ineligible receive flooded traffic. The default list of VLANs allowed to be pruned contains VLANs 2 to 1001.
Step 4	end	Return to privileged EXEC mode.
Step 5	show interfaces interface-idswitchport	Verify your entries in the Pruning VLANs Enabled field of the display.
Step 6	copy running-config startup-config	(Optional) Save your entries in the configuration file.

To return to the default pruning-eligible list of all VLANs, use the no switchport trunk pruning vlan interface configuration command.

Configuring the Native VLAN for Untagged Traffic

A trunk port configured with 802.1Q tagging can receive both tagged and untagged traffic. By default, the switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by default.

For information about 802.1Q configuration issues, 

Beginning in privileged EXEC mode, follow these steps to configure the native VLAN on an 802.1Q trunk:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interfaceinterface-id	Enter interface configuration mode, and define the interface that is configured as the 802.1Q trunk.
Step 3	switchport trunk native vlan vlan-id	Configure the VLAN that is sending and receiving untagged traffic on the trunk port. For vlan-id, the range is 1 to 4094 when the enhanced software image is installed, and 1 to 1005 when the standard software image is installed. Do not enter leading zeros.
Step 4	end	Return to privileged EXEC mode.
Step 5	show interfacesinterface-idswitchport	Verify your entries in the Trunking Native Mode VLAN field.
Step 6	copy running-config startup-config	(Optional) Save your entries in the configuration file.

To return to the default native VLAN, VLAN 1, use the no switchport trunk native vlan interface configuration command.

If a packet has a VLAN ID that is the same as the outgoing port native VLAN ID, the packet is sent untagged; otherwise, the switch sends the packet with a tag.

Load Sharing Using STP

Load sharing divides the bandwidth supplied by parallel trunks connecting switches. To avoid loops, STP normally blocks all but one parallel link between switches. Using load sharing, you divide the traffic between the links according to which VLAN the traffic belongs.

You configure load sharing on trunk ports by using STP port priorities or STP path costs. For load sharing using STP port priorities, both load-sharing links must be connected to the same switch. For load sharing using STP path costs, each load-sharing link can be connected to the same switch or to two different switches. For more information about STP, see "Configuring STP."

Load Sharing Using STP Port Priorities

When two ports on the same switch form a loop, the STP port priority setting determines which port is enabled and which port is in a blocking state. You can set the priorities on a parallel trunk port so that the port carries all the traffic for a given VLAN. The trunk port with the higher priority (lower values) for a VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN.

Figure 13-3 shows two trunks connecting supported switches. In this example, the switches are configured as follows:

•VLANs 8 through 10 are assigned a port priority of 10 on Trunk 1.

•VLANs 3 through 6 retain the default port priority of 128 on Trunk 1.

•VLANs 3 through 6 are assigned a port priority of 10 on Trunk 2.

•VLANs 8 through 10 retain the default port priority of 128 on Trunk 2.

In this way, Trunk 1 carries traffic for VLANs 8 through 10, and Trunk 2 carries traffic for VLANs 3 through 6. If the active trunk fails, the trunk with the lower priority takes over and carries the traffic for all of the VLANs. No duplication of traffic occurs over any trunk port.

Figure 13-3 Load Sharing by Using STP Port Priorities

Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 13-3.

	Command	Purpose
Step 1	vlan database	On Switch 1, enter VLAN configuration mode.
Step 2	vtp domain domain-name	Configure a VTP administrative domain. The domain name can be from 1 to 32 characters.
Step 3	vtp server	Configure Switch 1 as the VTP server.
Step 4	exit	Update the VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.
Step 5	show vtp status	Verify the VTP configuration on both Switch 1 and Switch 2. In the display, check the VTP Operating Mode and the VTP Domain Namefields.
Step 6	show vlan	Verify that the VLANs exist in the database on Switch 1.
Step 7	configure terminal	Enter global configuration mode.
Step 8	interface fastethernet 0/1	Enter interface configuration mode, and define Fast Ethernet port 0/1 as the interface to be configured as a trunk.
Step 9	switchport mode trunk	Configure the port as a trunk port.
Step 10	end	Return to privilege EXEC mode.
Step 11	show interfacesfastethernet0/1switchport	Verify the VLAN configuration.
Step 12		Repeat Steps 7 through 11 on Switch 1 for Fast Ethernet port 0/2.
Step 13		Repeat Steps 7 through 11 on Switch 2 to configure the trunk ports on Fast Ethernet ports 0/1 and 0/2.
Step 14	show vlan	When the trunk links come up, VTP passes the VTP and VLAN information to Switch 2. Verify that Switch 2 has learned the VLAN configuration.
Step 15	configure terminal	Enter global configuration mode on Switch 1.
Step 16	interface fastethernet0/1	Enter interface configuration mode, and define the interface to set the STP port priority.
Step 17	spanning-tree vlan 8 port-priority 10	Assign the port priority of 10 for VLAN 8.
Step 18	spanning-tree vlan 9 port-priority 10	Assign the port priority of 10 for VLAN 9.
Step 19	spanning-tree vlan 10 port-priority 10	Assign the port priority of 10 for VLAN 10.
Step 20	exit	Return to global configuration mode.
Step 21	interface fastethernet0/2	Enter interface configuration mode, and define the interface to set the STP port priority.
Step 22	spanning-tree vlan 3 port-priority 10	Assign the port priority of 10 for VLAN 3.
Step 23	spanning-tree vlan 4 port-priority 10	Assign the port priority of 10 for VLAN 4.
Step 24	spanning-tree vlan 5 port-priority 10	Assign the port priority of 10 for VLAN 5.
Step 25	spanning-tree vlan 6 port-priority 10	Assign the port priority of 10 for VLAN 6.
Step 26	end	Return to privileged EXEC mode.
Step 27	show running-config	Verify your entries.
Step 28	copy running-config startup-config	(Optional) Save your entries in the configuration file.

Load Sharing Using STP Path Cost

You can configure parallel trunks to share VLAN traffic by setting different path costs on a trunk and associating the path costs with different sets of VLANs. The VLANs keep the traffic separate. Because no loops exist, STP does not disable the ports, and redundancy is maintained in the event of a lost link.

In Figure 13-4, Trunk ports 1 and 2 are 100BASE-T ports. The path costs for the VLANs are assigned as follows:

•VLANs 2 through 4 are assigned a path cost of 30 on Trunk port 1.

•VLANs 8 through 10 retain the default 100BASE-T path cost on Trunk port 1 of 19.

•VLANs 8 through 10 are assigned a path cost of 30 on Trunk port 2.

•VLANs 2 through 4 retain the default 100BASE-T path cost on Trunk port 2 of 19.

Figure 13-4 Load-Sharing Trunks with Traffic Distributed by Path Cost

Beginning in privileged EXEC mode, follow these steps to configure the network shown in Figure 13-4:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode on Switch 1.
Step 2	interface fastethernet 0/1	Enter interface configuration mode, and define Fast Ethernet port 0/1 as the interface to be configured as a trunk.
Step 3	switchport mode trunk	Configure the port as a trunk port.
Step 4	exit	Return to global configuration mode.
Step 5		Repeat Steps 2 through 4 on Switch 1 interface Fast Ethernet 0/2.
Step 6	end	Return to privileged EXEC mode.
Step 7	show running-config	Verify your entries. In the display, make sure that interfaces Fast Ethernet 0/1 and Fast Ethernet 0/2 are configured as trunk ports.
Step 8	show vlan	When the trunk links come up, Switch 1 receives the VTP information from the other switches. Verify that Switch 1 has learned the VLAN configuration.
Step 9	configure terminal	Enter global configuration mode.
Step 10	interface fastethernet 0/1	Enter interface configuration mode, and define Fast Ethernet port 0/1 as the interface to set the STP cost.
Step 11	spanning-tree vlan 2 cost 30	Set the spanning-tree path cost to 30 for VLAN 2.
Step 12	spanning-tree vlan 3 cost 30	Set the spanning-tree path cost to 30 for VLAN 3.
Step 13	spanning-tree vlan 4 cost 30	Set the spanning-tree path cost to 30 for VLAN 4.
Step 14	end	Return to global configuration mode.
Step 15		Repeat Steps 9 through 11 on Switch 1 interface Fast Ethernet 0/2, and set the spanning-tree path cost to 30 for VLANs 8, 9, and 10.
Step 16	exit	Return to privileged EXEC mode.
Step 17	show running-config	Verify your entries. In the display, verify that the path costs are set correctly for interfaces Fast Ethernet 0/1 and 0/2.
Step 18	copy running-config startup-config	(Optional) Save your entries in the configuration file.