Home > Articles > Cisco Network Technology > General Networking > Cisco Networking Academy's Introduction to VLANs

Cisco Networking Academy's Introduction to VLANs

Chapter Description

This chapter will cover how to configure, manage, and troubleshoot VLANs and VLAN trunks. It will also examine security considerations and strategies relating to VLANs and trunks, and best practices for VLAN design.

VLAN Trunks (3.2.2)

Trunks are commonly used between switches and other network devices such as a router, another switch, or a server. A network technician must be very familiar with configuring a trunk and ensuring it works properly.

Configuring IEEE 802.1Q Trunk Links (3.2.2.1)

A VLAN trunk is an OSI Layer 2 link between two switches that carries traffic for all VLANs (unless the allowed VLAN list is restricted manually or dynamically). To enable trunk links, configure the ports on either end of the physical link with parallel sets of commands.

To configure a switch port on one end of a trunk link, use the switchport mode trunk command. With this command, the interface changes to permanent trunking mode. The port enters into a Dynamic Trunking Protocol (DTP) negotiation to convert the link into a trunk link even if the interface connecting to it does not agree to the change. DTP is described in the next topic. In this course, the switchport mode trunk command is the only method implemented for trunk configuration.

The Cisco IOS command syntax to specify a native VLAN (other than VLAN 1) is shown in Table 3-6. In the example, VLAN 99 is configured as the native VLAN using the switchport trunk native vlan 99 command.

Table 3-6 Switch Port Trunk Commands

Enter global configuration mode.

S1# configure terminal

Enter interface configuration mode for a particular port number.

S1(config)# interface interface_id

Optionally, put the trunk in the appropriate trunking mode if the switch supports more than one mode.

S1(config-if)# switchport trunk encapsulation [dot1q | isl]

Force the link to be a trunk link.

S1(config-if)# switchport mode trunk

Specify a native VLAN for untagged 802.1Q frames.

S1(config-if)# switchport trunk native vlan vlan_id

Specify the list of VLANs to be allowed on the trunk link.

S1(config-if)# switchport trunk allowed vlan vlan-list

Return to the privileged EXEC mode.

S1(config-if)# end

Use the Cisco IOS switchport trunk allowed vlan vlan-list command to specify the list of VLANs to be allowed on the trunk link.

In Figure 3-19, VLANs 10, 20, and 30 support the Faculty, Student, and Guest computers (PC1, PC2, and PC3). The F0/1 port on switch S1 is configured as a trunk port and forwards traffic for VLANs 10, 20, and 30. VLAN 99 is configured as the native VLAN.

Figure 3-19

Figure 3-19 Sample VLAN Design

Look at the configuration of port F0/1 on switch S1 as a trunk port. The native VLAN is changed to VLAN 99 and the allowed VLAN list is restricted to 10, 20, and 30. If the native VLAN is not allowed on the trunk link, the trunk will not allow any data traffic for the native VLAN.

S1(config)# interface fastethernet0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan 10,20,30
S1(config-if)# end

Resetting the Trunk to Default State (3.2.2.2)

Table 3-7 shows the commands to remove the allowed VLANs and reset the native VLAN of the trunk. When reset to the default state, the trunk allows all VLANs and uses VLAN 1 as the native VLAN.

Table 3-7 Resetting Configures Values on Trunk Lines

Enter global configuration mode.

S1# configure terminal

Enter interface configuration mode for a particular port number.

S1(config)# interface interface_id

Set trunk to allow all VLANs.

S1(config-if)# no switchport trunk allowed vlan

Reset the native VLAN to the default.

S1(config-if)# no switchport trunk allowed vlan

Configure the port in access mode.

S1(config-if)# switchport mode access

Optionally, remove the trunk mode if it was entered.

S1(config-if)# no switchport trunk encapsulation [dot1q | isl]

Return to the privileged EXEC mode.

S1(config-if)# end

The command to reset the switch port to an access port and, in effect, delete the trunk configuration is also shown.

The following output shows the commands used to reset all trunking characteristics of a trunking interface to the default settings. The show interfaces f0/1 switchport command reveals that the trunk has been reconfigured to a default state.

S1(config)# interface f0/1
S1(config-if)# no switchport trunk allowed vlan
S1(config-if)# no switchport trunk native vlan
S1(config-if)# end
S1# show interfaces f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
<output omitted>
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
<output omitted>

The following sample output shows the commands used to remove the trunk feature from the F0/1 switch port on switch S1. The show interfaces f0/1 switchport command reveals that the F0/1 interface is now in static access mode.

S1(config)# interface f0/1
S1(config-if)# switchport mode access
S1(config-if)# end
S1# show interfaces f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
<output omitted>

Verifying Trunk Configuration (3.2.2.3)

The following output displays the configuration of switch port F0/1 on switch S1. The configuration is verified with the show interfaces interface-ID switchport command.

S1(config)# interface f0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# end
S1# show interfaces f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (VLAN0099)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
<output omitted>

The top highlighted area shows that port F0/1 has its administrative mode set to trunk. The port is in trunking mode. The next highlighted area verifies that the native VLAN is VLAN 99. Further down in the output, the bottom highlighted area shows that all VLANs are enabled on the trunk.

8. Dynamic Trunking Protocol (3.2.3) | Next Section Previous Section