By default, all switch ports are non-trunking and operate as access links until some intervention changes the mode. Specifically, ports actively try to become trunks if the far end agrees. In that case, a common encapsulation is chosen, favoring ISL if both support it. The sections that follow demonstrate the commands necessary to configure VLAN trunks.
VLAN Trunk Configuration
Use the following commands to create a VLAN trunk link: Switch(config)# iiiinntnnttteereerfrrfffaaaaccccee ee type mod/port
Switch(config-if)# sswsswwwiiititttcccchhphhpppooroorrrtttt ttrttrurruuunnknnkkk eeeenncnncaccaaappsppsssuuuullallaaattittioiionoonnn {iisiislsslll | ddoddooott1tt1q11qqq | nnneneeeggoggotootittiiiaaaatttteeee} Switch(config-if)# sswsswwwiiiittcttccchhphhpopporoorrrtt tt ttttrrurrunuunknnkkk nnannaaattittiviivevveee vvlvvlllaanaannn vlan-id
Switch(config-if)# sswsswwwiiiittcttccchhphhpppooroorrtrttt ttttrrurruuunnknnkkk aaaallllllollowoowewweeedddd vvlvvlallaaann nn {vlan-list | aaaallllll ll |
{aadaaddddd dd | eexeexxxccecceeepptpptt t | rrerreeemmommooovvvvee} vlan-list}ee
Switch(config-if)# sswsswwwiiiittttcccchhphhpppooroorrrtttt mmmmoodoodddee ee {ttrttrurrunuunnknk kk | ddyddyyynnnnaaaammimmiciic cc {ddddeeeessissiriirarraaabblbblllee ee | aaaauuuuttottooo}}
NOTE Baby giant, or oversized, frames can exceed the frame size set in various standards. To properly handle and forward them anyway, Catalyst switches use proprietary hardware with the ISL encapsulation method. In the case of 802.1Q encapsulation, switches can comply with the IEEE 802.3ac standard, which extends the maximum frame length to 1522 bytes.
NOTE DTP negotiation should be disabled if a switch has a trunk link connected to a router because the router cannot participate in the DTP negotiation protocol. A trunk link can be negotiated between two switches only if both switches belong to the same VLAN Trunking Protocol (VTP) management domain, or if one or both switches have not defined their VTP domain (that is, the NULL domain). VTP is discussed in Chapter 7. If the two switches are in different VTP domains and trunking is desired between them, you must set the trunk links to “on” mode or “nonegotiate” mode. This setting will force the trunk to be established. These options are explained in the next section.
VLAN Trunk Configuration 151
You can configure the trunk encapsulation with the switchport trunk encapsulation command, as one of the following:
■ isl—VLANs are tagged by encapsulating each frame using the Cisco ISL protocol.
■ dot1q—VLANs are tagged in each frame using the IEEE 802.1Q standard protocol. The only exception is the native VLAN, which is sent normally and not tagged at all.
■ negotiate (the default)—The encapsulation is negotiated to select either ISL or IEEE 802.1Q, whichever is supported by both ends of the trunk. If both ends support both types, ISL is favored. (The Catalyst 2950 switch does not support ISL encapsulation.)
In the case of an IEEE 802.1Q trunk, you should configure the native VLAN with the switchport trunk native vlan command, identifying the untagged or native VLAN number as vlan-id (1 to 4094). In the case of an ISL trunk, using this command has no effect because ISL doesn’t support an untagged VLAN.
The last command, switchport trunk allowed vlan, defines which VLANs can be trunked over the link. By default, a switch transports all active VLANs (1 to 4094) over a trunk link. There might be times when the trunk link should not carry all VLANs. For example, broadcasts are forwarded to every switch port on a VLAN—including the trunk link because it, too, is a member of the VLAN. If the VLAN does not extend past the far end of the trunk link, propagating broadcasts across the trunk makes no sense.
You can tailor the list of allowed VLANs on the trunk by using the switchport trunk allowed vlan command with one of the following:
■ vlan-list—An explicit list of VLAN numbers, separated by commas or dashes.
■ all—All active VLANs (1 to 4094) will be allowed.
■ add vlan-list—A list of VLAN numbers will be added to the already configured list; this is a shortcut to keep from typing out a long list of numbers.
■ except vlan-list—All VLANs (1 to 4094) will be allowed, except for the VLAN numbers listed; this is a shortcut to keep from typing out a long list of numbers.
■ remove vlan-list—A list of VLAN numbers will be removed from the already configured list; this is a shortcut to keep from typing out a long list of numbers.
NOTE You can never remove VLANs 1 or 1002 through 1005 from a trunk. These are reserved for special uses: VLAN 1 is the Cisco default, which carries control protocols such as CDP, VTP, and STP. VLANs 1002 through 1005 have historically been reserved for FDDI and Token Ring.
In the switchport mode command, you can set the trunking mode to any of the following:
■ trunk—This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. You should also manually configure the encapsulation mode.
■ dynamic desirable (the default)—The port actively attempts to convert the link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto mode, trunking is successfully negotiated.
■ dynamic auto—The port converts the link into trunking mode. If the far-end switch port is configured to trunk or dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes a trunk if both ends of the link are left to the dynamic auto default.
To view the trunking status on a switch port, use the show interface type mod/port trunk command, as demonstrated in Example 6-2.
NOTE In all these modes, DTP frames are sent out every 30 seconds to keep neighboring switch ports informed of the link’s mode. On critical trunk links in a network, manually configuring the trunking mode on both ends is best so that the link can never be negotiated to any other state. If you decide to configure both ends of a trunk link as a fixed trunk (switchport mode trunk), you can disable DTP completely so that these frames are not exchanged. To do this, add the switchport nonegotiate command to the interface configuration. Be aware that after DTP frames are disabled, no future negotiation is possible until the configuration is reversed.
Example 6-2 Determining Switch Port Trunking Status Switch# sshsshhhooooww ww iiniintnntetteeerrfrrffafaaaccecce ee ggggiiiigg gg 22/22///11 11 ttttrrrruunuunknnkkk
Port Mode Encapsulation Status Native vlan Gi2/1 on 802.1q trunking 1
Port Vlans allowed on trunk Gi2/1 1-4094
Port Vlans allowed and active in management domain Gi2/1 1-2,526,539,998,1002-1005
Port Vlans in spanning tree forwarding state and not pruned Gi2/1 1-2,526,539,998,1002-1005