Configuring Trunk Ports
Trunk interfaces are a common deployment to allow multiple switches to share traffic belonging to multiple VLAN’s. This lab will discuss and demonstrate the configuration and verification of trunking using ISL and 802.1q.
Real World Application & Core Knowledge
So you have multiple VLAN’s on multiple switches but how do you pass traffic between those switches without plugging a cross over cable into a port that exist in each VLAN which could be a big waste of port density? The answer is quite simple, its called a trunk link. At first trunk links can be hard to grasp but the nature of a trunk is only to multiple vlan traffic between 2 or more switches over a single link. This is done by the cisco proprietary Inter-Switch Link (ISL) trunk encapsulation protocol or the IEEE Standard 802.1q (dot1q) trunk encapsulation protocol.
As a CCNA you will be required to understand the operation of both trunk encapsulation protocols and how to configure, verify and troubleshoot trunks links using either ISL or Dot1q.
Inter-Switch Link (ISL) as previously stated is a Cisco proprietary trunk protocol which encapsulates the entire frame into a 26 byte header and 4 byte Frame Check Sequence (FCS) that prepends and transports the 10 bit VLAN ID across a trunk link to ensure traffic from SW1 VLAN 10 stays in VLAN 10 when arriving at SW2.
IEEE Standard 802.1q (Dot1q) however DOES NOT encapsulate the entire Ethernet frame but rather injects a 32bit field into the Ethernet frame between the MAC address and the EtherType/Length fields of the original frame.
The 32 bits in the dot1q field are broken into 4 specific sections. the first 16 bits being the TPID, the next 3 being the PCP, followed by the CFI and lastly the VID.
The Tag Protocol Identifier (TPID) is a 16-bit field. It is set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame.
The Priority Code Point (PCP) is a 3 bit field that refers to the IEEE 802.1p priority. The field indicates the frame priority level which can be used for the prioritization of traffic. The field can represent 8 values (0 through 7).
The Canonical Format Indicator (CFI) is a 1 bit value; on or off that determines rather or not the MAC address is is in noncanonical format.
The VLAN Identifier (VID) is a 12-bit field. It uniquely identifies the VLAN to which the frame belongs. The field can have a value between 0 and 4095.
It is by Cisco’s recommendation that all deployments use the IEEE 802.1q standard as this is inter-vendor operable whereas Cisco ISL is specific to only Cisco switches.
In this lab you will familiarize yourself with the following commands;
| Command | Description |
|---|---|
| switchport mode trunk | This command when executed in interface configuration mode on a switch port will configure the switchport as a trunk port which carries all VLAN traffic. |
| switchport trunk encapsulation isl | This command is executed in interface configuration mode to specify that the trunk will use the Cisco Inter-Switch Link (ISL) encapsulation protocol. |
| switchport trunk encapsulation dot1q | This command is executed in interface configuration mode to specify that the trunk will use the IEEE 802.1q standard encapsulation protocol. |
| show interface trunk | This command is executed in privileged mode to show which interfaces are currently trunking and which trunking protocol is used. |
| show interface interfacename#/# switchport | This command when executed in privileged mode will show information relating to the specified interface such as the interface operational mode (trunk or access), native vlan, trunking VLAN’s permitted on the trunk link and more. |
Lab Prerequisites
- If you are using GNS3 than load the Free CCNA Workbook GNS3 topology than start devices; SW1, SW2, R1 and R2.
- Establish a console session with devices SW1, SW2, R1 and R2 than configure the devices respected hostname(s).
- Configure R1’s FastEthernet0/0 interface with the IP Address 10.1.1.1/24 and R2’s FastEthernet0/1 interface with the IP address of 10.1.1.2/24
- Create VLAN 10 as a layer 2 VLAN on SW1 and SW2. (Layer 2 VLAN’s do not have Layer 3 VLAN interfaces representing the VLAN; ie, no interface Vlan10.)
- Configure SW1’s FastEthernet0/1 and SW2’s FastEthernet0/2 interfaces as static access interfaces for VLAN 10.
Lab Objectives
- Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk on interface FastEthernet0/10 of both SW1 and SW2.
- Verify your trunk link configuration by using the show interface interfacename#/# trunk command.
- Verify that R1 has IP reachability to R2 by using ping command on R1.
- Change SW1’s FastEthernet0/2 interface to be placed into VLAN 5 and verify your verify IP reachability between R1 and R2 again.
Lab Instruction
Step 1. – Shutdown interfaces FastEthernet0/11 and FastEthernet0/12 on both SW1 and SW2 and configure an IEEE 802.1q trunk on interface FastEthernet0/10 of both SW1 and SW2.
To configure an interface as a static trunk you’ll first need to configure the encapsulation type first as an interface whose trunk encapsulation is “Auto” can not be configured to “trunk” mode.
SW1 con0 is now available Press RETURN to get started. SW1>enable SW1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW1(config-if)#interface range Fa0/11 - 12 SW1(config-if-range)#shutdown SW1(config-if-range)#interface fa0/10 SW1(config-if)#switchport trunk encapsulation dot1q SW1(config-if)#switchport mode trunk SW1(config-if)#no shut SW1(config-if)#end SW1#
And now the same configuration on SW2;
SW2 con0 is now available Press RETURN to get started. SW2>enable SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config-if)#interface range Fa0/11 - 02 SW2(config-if-range)#shutdown SW2(config-if-range)#interface fa0/10 SW2(config-if)#switchport trunk encapsulation dot1q SW2(config-if)#switchport mode trunk SW2(config-if)#no shut SW2(config-if)#end SW2#
Step 2 . – Verify your trunk link configuration by using the show interface FastEthernet0/10 trunk command as shown below on both SW1 and SW2;
SW1#show interface FastEthernet0/10 trunk
Port Mode Encapsulation Status Native vlan
Fa0/10 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/10 1-4094
Port Vlans allowed and active in management domain
Fa0/10 1,10
Port Vlans in spanning tree forwarding state and not pruned
Fa0/10 1
SW1#
SW2#show interface FastEthernet0/10 trunk
Port Mode Encapsulation Status Native vlan
Fa0/10 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/10 1-4094
Port Vlans allowed and active in management domain
Fa0/10 1,10
Port Vlans in spanning tree forwarding state and not pruned
Fa0/10 1
SW2#
Step 3. – Verify that R1 has IP reachability to R2 by using ping command on R1.
Now that you have a trunk link between SW1 and SW2, traffic generated on SW1 in VLAN 10 should be able to propagate to VLAN 10 on SW2. To test this, ping R2’s FastEthernet 0/1 interface (IP Address 10.1.1.2) From R1 as shown below;
R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/29/60 ms
R1#
When you ping R2’s FastEthernet0/1 interface IP address from R1, the router knows that the destination IP address is on the same local subnet therefore it ARP’s for the MAC address of host 10.1.1.2, This ARP request is received on SW1 and forwarded to SW2 and onto R2 which responds “Hey I’m 10.1.1.2, my MAC address is ABCD.EF12.3456”. Now that R1 knows the MAC address for 10.1.1.2 it then fowards the ICMP packet towards SW1 with the correct destination MAC address. Initially SW1 will not know the location of that MAC address because the machine is not local to that switch so therefore it will forward the frame out interfaces within that VLAN except the interface that the frame was received on. When the frame is received by SW2 it then is switched out the correct port as the MAC exists already in its MAC address table. When R2 responds to the ICMP packet it will then go the opposite way towards SW1. After SW1 receives a response from R2 destined to R1 seeing a NEW source MAC address that SW1 has not learned it will then install the MAC address into the CAM Table (Mac Address Table) for future use.
Step 4. – Change SW1’s FastEthernet0/2 interface to be placed into VLAN 5 and verify your verify IP reachability between R1 and R2 again.
You can also test this further by placing SW2’s interface that is connected to R2 in a different vlan and attempt to ping R2 from R1 and no doubly it will fail as shown below;
SW2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SW2(config)#interface FastEthernet0/2 SW2(config-if)#switchport access vlan 5 % Access VLAN does not exist. Creating vlan 5 SW2(config-if)#end SW2#
R1#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
As demonstrated in this lab you can use trunk links to pass traffic in multiple VLAN’s between multiple switches using a single link.
Due to the NM-16ESW and Cisco 2950 not supporting the ISL trunk encapsulation, a configuration example is given below. Note that the only configuration difference between Dot1q and ISL is the switchport trunk encapsulation isl | dot1q command option.
c3560-Switch1>enable c3560-Switch1#configure terminal c3560-Switch1(config)#interface fa0/10 c3560-Switch1(config-if)#switchport trunk encap isl c3560-Switch1(config-if)#switchport mode trunk c3560-Switch1(config-if)#end c3560-Switch1#sh int fa0/10 trunk Port Mode Encapsulation Status Native vlan Fa0/10 on isl trunking 1 Port Vlans allowed on trunk Fa0/10 none Port Vlans allowed and active in management domain Fa0/10 none Port Vlans in spanning tree forwarding state and not pruned Fa0/10 none c3560-Switch1#
