Configuring a Trunk port on a Cisco Switch
What is a Trunk Port?
A trunk port is a switch port that can carry traffic from multiple VLANs. Unlike an access port which belongs to only one VLAN, a trunk port uses VLAN tagging to identify which VLAN each frame belongs to as it travels across the trunk link.
When to Use Trunk Ports
Trunk ports are commonly used for:
- Connecting switches to other switches
- Connecting switches to routers for inter-VLAN routing
- Connecting to servers that need access to multiple VLANs
VLAN Tagging Protocols
Cisco switches support two main trunking protocols:
802.1Q (IEEE Standard)
This is the industry standard trunking protocol. It adds a 4-byte tag to Ethernet frames to identify the VLAN. One VLAN (usually VLAN 1) is designated as the "native VLAN" and its frames are not tagged.
ISL (Inter-Switch Link)
This is Cisco's proprietary trunking protocol. It encapsulates the entire Ethernet frame with a 26-byte ISL header. ISL is considered legacy and is rarely used on modern switches.
Configuring a Trunk Port
Here's how to configure a trunk port on a Cisco switch:
Basic Trunk Configuration
Switch(config)# interface gigabitethernet 0/1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1qNote: On some newer switches, the switchport trunk encapsulation command is not needed as 802.1Q is the only supported encapsulation.
Specifying Allowed VLANs
By default, a trunk port allows all VLANs (1-4094). You can restrict which VLANs are allowed:
Switch(config-if)# switchport trunk allowed vlan 10,20,30
Switch(config-if)# switchport trunk allowed vlan add 40
Switch(config-if)# switchport trunk allowed vlan remove 20Setting the Native VLAN
The native VLAN is the VLAN whose frames are not tagged on an 802.1Q trunk. By default, this is VLAN 1:
Switch(config-if)# switchport trunk native vlan 99Security Best Practice: Change the native VLAN from the default VLAN 1 to an unused VLAN to prevent VLAN hopping attacks.
Verification Commands
Use these commands to verify your trunk configuration:
Switch# show interfaces trunk
Switch# show interfaces gigabitethernet 0/1 switchport
Switch# show vlan briefExample: Complete Trunk Configuration
Here's a complete example configuring a trunk between two switches:
! Switch 1 Configuration
Switch1(config)# interface gigabitethernet 0/24
Switch1(config-if)# description Trunk to Switch2
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk native vlan 99
Switch1(config-if)# switchport trunk allowed vlan 10,20,30,99
Switch1(config-if)# no shutdown
! Switch 2 Configuration
Switch2(config)# interface gigabitethernet 0/24
Switch2(config-if)# description Trunk to Switch1
Switch2(config-if)# switchport mode trunk
Switch2(config-if)# switchport trunk native vlan 99
Switch2(config-if)# switchport trunk allowed vlan 10,20,30,99
Switch2(config-if)# no shutdownTroubleshooting Trunk Ports
Common issues with trunk configurations include:
- Native VLAN mismatch: Both ends of the trunk must have the same native VLAN
- Allowed VLAN mismatch: VLANs must be allowed on both ends of the trunk
- Encapsulation mismatch: Both switches must use the same trunking protocol
- DTP issues: Dynamic Trunking Protocol can sometimes cause negotiation problems
To disable DTP and force the port into trunk mode:
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport nonegotiateSummary
Trunk ports are essential for carrying multiple VLANs across switch links. The key points to remember are:
- Use
switchport mode trunkto configure a trunk port - 802.1Q is the standard trunking protocol
- Change the native VLAN from VLAN 1 for security
- Ensure both ends of the trunk have matching configuration
- Use verification commands to confirm proper operation