Trunking Protocols
Trunks carry the traffic for multiple VLANs across a single physical link (multiplexing). Trunking is used to extend Layer 2 operations across an entire network, such as end-to-end VLANs. As data is switched across the trunk port or trunk link, it is tagged (or colored) by the egress switch trunk port, which allows the receiving switch to identify that it belongs to a particular VLAN. On the receiving switch ingress port, the tag is removed and the data is forwarded to the intended destination.
There are 2 trunking protocols that can be used within the Cisco switched environment;
- Inter-Switch Link (ISL) – Cisco proprietary trunking encapsulation
- IEEE 802.1Q – Industry standard trunking
ISL is no longer found on most switched networks now a days but it is still worth while to look at the makeup of a ISL encapsulation frame;
IEEE 802.1Q trunk links employ the tagging mechanism to carry frames for multiple VLANs, in which each frame is tagged to identify the VLAN to which the frame belongs. The IEEE 802.1Q/802.1p standard provides the following inherent architectural advantages over ISL;
- 802.1Q has smaller frame overhead than ISL. As a result, 802.1Q is more efficient than ISL, especially in the case of small frames. 802.1Q overhead is 4 bytes, whereas ISL is 30 bytes.
- 802.1Q is a widely supported industry-standard protocol.
- 802.1Q has the support for 802.1p fields for QoS.
EtherType(TPID) – Set to 0x8100 to specify that the 802.1Q tag follows- PRI – 3-bit 802.1p priority field
- CFI – Canonical Format Identifier, is always set to 0 for Ethernet switches and to 1 for
Token Ring-type networks. - VLAN ID – 12-bit VLAN field. Of the 4096 possible VLAN IDs, the maximum number of
possible VLAN configurations is 4094. A VLAN ID of 0 indicates priority frames, and value 4095 (FFF) is reserved. CFI, PRI, and VLAN ID are represented as Tag Control information (TCI) fields.
IEEE 802.1Q uses an internal tagging mechanism that modifies the original frame recalculates the CRC value for the entire frame with the tag, and inserts the new CRC value in a new FCS. ISL, in comparison, wraps the original frame and adds a second FCS that is built only on the header information but does not modify the original frame FCS. IEEE 802.1p redefined the three most significant bits in the 802.1Q tag to allow for prioritization of the Layer 2 frame. Baby giants are frames that are larger than the standard MTU of 1500 bytes but less than 2000 bytes.
Because ISL and 802.1Q tagged frames increase the MTU beyond 1500 bytes, switches consider both frames as baby giants. ISL-encapsulated packets over Ethernet have an MTU of 1548 bytes, whereas 802.1Q has an MTU of 1522 bytes.
To set you trunk interface to work under 802.1Q encapsulation, apply the following command under the interface;
Switch(config-if)#switchport trunk encapsulation dot1q
Native VLAN in 802.1Q Trunking
When configuring an 802.1Q trunk, a matching native VLAN must be defined on each end of the trunk link. A trunk link is inherently associated with tagging each frame with a VID. The purpose of the native VLAN is to enable frames that are not tagged with a VID to traverse the trunk link. If there is a native VLAN mismatch on an 802.1Q link, CDP issues a Native VLAN Mismatch error. In addition, if there is a native VLAN mismatch on either side of an 802.1Q link, Layer 2 loops might occur because VLAN1 STP bridge protocol data units (BPDU) are sent to the IEEE STP MAC address (0180.c200.0000) untagged.
The native VLAN is used by the switch to carry specific protocol traffic like Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAGP), and Dynamic Trunking Protocol (DTP) information.
The native VLAN can be changed at the interface level with the following command;
Switch(config-if)#switchport trunk native vlan 999
DTP (Dynamic Trunking Protocol)
Most Cisco switches today support a Cisco proprietary point-to-point protocol called Dynamic Trunking Protocol (DTP) on trunk ports to negotiate the trunking state. DTP negotiates the operational mode of directly connected switch ports to a trunk port and selects an appropriate trunking protocol. The two DTP modes that a switch port can use, depending on the platform;
- Dynamic Desirable – the port will actively attempt to become a trunk if the neighboring switch is set to dynamic desirable or dynamic auto mode.
- Dynamic Auto – the port will revert to being a trunk only if the neighboring switch is set to dynamic desirable mode, dynamic auto mode is a passive mode that waits for the other side to initiate trunk establishment.
The following are the modes in which both sides of the link must be in for a DTP trunk link to establish and not establish;
To turn off DTP on a switch port apply the following command under the interface commands;
Switch(config-if)#switchport nonegotiate
Also it is worth noting that even when you manually configure a port to trunking, the port will still send out DTP packets. This is so that if the port on the other end of the link in still set to DTP mode it will still establish the link as a trunk. You can find out if the port is still sending out DTP packets by running the following command;
Switch#show interfaces fastethernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On – As you can see this port is still sending DTP packets.
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
To verify DTP within your LAN running the following commands on your switches;
Switch#show dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
4 interfaces using DTP
Switch#show dtp interface fastethernet0/1
DTP information for FastEthernet0/1:
TOS/TAS/TNS: TRUNK/ON/TRUNK
TOT/TAT/TNT: 802.1Q/802.1Q/802.1Q
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): 7/RUNNING
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S6:TRUNK
# times multi & trunk 0
Enabled: yes
In STP: no
Statistics
———-
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches, 0 bad TLVs, 0 other
764 packets output (764 good)
764 native, 0 software encap isl, 0 isl hardware native
0 output errors
0 trunk timeouts
2 link ups, last link up on Mon Mar 01 1993, 00:00:22
1 link downs, last link down on Mon Mar 01 1993, 00:00:20
Trunking Modes and Methods
There are five different trunking modes supported by Cisco switches;
- Access – Puts the interface into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The interface becomes a nontrunk interface even if the neighbouring interface does not agree to the change.
- Trunk – Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link. The interface becomes a trunk interface even if the neighbouring interface does not agree to the change.
- Nonegotiation – Puts the interface into permanent trunking mode but prevents the interface from generating DTP frames. You must configure the neighbouring interface manually as a trunk interface to establish a trunk link. Use this mode when connecting to a device that does not support DTP.
- Dynamic Desirable – Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighbouring interface is set to trunk, desirable, or auto mode. This is the default mode for all Ethernet interfaces in Cisco IOS.
- Dynamic Auto – Makes the interface willing to convert the link to a trunk link. The interface becomes a trunk interface if the neighbouring interface is set to trunk or desirable mode.
VLAN Ranges and Mappings
ISL supports VLAN numbers in the range of 1 to 1005, whereas 802.1Q VLAN numbers are in the range of 1 to 4094. By default all VLANs, 1 to 4094, are permitted on a 802.1Q trunk link. Where as for ISL only VLANs 1 to 1005 are permitted on trunk links.
You can filter what VLANs are allowed to cross a trunk link by running the following interface commands;
This only allows VLANs 10 & 20 on the trunk
Switch(config-if)#switchport trunk allowed vlan add 10,20
This allows all VLANs expect for VLAN 30 on the trunk link
Switch(config-if)#switchport trunk allowed vlan remove 30
This allows all VLANs expect for VLANs 50 through to 60 on the trunk link
Switch(config-if)#switchport trunk allowed vlan except 50-60
This does not allow any VLANs to cross the trunk link
Switch(config-if)#switchport trunk allowed vlan none
Manual (Static) Trunk
The manual configuration of a trunk is performed by issuing the following interface command;
Switch(config-if)#switchport mode trunk
This command forces the port into a permanent (static) trunking mode.
Verifying Trunking
Displaying Port Information for Trunking;
Switch#show running-config interface 0/1
interface FastEthernet0/1
switchport mode dynamic desirable
switchport trunk encapsulation dot1q
end
Displaying Switchport Information for Trunking;
Switch# show interfaces FastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Enabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Displaying Trunk Information for a Particular Port;
Switch# show interfaces FastEthernet 0/1 trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 desirable n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-1005
Port Vlans allowed and active in management domain
Fa0/1 1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-1005
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-1005