Cisco Cisco ios Cisco tips and tricks Dot1q Trunk in cisco,
Configuring 802.1Q Trunk Links in Cisco IOS
Posted by Anbu
Published on Saturday, February 16, 2013
Problem:
How to configure 802.1Q Trunk Links in Cisco IOS
Solution:
What is a trunk link?
A port in trunking mode can carry multiple vlans with two types of encapsulation, either ISL or 802.1Q.
Multiple vendors support 802.1Q, and that makes it my choice for a trunking protocol.
How does 802.1Q work?
It works by inserting a 4-byte tag in the original frame header, this contains the VLAN identification along with some other information.
Bits 16 3 1 12
TPID PRIORITY CFI VID
The TPID is the Tag Protocol Identifier, this should be set to 0×8100 for 802.1Q.
The PRIORITY is a 3-bit priority, ranges from 0 – 7.
The CFI is the Canonical Format Idicator, which means that it is used to identify if the MAC address is in canonical format or not, if it is set to 0 the address is in canonical format.
The tag is 4 bytes long, and with a 12-bit VLAN ID field, it can hold 2^12 = 4096 Vlans.
The switch will also recompute the FCS-field, since the frame is altered.
Configuration of a trunk link
Now, to configure a trunk link between two switches the following code should be suitable:
Switch(config)# interface GigabitEthernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit
Switch(config) vlan 500
The encapsulation will define the encapsulation of the trunk link to either ISL or 802.1Q.
The mode trunk will force the port into a trunking mode, where you can also choose dynamic to make switches negotiate the mode. I force all ports to their mode, always.
The vlan 500 command will create the vlan 500, this should automatically be trunked when configured on both sides.
Disallow some vlans:
Sometimes we don’t wanna make a mess and let some vlans over some trunk links.
Imagine spanning a customers vlan from US to Spain by accident, or worse..
Imagine delivering layer 2 connectivity between a set of location for a customer on different vlan ID’s, delivered on a trunk link. If you aren’t careful you can end up letting private vlan traffic leak between customers.
Switch(config)# interface Gig1/0/1
Switch(config-if)# switchport trunk allowed vlan 500
This will make sure that only vlan 500 is allowed over this trunk link, even if the other side tries to negotiate another vlan from you.
Pitfalls
Make sure to use the add statement if you are adding more vlans to a trunk link.
Switch(config-if)# switchport trunk allowed vlan add 200
Or else the configuration will overwrite the old vlans you might have configured on a link.
Verification
To verify your trunk links, you can for example do this:
Switch#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 500
Port Vlans allowed and active in management domain
Gi1/0/1 500
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 500
Here you can see that port Gi1/0/1 is trunking, and that vlan 500 is allowed and active over the trunk.
You can also use show vlan id;
Switch# show vlan id 500
VLAN Name Status Ports
—- ——————————– ——— ——————————-
500 VLAN500 active Gi1/0/1, Gi1/0/2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
500 enet 101545 1500 – – – – – 0 0
Remote SPAN VLAN
—————-
Disabled
Primary Secondary Type Ports
——- ——— —————– ——————————————
Switch#
Here you can see that vlan 500 is configured on the trunk link Gigabit ethernet 1/0/1 and also on 1/0/2.
That’s a little insight in 802.1Q trunking vlan links!
How to configure 802.1Q Trunk Links in Cisco IOS
Solution:
What is a trunk link?
A port in trunking mode can carry multiple vlans with two types of encapsulation, either ISL or 802.1Q.
Multiple vendors support 802.1Q, and that makes it my choice for a trunking protocol.
How does 802.1Q work?
It works by inserting a 4-byte tag in the original frame header, this contains the VLAN identification along with some other information.
Bits 16 3 1 12
TPID PRIORITY CFI VID
The TPID is the Tag Protocol Identifier, this should be set to 0×8100 for 802.1Q.
The PRIORITY is a 3-bit priority, ranges from 0 – 7.
The CFI is the Canonical Format Idicator, which means that it is used to identify if the MAC address is in canonical format or not, if it is set to 0 the address is in canonical format.
The tag is 4 bytes long, and with a 12-bit VLAN ID field, it can hold 2^12 = 4096 Vlans.
The switch will also recompute the FCS-field, since the frame is altered.
Configuration of a trunk link
Now, to configure a trunk link between two switches the following code should be suitable:
Switch(config)# interface GigabitEthernet1/0/1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# exit
Switch(config) vlan 500
The encapsulation will define the encapsulation of the trunk link to either ISL or 802.1Q.
The mode trunk will force the port into a trunking mode, where you can also choose dynamic to make switches negotiate the mode. I force all ports to their mode, always.
The vlan 500 command will create the vlan 500, this should automatically be trunked when configured on both sides.
Disallow some vlans:
Sometimes we don’t wanna make a mess and let some vlans over some trunk links.
Imagine spanning a customers vlan from US to Spain by accident, or worse..
Imagine delivering layer 2 connectivity between a set of location for a customer on different vlan ID’s, delivered on a trunk link. If you aren’t careful you can end up letting private vlan traffic leak between customers.
Switch(config)# interface Gig1/0/1
Switch(config-if)# switchport trunk allowed vlan 500
This will make sure that only vlan 500 is allowed over this trunk link, even if the other side tries to negotiate another vlan from you.
Pitfalls
Make sure to use the add statement if you are adding more vlans to a trunk link.
Switch(config-if)# switchport trunk allowed vlan add 200
Or else the configuration will overwrite the old vlans you might have configured on a link.
Verification
To verify your trunk links, you can for example do this:
Switch#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 500
Port Vlans allowed and active in management domain
Gi1/0/1 500
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 500
Here you can see that port Gi1/0/1 is trunking, and that vlan 500 is allowed and active over the trunk.
You can also use show vlan id;
Switch# show vlan id 500
VLAN Name Status Ports
—- ——————————– ——— ——————————-
500 VLAN500 active Gi1/0/1, Gi1/0/2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
500 enet 101545 1500 – – – – – 0 0
Remote SPAN VLAN
—————-
Disabled
Primary Secondary Type Ports
——- ——— —————– ——————————————
Switch#
Here you can see that vlan 500 is configured on the trunk link Gigabit ethernet 1/0/1 and also on 1/0/2.
That’s a little insight in 802.1Q trunking vlan links!
0 comments
Readers Comments