3.1 Layer 2
📘CCNP Encore (350-401-ENCORE-v1.1)
In a Layer 2 network, VLANs (Virtual LANs) are used to separate broadcast domains. When multiple VLANs need to communicate across switches, you need trunk links. Trunks allow multiple VLANs to traverse a single physical connection using 802.1Q encapsulation.
Sometimes, trunks don’t work as expected. Troubleshooting is key for passing the CCNP exam.
1. What is 802.1Q trunking?
- 802.1Q is a VLAN tagging standard.
- On a trunk link, 802.1Q adds a VLAN tag to the Ethernet frame so the receiving switch knows which VLAN it belongs to.
- Each trunk can carry multiple VLANs, unlike access ports that carry only one VLAN.
Key terms:
- Native VLAN: The VLAN that is not tagged on the trunk. Usually VLAN 1 by default.
- Tagged VLAN: VLANs that get the 802.1Q tag on the trunk.
2. Static vs. Dynamic Trunks
A. Static Trunking
- Configured manually using:
switchport mode trunk switchport trunk allowed vlan 10,20,30 switchport trunk native vlan 99 - Advantages: Predictable, more control.
- Disadvantages: Manual configuration required on each switch.
B. Dynamic Trunking
- Uses Dynamic Trunking Protocol (DTP).
- Two main DTP modes: ModeBehaviorautoWill become trunk if neighbor requests it (passive).desirableActively tries to form a trunk.
- If both ends match (one desirable and one auto, or both desirable), trunk forms automatically.
Note: Dynamic trunks can fail if DTP is disabled on either end.
3. Common Trunking Issues
A. Mismatched VLANs
- If VLANs allowed on the trunk don’t match, some VLAN traffic will be dropped.
- Check allowed VLANs:
show interfaces trunk
B. Native VLAN mismatch
- If the native VLAN differs on both ends, untagged traffic may be misinterpreted.
- Symptoms: VLAN traffic leaks, connectivity issues.
- Verify:
show running-config show interfaces trunk
C. Trunk negotiation failure
- DTP can fail due to:
- One side set to
accessmode. - DTP disabled.
- One side set to
- Use static trunking to avoid DTP issues.
D. Encapsulation mismatch
- Switches may support dot1q or isl (older Cisco proprietary).
- Both ends must match. Usually use 802.1Q.
switchport trunk encapsulation dot1q
switchport mode trunk
E. Port issues
- Trunk may fail if interface is administratively down:
show interfaces status - Or if speed/duplex mismatch exists.
4. Troubleshooting Commands
Key commands to verify trunking:
- Check trunk status
show interfaces trunk
- Shows which VLANs are allowed, active, and native VLAN.
- Check interface details
show running-config
- Verify
switchport mode, trunk encapsulation, and allowed VLANs.
- Check DTP negotiation
show dtp interface [interface-id]
- Shows DTP status and neighbor info.
- Check VLANs
show vlan brief
- Confirm VLANs exist on both ends of the trunk.
- Check interface operational status
show interfaces [interface-id] status
- Ensure interface is up/up.
5. Troubleshooting Steps
When a trunk is not working:
- Check physical connection
- Interface is up.
- Correct cables used.
- Verify trunk mode
switchport mode trunk(static)- Or correct DTP negotiation (dynamic)
- Verify encapsulation
- Ensure both ends use 802.1Q.
- Check allowed VLANs
show interfaces trunk- Add missing VLANs if required.
- Check native VLAN
- Ensure native VLAN is consistent.
- Check for errors
- Look for misconfigurations or mismatched settings.
6. Exam Tips
- Remember: Static trunking is more reliable for exam scenarios.
- Watch for mismatches:
- Native VLAN
- Allowed VLANs
- Encapsulation
- DTP negotiation
- Commands to memorize:
show interfaces trunkshow vlan briefshow running-configshow dtp interface [interface-id]show interfaces [interface-id] status
- Common DTP question: “Trunk not forming even though both sides are connected.”
- Check DTP mode (auto vs. desirable) and try static trunk if unsure.
✅ Summary
- 802.1Q trunks carry multiple VLANs.
- Static trunking is manual, reliable. Dynamic trunking uses DTP but can fail.
- Common issues: mismatched VLANs, native VLAN, encapsulation, port issues, DTP failures.
- Use
showcommands to verify trunk status and troubleshoot effectively.
