📘 CCNA 200-301 v1.1
2.2 Configure and verify interswitch connectivity
2.2.a Trunk Ports
1. What is a Trunk Port?
In a network with multiple VLANs, switches need a way to send traffic for all VLANs between each other.
A trunk port is a switch port that is configured to carry traffic for multiple VLANs across a single physical link.
- Access port = carries traffic for only one VLAN.
- Trunk port = carries traffic for multiple VLANs at the same time.
So, when two switches are connected and both have VLANs configured, the link between them must be a trunk link so that VLAN traffic can travel between switches properly.
2. Why Trunk Ports are Needed
Let’s say we have VLAN 10 (Sales), VLAN 20 (IT), and VLAN 30 (HR).
All these VLANs exist on Switch A and Switch B.
To make sure Sales VLAN traffic from Switch A reaches Sales VLAN on Switch B, the link between them must allow traffic from VLAN 10, 20, and 30 — not just one VLAN.
This is possible through a trunk port, which tags frames with VLAN information.
3. VLAN Tagging on Trunk Ports
When a switch sends frames over a trunk link, it must identify which VLAN each frame belongs to.
This process is called VLAN tagging.
a. Tagging Standards
There are two main trunking encapsulation methods:
| Encapsulation Type | Description |
|---|---|
| IEEE 802.1Q (dot1q) | The industry standard used on modern Cisco switches. Adds a VLAN tag in the Ethernet frame. |
| ISL (Inter-Switch Link) | Cisco proprietary method (older, now deprecated). Not used in modern networks. |
🟢 For CCNA exam: You only need to focus on 802.1Q (dot1q).
4. How 802.1Q Tagging Works
- The switch adds a 4-byte VLAN tag into the Ethernet frame header.
- The tag contains the VLAN ID (VID) (a number between 1 and 4094).
- The receiving switch reads the tag to know which VLAN the frame belongs to.
- When the frame reaches the destination access port, the tag is removed (untagged) before it’s sent to the end device.
Example:
If a frame belongs to VLAN 20:
- It travels between switches with a VLAN 20 tag.
- When it reaches an access port assigned to VLAN 20, the tag is removed, and the end device receives a normal Ethernet frame.
5. Native VLAN on a Trunk Port
The Native VLAN is a special VLAN on a trunk port that does not use tagging.
- By default, VLAN 1 is the native VLAN on Cisco switches.
- Frames belonging to the native VLAN are sent untagged over the trunk link.
- The receiving switch assumes untagged frames belong to its native VLAN.
⚠️ Important Notes:
- The native VLAN must match on both ends of the trunk link.
- A mismatch can cause connectivity issues or VLAN leaks (traffic from one VLAN appearing in another).
You can change the native VLAN:
Switch(config-if)# switchport trunk native vlan 99
6. Allowed VLANs on a Trunk
By default, a trunk carries all VLANs (1–4094), but you can limit which VLANs are allowed to pass.
Example:
Switch(config-if)# switchport trunk allowed vlan 10,20,30
This means only VLAN 10, 20, and 30 traffic will be transmitted on this trunk link.
7. Configuring a Trunk Port (Cisco IOS Commands)
Step 1: Enter interface configuration mode
Switch(config)# interface gigabitEthernet0/1
Step 2: Set the port to trunk mode
Switch(config-if)# switchport mode trunk
Step 3: (Optional) Specify the native VLAN
Switch(config-if)# switchport trunk native vlan 99
Step 4: (Optional) Allow specific VLANs
Switch(config-if)# switchport trunk allowed vlan 10,20,30
Step 5: (Optional) Verify the configuration
Switch# show interfaces trunk
This command displays:
- Which interfaces are in trunk mode
- Which VLANs are allowed
- Which VLAN is native
- The encapsulation type (dot1q)
8. Dynamic Trunking Protocol (DTP)
DTP is a Cisco protocol that automatically negotiates trunking between two connected switches.
DTP modes:
| Mode | Description | Forms Trunk With |
|---|---|---|
| trunk | Forces the port to always trunk | trunk, dynamic desirable |
| dynamic desirable | Actively tries to form a trunk | trunk, dynamic desirable, dynamic auto |
| dynamic auto | Passive mode; waits for the other side to request trunking | trunk, dynamic desirable |
| access | Forces the port to be access only | none |
✅ Best practice: Manually configure trunk ports (avoid auto negotiation).
To disable DTP on a port:
Switch(config-if)# switchport nonegotiate
9. Verifying Trunk Ports
a. Show interfaces trunk
Displays trunk ports, encapsulation, allowed VLANs, and native VLAN.
Switch# show interfaces trunk
b. Show interfaces switchport
Gives detailed info for a specific port (mode, VLANs, trunk status).
Switch# show interfaces gigabitEthernet0/1 switchport
c. Show vlan brief
Shows which VLANs exist and which ports are access or trunk.
Switch# show vlan brief
10. Troubleshooting Common Trunk Issues
| Problem | Cause | Solution |
|---|---|---|
| VLAN traffic not passing between switches | Trunk not configured | Configure switchport mode trunk |
| VLAN mismatch warning | Different native VLANs on both ends | Match native VLANs |
| Only one VLAN working | Allowed VLAN list restricted | Check switchport trunk allowed vlan |
| DTP not forming trunk | Mismatched DTP modes | Use switchport mode trunk on both ends or compatible modes |
11. Summary Table
| Feature | Access Port | Trunk Port |
|---|---|---|
| VLANs carried | One | Multiple |
| VLAN tagging | No | Yes (802.1Q) |
| Default VLAN | VLAN 1 | Native VLAN (default VLAN 1) |
| Used between | Switch and PC | Switch and Switch, or Switch and Router (Router-on-a-Stick) |
✅ Key Points to Remember for the CCNA Exam:
Understand DTP modes for trunk negotiation.
Trunk ports carry multiple VLANs across switches.
802.1Q is the tagging protocol used.
Native VLAN is untagged; must match on both ends.
Use switchport mode trunk to configure a trunk.
Verify using show interfaces trunk.
Control VLANs allowed on trunk with switchport trunk allowed vlan.
