routeprotocol.com

Trunk Ports

Trunk ports can carry multiple VLANs across a single port. Trunk ports are typically used when uplinking a multiple number of VLANs togerther from one network hardware device to another such as a switch or router over a single port to port connection.

Switch ports on a Cisco Catalyst switch are configured with the command switchport mode trunk.

The command show interfaces trunk can provide a lot of information in several sections for connectivity troubleshooting between network devices.

The first section lists all interfaces that are trunk ports, their status and whether the port is part of an etherchannel (a group of ports bundled together as a single logical port).

The second section displays the VLANs that are permitted to travel across each of the trunk ports.

The third section displays the VLANs that are permitted to forward across the trunk and are not blocked by the spanning tree protocol or pruned by VTP.

On a trunk port there can be network which transmits across to the other device without a VLAN tag, this is known as the native VLAN. The default native VLAN on a trunk port is VLAN 1.

The native VLAN should be matched on both sides of the trunk, whilst it will operate it could cause hosts to transfer their traffic on to the wrong network and cause connectivity problems. CDP (Cisco Discovery Protocol) will generate a warning message if it picks up there is a native VLAN mismatch but it must be running on the port.

All switch control plane traffic is advertised using VLAN 1 between Cisco switches. Cisco security hardening guidelines recommend changing the native VLAN on switches to a VLAN that is not used by any hosts.

When switchport mode trunk is configured onto a switch port, by default all VLANs are permitted to transfer across the trunk.

The command switchport trunk allowed vlan can be used with the keywords:

  • add – Adds a VLAN to the existing list of permitted VLANs to transmit across the trunk
  • remove – Removes a VLAN to the existing list of permitted VLANs to transmit across the trunk
  • all – Permits all VLANs across the trunk
  • none – Permits no VLANs across the trunk

If any of the keywords above are not used, the port can be directly configured on what VLANs are acceptable.

switchport trunk allowed vlan 1,400,500

If the above command is used on a Cisco switch, it will delete any existing VLAN configuration on that port and only permit the specified VLANs 1, 400 and 500 to transmit across that port.

Posted

in

, ,

by

routeprotocol

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.