Creating VLANs and assigning interfaces to corresponding VLANs on switches logically separates the enterprise network into smaller independent networks (subnets). However, as simple as applying the solution is, it faces some major potential problems, especially in large networks.
When switches are configured with multiple VLANs, and each port is associated with only one VLAN (access mode), providing intra-VLAN communication requires a dedicated physical cable between switches for each VLAN.
As the number of VLANs increases, the number of interconnecting links required also increases. This results in many ports being used for inter-switch connectivity instead of connecting to endpoints.
As you can see in the image above, two physical cables are required on the switches for both VLANs, 10 and 20, because each interface (including the interfaces for connecting to the other switch) is configured in access mode and belongs to just a single VLAN.
Without a proper method in place, using many VLANs on switches would require the same number of interconnecting links between them, which can be inefficient and costly. The solution to this problem is an encapsulation that enables a single inter-switch communication port to function as a trunk.
Trunking With 802.1Q
Trunking is a method of carrying packets from multiple VLANs over a single physical link. It enables switches to communicate with each other when there are multiple VLANs by using a special trunking protocol, such as the standard 802.1Q or Cisco’s proprietary ISL (Inter-Switch Link).
By setting up trunk links between switches, multiple VLANs can be extended throughout the network, allowing them to communicate with each other even on different switches, resulting in more efficient use of network resources.
As you can see in the image above, instead of using several physical (access) links between the switches to exchange packets from the VLANs, now only one physical link configured as a trunk is enough to achieve the same goal.
By using trunking, network engineers can ensure that all users in the VLANs behind switches can communicate with each other while minimizing the number of physical links required.
VLAN Tagging
The trunking is possible by adding a 4-byte VLAN tag to each Ethernet frame, which includes information about the VLAN ID, priority, and other details. This tag defines what VLAN the frame belongs to, enabling switches to identify and forward frames to the correct VLAN.
When computers send frames, they do so in a standard format, as shown in the image above. However, when the switch receives such a frame, it tags it with the corresponding VLAN ID based on the VLAN to which the receiving interface belongs and forwards it to the trunk port connecting to the other switch.
The receiving switch accepts the frame and, based on the VLAN ID included in the tag, determines the destination VLAN. Then, it removes the tag and forwards the frame in a standard format to the destination host in the correct VLAN.
Important: Tagging is only used on the trunk link between the switches, while all other switch ports connecting to the endpoints are configured as access ports and do not use tags.
An 802.1Q trunk port has a single untagged VLAN, the native VLAN. By default, VLAN 1 is the native VLAN, and Ethernet frames in this VLAN are not appended with an additional 802.1Q tag.
Therefore, when the receiving switch receives an untagged Ethernet frame, it is identified as belonging to the native VLAN. All other VLANs are tagged with a VLAN ID. As a security measure, it is recommended to change the default native VLAN from VLAN 1 to a different one and not assign any access ports to it.
Note: The default native VLAN is VLAN 1, and both switches must be configured with the same native VLAN. Changing it on one side of the trunk link requires changing it on the other side. A native VLAN mismatch can result in the switches not being able to establish a trunk link to each other or being sent untagged to the wrong VLAN on the receiving switch.
Configuring a Trunk
Follow the steps below to configure a trunk port on a Cisco switch:
- Configure the interface as a trunk port using the command switchport mode trunk. This command sets the interface to trunk mode and allows it to carry traffic from multiple VLANs.
- Optionally, you can define the set of allowed VLANs on the trunk port using the command switchport trunk allowed vlan [vlans]. This command restricts the VLANs that are allowed to traverse the trunk port. You can specify a list of VLANs, a range of VLANs, or a combination of both.
- Optionally, you can change the native VLAN on the trunk port using the command switchport trunk native vlan [vlan-id]. By default, VLAN 1 is the native VLAN.
The following configuration shows the necessary commands that you need to enter on the switch to configure the FastEthernet 0/5 interface as a trunk, permit only VLANs 1, 2, and 3, and change the native VLAN to VLAN 50:
Several commands can be used to verify the trunk configuration, such as show interfaces [interface-id] switchport, show interfaces trunk, and show interface status.
The show interfaces [interface-id] switchport command provides the following output:
The show interfaces trunk command provides the following output:
Benefits of Trunking
Implementing 802.1Q trunking provides the following benefits:
- Simplifies network management: Using 802.1Q trunking reduces the number of physical links required between switches, which simplifies network management and reduces costs.
- Reduces VLAN misconfiguration: Enables switches to detect and configure VLAN information for connected devices automatically.
- Improves network performance: By separating traffic into different VLANs, network congestion can be reduced, resulting in improved network performance.