Trunk ports are switch ports configured to carry traffic for multiple VLANs simultaneously.
They use VLAN tagging protocols to identify which VLAN each frame belongs to, making them essential for inter-switch communications and connecting to routers or servers that need access to multiple VLANs.
Key Characteristics
Trunk ports have these defining features:
- Multiple VLAN support: Carry traffic for many VLANs on a single link
- VLAN tagging: Use 802.1Q or ISL protocols to tag frames
- Switch-to-switch connectivity: Primary method for connecting switches
- Native VLAN: One VLAN remains untagged for backward compatibility
How Trunk Ports Work
When a frame enters a trunk port, the switch reads the VLAN tag to determine which VLAN it belongs to. Frames are tagged with a 4-byte 802.1Q header containing the VLAN ID. The native VLAN (default VLAN 1) sends untagged traffic, while all other VLANs are tagged.
Configuration Examples
Basic Cisco Trunk Configuration
! Enter interface configuration mode
Switch(config)# interface GigabitEthernet0/1
! Set port to trunk mode
Switch(config-if)# switchport mode trunk
! Specify trunking protocol (802.1Q)
Switch(config-if)# switchport trunk encapsulation dot1q
! Set native VLAN (optional, default is VLAN 1)
Switch(config-if)# switchport trunk native vlan 99
! Allow specific VLANs only
Switch(config-if)# switchport trunk allowed vlan 10,20,30,40
! Exit and save
Switch(config-if)# end
Switch# write memory
Advanced Trunk Configuration
! Configure trunk with VLAN pruning
Switch(config)# interface GigabitEthernet0/2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q
! Allow VLANs 10-50 except 25
Switch(config-if)# switchport trunk allowed vlan 10-24,26-50
! Add VLANs to existing allowed list
Switch(config-if)# switchport trunk allowed vlan add 60,70
! Remove VLANs from allowed list
Switch(config-if)# switchport trunk allowed vlan remove 15
Verification Commands
! Show trunk status and VLANs
Switch# show interfaces trunk
! Detailed trunk information
Switch# show interfaces GigabitEthernet0/1 switchport
! Show native VLAN mismatches
Switch# show spanning-tree inconsistentports
Common Use Cases
Trunk ports are essential for:
- Inter-switch links: Connecting multiple switches in a network
- Router connections: Connecting to router subinterfaces for inter-VLAN routing
- Virtualization servers: Connecting ESXi or Hyper-V hosts needing multiple VLANs
- Wireless controllers: Distributing multiple SSIDs across VLANs
Best Practices
Always manually configure trunk ports rather than using DTP (Dynamic Trunking Protocol). Change the native VLAN from default VLAN 1 for security. Explicitly define allowed VLANs to reduce unnecessary broadcast traffic. Match native VLANs on both ends of trunk links to avoid connectivity issues.
Security Considerations
Disable DTP with switchport nonegotiate to prevent VLAN hopping attacks. Avoid using VLAN 1 as the native VLAN, and never allow all VLANs on trunks unnecessarily.
No comments:
Post a Comment