How to configure trunk on Cisco Catalyst Switch

Trunks are required to carry VLAN traffic from one switch to another. In this lesson I will demonstrate how to configure a trunk between Cisco Catalyst switches. Let me show you the topology that we’ll use:

two cisco switches

Above you see a topology with a computer connected to each switch. We’ll put the computers in the same VLAN and create a trunk between the two switches.


Let’s start by creating a VLAN:

SW1(config)#vlan 50
SW1(config-vlan)#name Computers
SW1(config-vlan)#exit
SW2(config)#vlan 50
SW2(config-vlan)#name Computers
SW2(config-vlan)#exit

And let’s put the interfaces connected to the computers in the correct VLAN:

SW1(config)#interface fa0/1
SW1(config-if)#switchport access vlan 50
SW2(config)#interface fa0/2
SW2(config-if)#switchport access vlan 50

The next step is to create a trunk between the two switches. Technically the interfaces between the two switches can also be in access mode right now because I only have a single VLAN.

SW1(config)#interface fa0/14
SW1(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
SW2(config)#interface fa0/14
SW2(config-if)#switchport mode trunk
Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.

I try to change the interface to trunk mode with the switchport mode trunk command. Depending on the switch model you might see the same error as me. If we want to change the interface to trunk mode we need to change the trunk encapsulation type. Let’s see what options we have:

SW1(config-if)#switchport trunk encapsulation ?
  dot1q      Interface uses only 802.1q trunking encapsulation when trunking
  isl        Interface uses only ISL trunking encapsulation when trunking
  negotiate  Device will negotiate trunking encapsulation with peer on interface

This is where you can choose between 802.1Q or ISL encapsulation. By default our switch will negotiate about the trunk encapsulation type.

SW1(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport trunk encapsulation dot1q

Let‟s change it to 802.1Q by using the switchport trunk encapsulation command.

SW1#show interfaces fa0/14 switchport
Name: Fa0/14
Switchport: Enabled
Administrative Mode: dynamic auto 
Operational Mode: static access 
Administrative Trunking Encapsulation: dot1q
SW2#show interfaces fa0/14 switchport
Name: Fa0/14
Switchport: Enabled
Administrative Mode: dynamic auto 
Operational Mode: static access 
Administrative Trunking Encapsulation: dot1q

As you can see the trunk encapsulation is now 802.1Q.

SW1(config)#interface fa0/14
SW1(config-if)#switchport mode trunk
SW2(config)#interface fa0/14
SW2(config-if)#switchport mode trunk

Now I can successfully change the switchport mode to trunk.

SW1#show interfaces fa0/14 switchport
Name: Fa0/14
Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
SW2#show interfaces fa0/14 switchport
Name: Fa0/14
Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q

We can confirm we have a trunk because the operational mode is “dot1q”.

Let’s try if H1 and H2 can reach each other:

C:\Documents and Settings\H1>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128
Reply from 192.168.1.2: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Excellent! H1 and H2 can reach each other! Does this mean we are
done? Not quite yet…there is more I want to show to you:

SW2#show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/10, Fa0/11, Fa0/12, Fa0/13
                                                Fa0/15, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
50   Computers                        active    Fa0/2

First of all, if we use the show vlan command we don’t see the Fa0/14 interface. This is completely normal because the show vlan command only shows interfaces in access mode and no trunk interfaces.

SW2#show interface fa0/14 trunk 
Port        Mode             Encapsulation  Status        Native vlan
Fa0/14      on               802.1q         trunking      1
Port        Vlans allowed on trunk
Fa0/14      1-4094
Port        Vlans allowed and active in management domain
Fa0/14      1,50
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/14      50

The show interface trunk command is very useful. You can see if an interface is in trunk mode, which trunk encapsulation protocol it is using (802.1Q or ISL) and what the native VLAN is. We can also see that VLAN 1 – 4094 are allowed on this trunk.

We can also see that currently only VLAN 1 (native VLAN) and VLAN 50 are active. Last but not least you can see something which VLANs are in the forwarding state for spanning-tree.

I want to show you one more thing about access and trunk interfaces:

SW2#show interface fa0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access

An interface can be in access mode or in trunk mode. The interface above is connected to H2 and you can see that the operational mode is “static access” which means it’s in access mode.

SW2#show interfaces fa0/14 switchport
Name: Fa0/14
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk

This is our trunk interface which is connected to SW1. You can see the operational mode is trunk mode.

SW2(config-if)#switchport mode ?
  access        Set trunking mode to ACCESS unconditionally
  dot1q-tunnel  set trunking mode to TUNNEL unconditionally
  dynamic       Set trunking mode to dynamically negotiate access or trunk 
  private-vlan  Set private-vlan mode
  trunk         Set trunking mode to TRUNK unconditionally

If I go to the interface configuration to change the switchport mode you can see I have more options than access or trunk mode. There is also a dynamic method. Don’t worry about the other options for now.

SW2(config-if)#switchport mode dynamic ?
  auto       Set trunking mode dynamic negotiation parameter to AUTO
  desirable  Set trunking mode dynamic negotiation parameter to DESIRABLE

We can choose between dynamic auto and dynamic desirable. Our switch will automatically find out if the interface should become an access or trunk port. So what’s the difference between dynamic auto and dynamic desirable? Let’s find out!

sw1-sw2

I’m going to play with the switchport mode on SW1 and SW2 and we’ll see what the result will be.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

540 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hi Rene

    Please can you advise what I can do, I am trying to create vlan 50 on this switch and keep getting following

    SW1(config)#vlan 50
    VTP VLAN configuration not allowed when device is not the primary server for vlan database.
    
    SW1#sh vtp status
    VTP Version : 3 (capable)
    VTP version running : 3
    VTP Domain Name : CCIE-domain
    VTP Pruning Mode : Disabled (Operationally Disabled)
    VTP Traps Generation : Disabled
    Device ID : aabb.cc00.0700
    
    Feature VLAN:
    --------------
    VTP Operating Mode : Server
    Number of existing VLANs : 8
    Number of existing e
    ... Continue reading in our forum

  2. Hi Mohamed,

    There are two trunking protocols, 802.1q and ISL. Some newer switches only support 802.1Q and in that case this command will be unavailable.

    It’s also possible that packet tracer doesn’t support it, it’s a simulator after all. It doesn’t matter too much though…when this command doesn’t work then the switch will use 802.1Q when you configure the interface as a trunk.

    Rene

  3. Thanks, I will give it a go, I have not done that. I was speaking to a guy in my office and he was explaining that, although I had added VLAN 50, at layer 2 level. I would still need to give the VLAN an address to allow layer 3 routing.

  4. I have got it to work with the suggestions made, the mistake I made was not entering int vlan 50 as I was entering vlan 50 on its own and then trying to add the ip address which fails.

48 more replies! Ask a question or join the discussion by visiting our Community Forum