Yesterday, we talked about how to logically separate physical networks at the interface level. The next question is how to get the logical VLANs to span beyond geographical locations and physical boundaries. The answer is trunk ports, which can carry traffic for multiple VLANs by using a special encapsulation method to hold the VLAN ID in a tag. The switchport mode trunk command puts the interface in permanent trunking mode.
interface GigabitEthernet1/1
switchport mode trunk
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
By default, all VLANs are allowed on the trunk. However, that does not mean all VLANs are active and forwarding on the interface. The VLANs must also exist in the VLAN database. SW1 has VLANs 1-10.
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-4094
Port Vlans allowed and active in management domain
Gi1/1 1-10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-10
What if you want to control the forwarding paths for specific VLANs? This is accomplished with the switchport trunk allowed vlan command. Say that only VLANs 1-5 should be able to use Gi1/1. Here's how to do it:
interface GigabitEthernet1/1
switchport trunk allowed vlan 1-5
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Trunking VLANs Enabled: 1-5
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-5
Port Vlans allowed and active in management domain
Gi1/1 1-5
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-5
The switchport trunk allowed vlan accepts the following keywords:
NOTE: Be very careful with the keywords. For example, if you want to allow a new VLAN on an operational trunk by using the add keyword but you forget to type it, you've now replaced the whole allowed VLAN list with that one VLAN. Let's see this on the command line.
1) What you meant to do.
interface GigabitEthernet1/1
switchport trunk allowed vlan add 42
SW1# show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-5,42
Port Vlans allowed and active in management domain
Gi1/1 1-5
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-5
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Trunking VLANs Enabled: 1-5,42
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
VLAN 42 is not created on the switch, which is why it's not active and forwarding but you can see it on the allowed VLAN list.
2) What you actually did.
interface GigabitEthernet1/1
switchport trunk allowed vlan 42
SW1# show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 42
Port Vlans allowed and active in management domain
Gi1/1 none
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 none
SW1# show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Trunking VLANs Enabled: 42
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Congratulations! You've potentially just stopped traffic for a whole production line or cut yourself off the device. (Yes, I've done this.)
Cisco documentation: switchport mode trunk and switchport trunk allowed vlan
interface GigabitEthernet1/1
switchport mode trunk
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
By default, all VLANs are allowed on the trunk. However, that does not mean all VLANs are active and forwarding on the interface. The VLANs must also exist in the VLAN database. SW1 has VLANs 1-10.
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-4094
Port Vlans allowed and active in management domain
Gi1/1 1-10
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-10
What if you want to control the forwarding paths for specific VLANs? This is accomplished with the switchport trunk allowed vlan command. Say that only VLANs 1-5 should be able to use Gi1/1. Here's how to do it:
interface GigabitEthernet1/1
switchport trunk allowed vlan 1-5
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Trunking VLANs Enabled: 1-5
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-5
Port Vlans allowed and active in management domain
Gi1/1 1-5
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-5
The switchport trunk allowed vlan accepts the following keywords:
- all --Specifies all VLANs from 1 to 4094.
- add --Adds the specified VLAN(s) to those currently set instead of replacing the list.
- remove --Removes the specified VLAN(s) from those currently set instead of replacing the list.
- except --Lists the VLANs that should not be allowed on the interface. The resulting allowed VLAN list will not have these VLANs listed.
- vlan list-- Is either a single VLAN number from 1 to 4094 or a continuous range of VLANs separated by a hyphen or a combination of them separated by commas.
NOTE: Be very careful with the keywords. For example, if you want to allow a new VLAN on an operational trunk by using the add keyword but you forget to type it, you've now replaced the whole allowed VLAN list with that one VLAN. Let's see this on the command line.
1) What you meant to do.
interface GigabitEthernet1/1
switchport trunk allowed vlan add 42
SW1# show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 1-5,42
Port Vlans allowed and active in management domain
Gi1/1 1-5
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 1-5
SW1#show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Trunking VLANs Enabled: 1-5,42
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
VLAN 42 is not created on the switch, which is why it's not active and forwarding but you can see it on the allowed VLAN list.
2) What you actually did.
interface GigabitEthernet1/1
switchport trunk allowed vlan 42
SW1# show interface trunk
Port Mode Encapsulation Status Native vlan
Gi1/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/1 42
Port Vlans allowed and active in management domain
Gi1/1 none
Port Vlans in spanning tree forwarding state and not pruned
Gi1/1 none
SW1# show interface gi1/1 switchport
Name: Gi1/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Trunking VLANs Enabled: 42
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Congratulations! You've potentially just stopped traffic for a whole production line or cut yourself off the device. (Yes, I've done this.)
Cisco documentation: switchport mode trunk and switchport trunk allowed vlan
Comments
Post a Comment