Switching Commands Cisco

Trunking

Configuring trunk links and Dynamic Trunking Protocol for carrying multiple VLANs over single connections

Configure trunk links to carry multiple VLANs between switches over a single physical connection.

Step 1: Configure the trunk interface

1
2
3
4
5
6

SW1>enable
SW1#configure terminal
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#description Trunk to SW2
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk encapsulation dot1q

Step 2: Set the native VLAN (optional) Configure which VLAN will carry untagged traffic. Default is VLAN 1, but best practice is to use a dedicated native VLAN.

1

SW1(config-if)#switchport trunk native vlan 99

Step 3: Specify allowed VLANs Control which VLANs can traverse the trunk link for security and performance optimization.

1
2
3

SW1(config-if)#switchport trunk allowed vlan 10,20,30,99
SW1(config-if)#no shutdown
SW1(config-if)#exit

Step 4: Configure DTP settings (optional) Disable Dynamic Trunking Protocol for security and to prevent unwanted trunk negotiation.

1
2
3
4

SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#switchport nonegotiate
SW1(config-if)#exit
SW1(config)#end

Step 5: Verify the trunk configuration

1
2
3

SW1#show interfaces trunk
SW1#show interfaces gigabitEthernet 0/1 switchport
SW1#show interfaces gigabitEthernet 0/1 trunk

Key Points:

  • Native VLAN must match on both ends of the trunk
  • Use switchport trunk allowed vlan add/remove X to modify VLAN list without retyping all VLANs
  • Status should show “trunking” in verification commands
  • Consider using a dedicated management VLAN as native VLAN instead of VLAN 1

Trunking Modes (Dynamic Desirable, etc)

Configure Dynamic Trunking Protocol (DTP) modes to control how switches negotiate trunk formation automatically.

Step 1: Configure Dynamic Desirable mode This mode actively attempts to negotiate a trunk with the connected device and will form a trunk if the other side is willing.

1
2
3
4
5
6
7

SW1>enable
SW1#configure terminal
SW1(config)#interface gigabitEthernet 0/1
SW1(config-if)#description Link to SW2 - Dynamic Desirable
SW1(config-if)#switchport mode dynamic desirable
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#exit

Step 2: Configure Dynamic Auto mode This mode will only form a trunk if the other device actively requests it. It’s passive and waits for negotiation.

1
2
3
4
5

SW1(config)#interface gigabitEthernet 0/2
SW1(config-if)#description Link to SW3 - Dynamic Auto
SW1(config-if)#switchport mode dynamic auto
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#exit

Step 3: Configure static trunk (no negotiation) Force the interface into trunk mode without any DTP negotiation for maximum security.

1
2
3
4
5
6

SW1(config)#interface gigabitEthernet 0/3
SW1(config-if)#description Static Trunk to SW4
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport nonegotiate
SW1(config-if)#exit

Step 4: Configure access mode (disable trunking) Explicitly set the port as an access port to prevent any trunk formation.

1
2
3
4
5
6

SW1(config)#interface gigabitEthernet 0/4
SW1(config-if)#description Access port - no trunking
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
SW1(config)#end

Step 5: Verify DTP configuration and status

1
2
3

SW1#show interfaces gigabitEthernet 0/1 switchport
SW1#show dtp interface gigabitEthernet 0/1
SW1#show interfaces trunk

Key Points:

  • Dynamic Desirable + Dynamic Auto = Trunk will form
  • Dynamic Auto + Dynamic Auto = Access ports (no trunk)
  • Use switchport nonegotiate with static trunk mode for security
  • DTP sends frames every 30 seconds on VLAN 1 by default
  • Best practice is to disable DTP (nonegotiate) on production networks