VLAN trunking is the process of carrying multiple VLANs over a single physical link, allowing switches and routers to communicate across these segmented networks. - Trunking works by adding a special tag to Ethernet frames, which identifies the VLAN the frame belongs to. This enables switches to forward traffic to the correct logical network/VLAN while conserving cables and improving network efficiency and security. - 802.11Q Tags - Multiple VLANS, one cable, tags separating so routers/switches know where to forward - Allows same VLANS to exist on different switches - Essentially just a wrapper allowing multiple hosts to travel on the same line - When setting up a trunk link between two switches the best configuration is Trunk mode
![[Pasted image 20251010090722.png]]
Native VLAN -
A native VLAN is the default VLAN for trunk ports that carries untagged traffic, meaning frames without a VLAN tag are assigned to it. While VLANs use 802.1Q tagging to identify traffic, the native VLAN frames are sent without this tag. This functionality is primarily used to connect legacy devices that don’t support VLAN tagging, or for specialized network configurations, but can pose a security risk like VLAN hopping if not configured consistently across trunk links.
- When a switch receives and untagged frame on a trunk port, it places it in the native VLAN
- The default Native VLAN is 1, can be reassigned
- Typical traffic might be switch originated(CDP, SSH), pass-through devices(VOIP attached devices), and virtualized servers
DTP (Dynamic Trunking Protocol) -
Cisco proprietary protocol that automatically negotiates trunking. Default state for a switch.
5 Modes:
- Auto (doesn’t constantly sends packets, hopes it receives DTP packets to negotiate)
- Dynamic Desirable (constantly sends packets attempting to trunk)
- Trunk (only use these)
- Access (only use these)
- No negotiate
Can be a security risk, recommended to disable if not needed with switchport nonegoitate command.
DTP Truth Table
| Dynamic Auto | Dynamic Desirrable | Trunk | Access | |
|---|---|---|---|---|
| Dynamic Auto | Access | Trunk | Trunk | Access |
| Dynamic Desirable | Trunk | Trunk | Trunk | Access |
| Trunk | Trunk | Trunk | Trunk | Limited Connectivity |
| Access | Access | Access | Limited Connectivity | Access |
Lab Notes:
SW3 has no interface subcommands for these two interfaces. As a result, SW3, with a default setting of switchport trunk dynamic auto, responded to trunk auto-negotiation messages and formed a trunk with both SW1 and SW2.
Cisco 2960 switch ports by default operate as dynamic ports, meaning that they will attempt to negotiate trunking. If the negotiation process fails, the port acts as an access port. If the negotiation works, the interface acts as a trunk.